This week we have vendor notifications for products from
OSIsoft and Schneider Electric and a researcher report of vulnerabilieis in
products from Pilz. We also have two exploit publications for products from
Rockwell Automation (one may be a 0-day).
OSIsoft Vulnerabilities
In their Release
Notes for the latest version of PIProcessbook OSIsoft reports that there
are three vulnerabilities being corrected by this release. Those
vulnerabilities are related to an included older version of Microsoft’s VBA
6.5. A separate security advisory is being (was?) released to provide further
details on these ‘high impact’ vulnerabilities. If it has been released, then my
limited (non-customer) access to the OSIsoft site does not provide access to
the advisory. The Release Notes do credit the Australian Energy Market Operator
(AEMO) with reporting the vulnerabilities.
Schneider Advisory
This advisory
describes three vulnerabilities in the Eurotherm by Schneider Electric GUIcon
product. The vulnerabilities were reported by mdm and rgod (9SG Security Team).
Schneider has a new version that mitigates the vulnerabilities. There is no
indication that the researchers have been provided an opportunity to verify the
efficacy of the fixes.
The three reported vulnerabilities are:
• Type confusion (2) - CVE-2018-7813
and CVE-2018-7815; and
• Stack-based buffer overflow - CVE-2018-7814
Pilz Advisory
Applied Risk has published an
advisory for a clear-text storage of sensitive information vulnerability in
the Pilz Pilz PNOZmulti Configurator, a safety system tool. This is a
coordinated disclosure. Pilz has a new version that mitigates the
vulnerability.
Rockwell Exploits
Luca.Chiou published an exploit for an
incorrect access control authentication bypass vulnerability in the Rockwell Allen-Bradley
PowerMonitor 1000. A CVE has been reserved for this vulnerability (CVE-2018-19616,
no further information available) which may indicate that Rockwell has been
notified of this vulnerability.
Luca.Chiou published an exploit for a
cross-site scripting vulnerability in the Rockwell Allen-Bradley PowerMonitor
1000. No CVE is provided in the exploit documentation. This may indicate that
this is a 0-day vulnerability.
Posts
1 comment:
Hi PJ, clarification on OSIsoft Vulnerabilities section of this post. The release notes describe both SP1 and SP2 fixes because this is a re-release with minor fixes. The vulnerabilities are fixed as of SP1 and were reported to ICS-CERT in ICSA-17-192-05. Sorry for the internet echo. -Bryan
Post a Comment