Saturday, June 2, 2018

Public ICS Disclosure – Week of 5-26-18


This week we have a vendor update of a previously released advisory, a coordinated disclosure of multiple vulnerabilities in a medical device, and an exploit for a previously disclosed vulnerability. In passing, there was a new advisory from Schneider (U.Motion Builder) that was released on Thursday that may yet be reported by ICS-CERT.

Spectre Update


This week Siemens updated their advisory on the Spectre vulnerabilities in Industrial Products to add mitigation measures for:

• RUGGEDCOM APE;
• RUGGEDCOM VPE1400;
• SINEMA Remote Connect;
• SIMATIC S7-1518-4 PN/DP ODK;
• SIMATIC S7-1518F-4 PN/DP ODK; and
SIMATIC HMI Panels

ICS-CERT does not update their multi-vendor advisories to reflect vendor updates as the links provided generally point to the new information. From an ICS-CERT administrative point of view, this makes a certain amount of sense.

Siemens also updated their general Spectre advisory to reflect information on the next generation Spectre. It will be sometime yet before the Spectre NG will be reflected in the product specific advisories as we are still waiting on the chip-level mitigations to be produced.

Medical Device Disclosure


This week Talos published three reports (here, here and here) of vulnerabilities in the  Natus Xltek NeuroWorks software; these are coordinated disclosures. The three reported vulnerabilities are:

• Invalid key entry denial of service - CVE-2017-2860;
• Deserialization denial of service - CVE-2017-2852; and
• Traversal denial of service - CVE-2017-2858

NOTE: These have not been reported on the FDA Medical Device Safety Communications page.

Siemens Exploit


This week we have another exploit report from t4rkd3vilz on Exploit-DB.com. This one is for a Siemens SIMATIC S7-300 that was originally reported in 2015. While ICS-CERT will note if a publicly available exploit exists at the time of publication of their advisories, they do not generally provide updates that report new exploits.

No comments:

 
/* Use this with templates/template-twocol.html */