ICS-CERT Publishes 4 Advisories

Today the DHS ICS-CERT published three control system security advisories for products from Siemens and one medical device security advisory for products from Philips. The three Siemens advisories were briefly discussed here over the weekend.

Automation License Manager Advisory

This advisory describes two vulnerabilities in the Siemens Automation License Manager. The vulnerabilities were reported by Vladimir Dashchenko from Kaspersky Lab. Siemens has updates available to mitigate the vulnerability. There is no indication that Dashchenko was provided an opportunity to verify the efficacy of the fix.

The two reported vulnerabilities are:

• Relative path traversal - CVE-2018-11455; and

• Improper input validation - CVE-2018-11456

ICS-CERT reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow remote code execution or allow an attacker to determine port status on another remote system.

OpenSSL Advisory

This advisory describes a cleartext transmission of sensitive information vulnerability in the Siemens Industrial Products. The vulnerability is being self-reported by Siemens. Siemens has updates for some of the affected products and continues to work on the remainder.

ICS-CERT reports that an uncharacterized attacker could remotely exploit this vulnerability to result in unencrypted data being transmitted by the SSL/TLS record layer.

SIMATIC Advisory

This advisory describes two incorrect default permissions vulnerabilities in the Siemens SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal). The vulnerabilities were reported by Younes Dragoni from Nozomi Network. Siemens has updates that mitigate the vulnerabilities. There is no indication that Dragoni has been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low-skilled attacker with local access could exploit the vulnerability to manipulate files and cause a denial-of-service-condition, or execute code both on the manipulated installation as well as devices configured using the manipulated installation.

Philips Advisory

This advisory describes two vulnerabilities in the Philips Philips’ IntelliSpace Cardiovascular (ISCV)/Xcelera server products. Philips identified the problem due to a customer complaint. Philips has produced a work around pending publication of an updated version.

The two reported vulnerabilities are

• Improper privilege management - CVE-2018-14787; and

• Unquoted search path or element - CVE-2018-14789

ICS-CERT reports that a relatively low-skilled attacker with local access and users privileges to the ISCV/Xcelera server to escalate privileges on the ISCV/Xcelera server and execute arbitrary code.