Yesterday the DHS NCCIC-ICS published four new control
system security advisories for products from Fr. Sauter, Circontrol, Schneider
Electric, AVEVA. They also updated a previously published advisory for products
from Rockwell.
Sauter Advisory
This advisory
describes an improper restriction of XML external entity reference in the
Sauter CASE Suite application. The vulnerability was reported by Gjoko Krstic
of Applied Risk. Sauter has an update that mitigates the vulnerability. There
is no indication that Krstic has been provided an opportunity to verify the efficacy
of the fix.
NCCIC-ICS reports that a relatively low skilled attacker
could remotely exploit the vulnerability to allow an attacker to remotely
retrieve unauthorized files from the system.
Circontrol Advisory
This advisory
describes two vulnerabilities in the Circontrol CirCarLife electric vehicle
charging station. The vulnerabilities were reported by Ankit Anubhav of NewSky
Security, M. Can Kurnaz Senior Consultant at KPMG Netherlands, Alim Solmaz
Security Consultant at Atos, Michael John Chief Information Security Officer at
WePower Network, and Gyorgy Miru Security Researcher at Verint. Circontrol has
a new version that mitigates the vulnerability. There is no indication that any
of the researchers have been provided an opportunity to verify the efficacy of
the fix.
The two reported vulnerabilities are:
• Authentication bypass using an
alternate path or channel - CVE-2018-17918; and
• Insufficiently protected credentials - CVE-2018-17922
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerabilities to allow a remote attacker to retrieve
credentials stored in clear text to bypass authentication, and see and access
critical information.
Schneider Advisory
This advisory
describes a DLL hijacking vulnerability in the Schneider Software Update (SESU)
installed with a wide variety of Schneider products. The vulnerability was
reported by Haojun Hou of ADLab of Venustech. Schneider has an update that
mitigates the vulnerability. There is no indication hat Haojun has been
provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit the vulnerability to allow an
attacker to execute arbitrary code on the target system.
NOTE: I had previously
discussed this vulnerability last weekend.
AVEVA Advisory
This advisory
describes two vulnerabilities in the AVEVA InduSoft Web Studio and InTouch Edge
HMI. These vulnerabilities were reported by Tenable. AVEVA has new versions
that mitigate the vulnerabilities. There is no indication that Tenable was
provided an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Stack-based buffer overflow - CVE-2018-17916;
and
• Empty password in configuration
file - CVE-2018-17914
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerabilities to allow an unauthenticated user to
remotely execute code.
Rockwell Update
This update
provides additional information on an advisory that was originally
published on October 26th, 2017. The update provides new
mitigation information based upon new limitations on the impact of the
vulnerability.
NOTE: This is the KRACK vulnerability advisory for the
Rockwell Stratix 5100 Wireless Access Point/Workgroup Bridge.
Posts
No comments:
Post a Comment