Wednesday, November 14, 2018

8 Advisories and 5 Updates (all Siemens) Published


Yesterday the DHS NCCIC-ICS published eight control system security advisories and updated five previously published advisories; all for products from Siemens.

SIMATIC Panels Advisory


This advisory describes two vulnerabilities in the Siemens SIMATIC HMI and WinCC. The vulnerabilities were reported by Hosni Tounsi from Carthage Red Team. Siemens has newer versions that mitigate the vulnerability. There is no indication that Tounsi has been provided an opportunity to verify the efficacy of the fix.

The two reported vulnerabilities are:

• Path traversal - CVE-2018-13812; and
Open redirect - CVE-2018-13813

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to allow download of arbitrary files from the device, or allow URL redirections to untrusted websites.

SIMATIC IT Advisory


This advisory describes an improper authentication vulnerability in the Siemens SIMATIC IT Production Suite. The vulnerability is self-reported. Siemens has updated to mitigate the vulnerability.

NCCIC-ICS reports that an uncharacterized attacker could remotely exploit the vulnerability to allow an attacker to compromise confidentiality, integrity and availability of the system.

SIMATIC Step 7 Advisory


This advisory describes an unprotected storage of credential in the Siemens SIMATIC STEP 7 (TIA Portal). This vulnerability is self-reported. Siemens has updates available that mitigate the vulnerability.

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerability to allow an attacker to reconstruct passwords.

SIMATIC S7 Advisory


This advisory describes a resource exhaustion vulnerability in the Siemens SIMATIC S7. The vulnerability was reported by Younes Dragoni of Nozomi Networks. Siemens has a new version for the S7-1500 that mitigates the vulnerability. There is no indication that Dragoni was provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to cause a denial-of-service condition that could result in a loss of availability of the affected device.

SCALANCE S Advisory


This advisory describes a cross-site scripting vulnerability in the Siemens SCALANCE S firewalls. The vulnerability was reported by Nelson Berg of Applied Risk. Siemens has a new version that mitigates the vulnerability. There is no indication that Berg has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that an uncharacterized attacker using social engineering could remotely exploit this vulnerability to allow arbitrary script injection (XSS).

SIMATIC WinCC Advisory


This advisory describes a code injection vulnerability in the Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal). The vulnerability is self-reported. Siemens has updates available for all but one of the affected devices.

NCCIC reports that a relatively low-skilled attacker with network access could exploit the vulnerability to perform a HTTP header injection attack.

S7-400 Advisory


This advisory describes two improper input validation vulnerabilities in the Siemens S7-400 CPUs. The vulnerability was reported by CNCERT/CC. Siemens has provided specific workarounds to mitigate the vulnerabilities.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to crash the device being accessed which may require a manual reboot or firmware re-image to bring the system back to normal operation.

IEC 61850 Advisory


This advisory describes an improper access control vulnerability in the Siemens IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC. The vulnerability is self-reported. Siemens has updates to mitigate the vulnerability.

NCCIC-ICS reports that an uncharacterized attacker could remotely exploit the vulnerability to exfiltrate limited data from the system or execute code with operating system user permissions.

Industrial Products Update


This update provides additional information on an advisory that was originally published on May 9th, 2017 and updated on June 15, 2017,on July 25th, 2017, on August 17th, 2017, on October 10th, on November 14th, November 28th, February 27th, 2018, May 3rd, 2018 May 15th, 2018, September 11th, 2018 and most recently on October 9th, 2018. The update provides new affected version and mitigation information for:

• SINAMICS S120;
• PN/PN Coupler;
• SIMATIC ET200 SP;
• SIMATIC S7-400 V; and
• SIMOCODE pro V PROFINET

SCALANCE Update


This update provides additional information on an advisory that was originally published on November 14th, 2017 and updated on December 5th, 2017, December 19th, 2017, January 25th, 2018 and again on April 24th, 2018. The update changed the update information for SCALANCE W-700 (IEEE 802.11n).

PROFINET Update


This update provides additional information on an advisory that was originally published on May 9th, 2017 and updated on June 15, 2017,on July 25th, 2017, on August 17th, 2017, on October 10th, on November 14th,  November 28th, 2017January 18th, 2018, January 25th, 2018, January 27th, 2018, March 6th, 2018 and most recently on May 3rd, 2018. The update provides new affected version and mitigation information for:

• SINAMICS S120;
• SIMATIC ET 200SP (except IM155-6 PN ST); and
• SIMATIC Panels

OpenSSL Update


This update provides additional information on an advisory that was originally published on August 14th, 2018 and updated on September 11th, 2018 and again on October 9th, 2018. The update provides new affected version and mitigation information for:

• SIMATIC HMI WinCC Flexible; and
• SIMATIC IPC DiagMonitor

SIMATIC S7 Update


This update provides additional information on an advisory that was originally published on March 29th, 2018 and updated on April 24th, 2018, and again on June 12th, 2018. The update provides new affected version and migitagion information for:

• SIMATIC BATCH V8.2;
• OpenPCS 7 V8.2; and
• SIMATIC Route Control V8.2

NOTE: I will address the other four updates that Siemens published on Saturday.

No comments:

 
/* Use this with templates/template-twocol.html */