Yesterday the DHS NCCIC-ICS published eight control system
security advisories and updated five previously published advisories; all for
products from Siemens.
SIMATIC Panels Advisory
This advisory
describes two vulnerabilities in the Siemens SIMATIC HMI and WinCC. The
vulnerabilities were reported by Hosni Tounsi from Carthage Red Team. Siemens
has newer versions that mitigate the vulnerability. There is no indication that
Tounsi has been provided an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Path traversal - CVE-2018-13812;
and
• Open redirect - CVE-2018-13813
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit these vulnerabilities to allow download of arbitrary
files from the device, or allow URL redirections to untrusted websites.
SIMATIC IT Advisory
This advisory
describes an improper authentication vulnerability in the Siemens SIMATIC IT
Production Suite. The vulnerability is self-reported. Siemens has updated to
mitigate the vulnerability.
NCCIC-ICS reports that an uncharacterized attacker could
remotely exploit the vulnerability to allow an attacker to compromise
confidentiality, integrity and availability of the system.
SIMATIC Step 7 Advisory
This advisory
describes an unprotected storage of credential in the Siemens SIMATIC STEP 7
(TIA Portal). This vulnerability is self-reported. Siemens has updates
available that mitigate the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit the vulnerability to allow an
attacker to reconstruct passwords.
SIMATIC S7 Advisory
This advisory
describes a resource exhaustion vulnerability in the Siemens SIMATIC S7. The
vulnerability was reported by Younes Dragoni of Nozomi Networks. Siemens has a
new version for the S7-1500 that mitigates the vulnerability. There is no indication
that Dragoni was provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to cause a denial-of-service condition
that could result in a loss of availability of the affected device.
SCALANCE S Advisory
This advisory
describes a cross-site scripting vulnerability in the Siemens SCALANCE S
firewalls. The vulnerability was reported by Nelson Berg of Applied Risk.
Siemens has a new version that mitigates the vulnerability. There is no
indication that Berg has been provided an opportunity to verify the efficacy of
the fix.
NCCIC-ICS reports that an uncharacterized attacker using
social engineering could remotely exploit this vulnerability to allow arbitrary
script injection (XSS).
SIMATIC WinCC Advisory
This advisory
describes a code injection vulnerability in the Siemens SIMATIC Panels and
SIMATIC WinCC (TIA Portal). The vulnerability is self-reported. Siemens has
updates available for all but one of the affected devices.
NCCIC reports that a relatively low-skilled attacker with
network access could exploit the vulnerability to perform a HTTP header
injection attack.
S7-400 Advisory
This advisory
describes two improper input validation vulnerabilities in the Siemens S7-400
CPUs. The vulnerability was reported by CNCERT/CC. Siemens has provided specific
workarounds to mitigate the vulnerabilities.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to crash the device being accessed
which may require a manual reboot or firmware re-image to bring the system back
to normal operation.
IEC 61850 Advisory
This advisory
describes an improper access control vulnerability in the Siemens IEC 61850
system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and
SICAM SCC. The vulnerability is self-reported. Siemens has updates to mitigate
the vulnerability.
NCCIC-ICS reports that an uncharacterized attacker could
remotely exploit the vulnerability to exfiltrate limited data from the system
or execute code with operating system user permissions.
Industrial Products Update
This update
provides additional information on an advisory that was originally
published on May 9th, 2017 and updated on
June 15, 2017,on July
25th, 2017, on August
17th, 2017, on October
10th, on November
14th, November
28th, February
27th, 2018, May
3rd, 2018 May
15th, 2018, September
11th, 2018 and most recently on October
9th, 2018. The update provides new affected version and
mitigation information for:
• SINAMICS S120;
• PN/PN Coupler;
• SIMATIC ET200 SP;
• SIMATIC S7-400 V; and
• SIMOCODE pro V PROFINET
SCALANCE Update
This update
provides additional information on an advisory that was originally
published on November 14th, 2017 and updated on December
5th, 2017, December
19th, 2017, January
25th, 2018 and again on April
24th, 2018. The update changed the update information for
SCALANCE W-700 (IEEE 802.11n).
PROFINET Update
This update
provides additional information on an advisory that was originally
published on May 9th, 2017 and updated on
June 15, 2017,on July
25th, 2017, on August
17th, 2017, on October
10th, on November
14th, November
28th, 2017, January
18th, 2018, January
25th, 2018, January
27th, 2018, March
6th, 2018 and most recently on May
3rd, 2018. The update provides new affected version and
mitigation information for:
• SINAMICS S120;
• SIMATIC ET 200SP (except IM155-6 PN
ST); and
• SIMATIC Panels
OpenSSL Update
This update
provides additional information on an advisory that was originally
published on August 14th, 2018 and updated on September
11th, 2018 and again on October
9th, 2018. The update provides new affected version and mitigation
information for:
• SIMATIC HMI WinCC Flexible; and
• SIMATIC IPC DiagMonitor
SIMATIC S7 Update
This update provides
additional information on an advisory that was originally
published on March 29th, 2018 and updated on April
24th, 2018, and again on June
12th, 2018. The update provides new affected version and
migitagion information for:
• SIMATIC BATCH V8.2;
• OpenPCS 7 V8.2; and
• SIMATIC Route Control V8.2
NOTE: I will address the other four updates that Siemens
published on Saturday.
Posts
No comments:
Post a Comment