Yesterday the DHS NCCIC-ICS published seven control system
security advisories for products from Fuji Electric, Hangzhou Xiongmai
Technology Co, Siemens (4) and GE. They also updated seven previously issued
advisories for products from Siemens.
Fuji Advisory
This
advisory
describes an uncontrolled search path element advisory in the Fuji Electric
Energy Savings Estimator. The vulnerability was reported by Karn Ganeshen. Fuji
has released an update that mitigates the vulnerability. There is no indication
that Ganeshen has been provided an opportunity to verify the efficacy of the
fix.
NCCIC-ICS reports that an uncharacterized attacker with
uncharacterized access could exploit this vulnerability to allow an attacker to
load a malicious DLL and execute code on the affected system with the same
privileges as the application that loaded the malicious DLL.
Hangzhou Advisory
This
advisory describes
three vulnerabilities in the Hangzhou XMeye P2P Cloud Server. The
vulnerabilities were reported by Stefan Viehböck of SEC Consult Vulnerability
Lab. Hangzhou has not provided mitigations for these vulnerabilities.
The three reported vulnerabilities are:
• Predictable from observable state
- CVE-2018-17917;
• Hidden functionality - CVE-2018-17919;
and
• Missing encryption of sensitive data - CVE-2018-17915
NCCIC-ICS reports that a relatively low-skilled attacker
with remote access could use a publicly available exploit to exploit these
vulnerabilities to allow unauthorized access to video feeds with the potential
to modify settings, replace firmware, and/or execute code.
SIMATIC S7-1500 Advisory
This
advisory
describes an improper input validation vulnerability in the Siemens SIMATIC
S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open
Controller. The vulnerability was reported by Marcin Dudek, Jacek Gajewski,
Kinga Staszkiewicz, Jakub Suchorab, and Joanna Walkiewicz from National Centre
for Nuclear Research Poland. Siemens has updates to mitigate the vulnerability.
There is no indication that the researchers have been provided an opportunity
to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to cause a denial-of-service
condition on the network stack.
SIMATIC S7-1200 Advisory
This
advisory
describes a cross-site request forgery vulnerability in the Siemens SIMATIC
S7-1200 CPU Family Version 4. The vulnerability was reported by Lisa Fournet
and Marl Joos from P3 communications GmbH. Siemens has a firmware update that
mitigates the vulnerability. There is no indication that the researchers have
been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that an uncharacterized attacker could
remotely exploit the vulnerability to allow a CSRF attack if an unsuspecting
user is tricked into accessing a malicious link.
ROX II Advisory
This
advisory
describes two improper privilege management vulnerabilities in the Siemens ROX
II. The vulnerabilities were reported by Gerard Harney from NCC Group (reported
in
Siemens
advisory not NCCIC-ICS). Siemens has a new version that mitigates the vulnerabilities.
There is no indication that Harney has been provided an opportunity to verify
the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerabilities to allow valid users to escalate
their privileges and execute arbitrary commands.
SCALANCE Advisory
This
advisory
describes a cryptographic issues vulnerability in the Siemens SCALANCE W1750D.
The vulnerability is fully described on the Return of Bleichenbacher's Oracle
Threat (
ROBOT) web site. Siemens is
self-reporting the vulnerability. Siemens has a firmware update that mitigates
the vulnerability.
NCCIC-ICS reports that an uncharacterized attacker could
remotely exploit this vulnerability using publicly available exploits to allow
an attacker to decrypt TLS traffic.
NOTE: I suspect that other ICS devices using TLS services
could face similar TLS ROBOT problems. Too bad NCCIC-ICS has not done an alert
on this issue. Then again, does NCCIC-ICS do alerts?
GE Advisory
This
advisory
describes an unsafe ActiveX control marked safe for scripting vulnerability in
the GE Gigasoft component of iFix. The vulnerability was reported by LiMingzheng
of 360 aegis security team. Recent versions of iFIX mitigate the vulnerability.
There is no indication that LiMingzheg has been provided an opportunity to
verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to cause a buffer overflow condition.
Industrial Products Update
This
update
provides additional information on an advisory that was that
originally
published on May 9
th, 2017 and
updated on
June 15, 2017,on
July
25th, 2017, on
August
17th, 2017, on
October
10th, on
November
14th,
November
28th,
February
27th, 2018,
May
3rd, 2018 May
15th, 2018, , and most recently on
September
11th, 2018. The new information includes revised affected
versions data and mitigation measures for SIMATIC S7-1200 CPU.
SIMATIC Update
This
update
provides additional information on an advisory that was
originally
published on March 20
th, 2018. The new information includes
revised affected versions data and mitigation measures for SINUMERIK 828D.
SIMATIC PCS7 Update
This
update
provides additional information on an advisory that was This
update
provides new information on an advisory that was
originally
published on November 2
nd, 2018 and updated on
June
12th, 2018. The new information includes revised affected
versions data and mitigation measures for:
• OpenPCS 7 V8.1; and
• SIMATIC WinCC Runtime
Professional V13
SIMATIC WinCC Update
This
update
provides additional information on an advisory that was
originally
published on April 19
th, 2018. The new information includes
revised affected versions data and mitigation measures for WinCC OA Operatopr
App.
SINAMICS Update
This
update
provides additional information on an advisory that was
originally
published on May 8
th, 2018. The new information includes revised
affected versions data and mitigation measures for SINAMICS GM150 V4.7 w.
PROFINET.
SIMATIC Step7 Update
This
update
provides additional information on an advisory that was
originally
published on August 14
th, 2018. The new information includes
revised affected versions data and mitigation measures for:
• SIMATIC STEP 7 (TIA Portal); and
• WinCC (TIA Portal) V13
OpenSSL Update
This
update
provides additional information on an advisory that was
originally
published on August 14
th, 2018 and updated on
September
11th, 2018. The new information includes revised affected
versions data and mitigation measures for:
• SIMATIC S7-1200 CPU;
• SIMATIC STEP 7 (TIA Portal) V13;
and
• SIMATIC WinCC (TIA Portal) V13