Yesterday the DHS ICS-CERT published four control system
security advisories for products from ABB and Schneider (3). They also published
on medical device security advisory for products from Qualcomm Life.
The ABB vulnerability was previously discussed here
two weeks ago. Two of the Schneider vulnerabilities were discussed here
last weekend.
ABB Advisory
This advisory
describes an improper authentication vulnerability in the ABB eSOMS electronic
shift operations management system. The vulnerability is self-reported (the ABB
security advisory
notes that they “received information about this vulnerability through
responsible disclosure” but did not name the researcher). ABB will publish a
new version on September 28th that will mitigate the vulnerability.
ICS-CERT reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to gain access to the application
without authentication.
Note: The ICS-CERT link to the ABB security advisory does
not work, use the link above.
PowerLogic Advisory
This advisory
describes a cross-site scripting vulnerability in the Schneider PowerLogic
PM5560 power management system. The vulnerability was reported by Ezequiel
Fernandez and Bertin Jose. Schneider has a new version that mitigates the
vulnerability. There is no indication that the researchers have been provided
an opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to allow user input to be
manipulated, allowing for remote code execution.
Modicon 221 Advisory (1)
This advisory
describes an improper check for unusual or exceptional conditions vulnerability
in the Schneider Modicon 221 PLCs. The vulnerability was reported by Yehonatan Kfir
of Radiflow. A new firmware version mitigates the vulnerability. There is no indication
that Kfir has been provided an opportunity to verify the efficacy of the fix.
ICS-CERT reports that an uncharacterized attacker could
remotely exploit this vulnerability to remotely reboot the device.
Modicon 221 Advisory (2)
This advisory
describes three vulnerabilities in the Schneider Modicon 221 PLCs. The
vulnerabilities were reported by Irfan Ahmed, Hyunguk Yoo, Sushma Kalle, and
Nehal Ameen of the University of New Orleans. A new firmware version mitigates
the vulnerability. There is no indication that researchers have been provided
an opportunity to verify the efficacy of the fix.
The three reported vulnerabilities are:
• Information management errors - CVE-2018-7790;
and
• Permissions, privileges and access controls (2) - CVE-2018-7791
and CVE-2018-7792
ICS-CERT reports that an uncharacterized attacker could
remotely exploit the vulnerabilities to replay authentication sequences,
overwrite passwords, or decode passwords.
Qualcomm Advisory
This advisory
describes a code weakness vulnerability in the Qualcomm Life Capsule Datacaptor
Terminal Server (DTS). The vulnerability was reported by Elad Luz of CyberMDX. A
new firmware update mitigates the vulnerability in one of the affected products
and work arounds have been identified for the remaining products. There is no
indication that Luz has been provided an opportunity to verify the efficacy of
the fix.
ICS-CERT reports that a relatively low-skilled attacker could
remotely exploit the vulnerability to
execute unauthorized code to obtain administrator-level privileges on the
device.
Posts
No comments:
Post a Comment