ICS-CERT Publishes 2 Advisories and Updates 3 Siemens Advisories

Yesterday the DHS ICS-CERT published two control system security advisories for products from Siemens and Schneider. It also updated three control system security advisories for products from Siemens.

BTW: I discussed the Schneider advisory Saturday.

Siemens Advisory

This advisory describes two cross-site scripting vulnerabilities in the Siemens SCALANCE X switches. The vulnerabilities were reported by Marius Rothenbücher and Ali Abbas. Siemens has provided updates that mitigate the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a highly-skilled attacker could remotely exploit the vulnerability to to store script code on the website and execute cross-site scripting (XSS), affecting the website’s confidentiality, integrity, and availability. The Siemens advisory notes that one of the vulnerabilities requires the attacker to log into the web application, but the other can be exploited via a social engineering attack.

Schneider Advisory

This advisory describes four vulnerabilities in the Schneider U.motion Builder. The vulnerabilities were reported by Wei Gao of Ixia and bigric3@360A-TEAM. Schneider has a firmware patch that mitigates the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The four reported vulnerabilities are:

• Stack-based buffer overflow - CVE-2018-7784;

• OS command injection - CVE-2018-7785;

• Cross-site scripting - CVE-2018-7786; and

• Improper input validation - CVE-2018-7787

ICS-CERT reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to allow for remote code execution.

SIMATIC Update

This update provides new information on an advisory that was originally published on February 14^th, 2017 and updated on June 15^th, on July 6^th and again on November 31^st, 2018. The update corrects the version affected data for PCS 7.

SIMATIC PCS7 Update

This update provides new information on an advisory that was originally published on November 2^nd, 2018. The update corrects the affected version data for PCS 7 v8.2 and provides information about the update available to mitigate the vulnerability.

SIMATIC WinCC Update

This update provides new information on an advisory that was originally published on March 29^th, 2018 and updated on April 24^th, 2018. The update corrects the affected version data for PCS 7 v8.2 and provides information about the update available to mitigate the vulnerability. In both this and the previous update, the new service pack for PCS 7 v8.2 is available from ‘local support’.

NOTE: Siemens announced a total of 5 new advisories and 5 updates yesterday. I expect that we will see the remainder Thursday.