ICS Public Disclosures – Week of 01-05-19

This week we have five new vendor disclosures and seven vendor updates, all for products from Siemens.

EN100 Ethernet Advisory

Siemens published an advisory for their EN100 Ethernet communication module for SWT 3000 describing two denial of service vulnerabilities. The vulnerabilities were reported by Victor Nikitin, Vladislav Suchkov, and Ilya Karpov from ScadaX. Siemens has identified a workaround that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

SICAM A8000 Advisory

Siemens published an advisory for their SICAM A8000 RTU series describing an denial of service vulnerability. The vulnerability was reported by Emanuel Duss and Nicolas Heiniger from Compass Security. Siemens has new versions that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

CP1604 and CP1616 Advisory

Siemens published an advisory for their CP1604 and CP1616 devices describing a denial of service vulnerability. The vulnerability is self-reported. Siemens has new versions that mitigate the vulnerability.

SIMATIC S7-300 Advisory

Siemens published an advisory for their SIMATIC S7-300 CPU describing a denial of service vulnerability. The vulnerability was reported by the Electronic Technology Information Research Institute. Siemens has a new version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

S7-1500 Advisory

Siemens published an advisory for their S7-1500 CPU describing two denial of service vulnerabilities. The vulnerabilities were reported by Georgy Zaytsev, Dmitry Sklyarov, Druzhinin Evgeny, Ilya Karpov, and Maxim Goryachy from Positive Technologies. Siemens has new versions that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Siemens Updates

As part of the swath of 12 advisories and updates issued by Siemens this week there was one update that was not covered by NCCIC-ICS updates. This was for vulnerabilities addressed in ICS-CERT generic alerts; NCCIC-ICS does not update these alerts for new information from the existing vendor list on the alert, the links on those alerts already take interested parties to this latest information.

• SSB-439005: v 1.2 - Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP - Added CVE-2018-19931 and CVE-2018-19932;

There were six additional updates that I suspect that NCCIC-ICS could still pick-up in the coming week.

• SSA-592007: v 1.3 - Denial-of-Service Vulnerability in Industrial Products – NCCIC-ICS published their latest update (ICSA-18-079-02A) on October 9^th, 2018 - Added update for SIMATIC S7-300 incl. F and T;

• SSA-535640: v 1.3 - Vulnerability in Industrial Products – NCCIC-ICS published their latest update (ICSA-17-243-01B) on November 30^th, 2017 - Added fix for SIMATIC NET PC Software;

• SSA-348629: v 1.7 - Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software - NCCIC-ICS published their latest update (ICSA-18-088-03E) on December 13^th, 2018 - Updated patch links for WinCC 7.2 and 7.4;

• SSA-346262: v 2.1 - Denial-of-Service in Industrial Products - NCCIC-ICS published their latest update (ICSA-17-339-01J) on December 12^th, 2018 - Updated solution for SIMATIC S7-300;4

• SSA-293562: v 2.6 - Vulnerabilities in Industrial Products - NCCIC-ICS published their latest update (ICSA-17-129-02N) on December 12^th, 2018 - Updated information for CP 1243-1; and

• SSA-181018: v 1.3 - Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C - NCCIC-ICS published their original advisory (ICSA18-165-01) on June 13^th, 2018 - Added solution for RUGGEDCOM WiMAX