Saturday, September 8, 2018

Public ICS Disclosure – Week of 09-01-18

This week we have a vendor vulnerability disclosure (with related exploit) for products from KONE, two medical device exploits (possible 0-day) for products from Softneta, and an ICS communications exploit (possible 0-day) for products from Endress+Hauser.

KONE Advisory and Exploit

KONE published an advisory for their Group Controller (KGC) computer for elevators. The advisory describes four vulnerabilities. The vulnerabilities were reported by Sebastian Neuner who has published proof of concept exploits for the vulnerabilities. KONE has a new software version that mitigates the vulnerabilities. There is no indication that Neuner has been provided an opportunity to verify the efficacy of the fixes.

The four reported vulnerabilities are:

• Unauthenticated remote code execution - CVE-2018-15484;
• Unauthenticated local file inclusion/modification - CVE-2018-15486;
• FTP without authentication and authorization- CVE-2018-15485; and
Denial of service - CVE-2018-15483

KONE reports that successful exploits of these vulnerabilities will not affect the safe operation of the connected elevators but may result in a denial of service.

Softneta Exploits

Carlos Avila published exploits for two vulnerabilities (here and here) for the Softneta MedDream picture archiving and communication system (PACS) server. No CVE has been provided and there are no security advisories on the MedDream web site so these may be 0-day vulnerabilities.

The two vulnerabilities are:

• Directory traversal; and
• SQL injection

Endress+Hauser Exploit

Hamit CİBO published an exploit for a directory traversal vulnerability in the Endress+Hauser WirelessHART Fieldgate SWG70. There is no CVE listed and there are no security advisories on the Endress+Hauser web site so this could be a 0-day vulnerability. It does appear that CİBO previously published a similar exploit in June of this year.

No comments:

/* Use this with templates/template-twocol.html */