Thursday, January 3, 2019

Three Advisories Published – 01-03-19


Today the DHS NCCIC-ICS proved that they were not currently furloughed (though still not being paid for their service) by publishing three control system security advisories for products from Hetronic, Yokogawa, and Schneider Electric.

Hetronic Advisory


This advisory describes a authentication bypass by capture-replay vulnerability in the Hetronic Nova-M family of remote control transmitters and receivers. The vulnerability was reported by Jonathan Andersson, Philippe Z Lin, Akira Urano, Marco Balduzzi, Federico Maggi, Stephen Hilt, and Rainer Vosseler via the Zero Day Initiative. Hetronic has new firmware versions that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerability to allow unauthorized users to view commands, replay commands, control the device, or stop the device from running.

Yokogawa Advisory


This advisory describes a resource management error vulnerability in the Yokogawa Vnet/IP Open Communication Driver. The vulnerability was self-reported. Yokogawa has new versions that mitigate the vulnerability.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow an attacker to cause Vnet/IP network communications to controlled devices to become unavailable.

NOTE: I briefly discussed this vulnerability almost two weeks ago.

Schneider Advisory


This advisory describes an improper input validation vulnerability in the Schneider Pro-face GP-Pro EX devices. The vulnerability was reported by Yu Quiang of Venustech’s ADLab. Schneider has a new version that mitigates the vulnerability. There is no indication that Yu has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow an attacker to modify code to launch an arbitrary executable upon launch of the program.

NOTE: I briefly discussed this vulnerability almost two weeks ago.

Commentary


I am really glad to see that NCCIC-ICS is publishing advisories during the Federal Funding Fiasco. The people doing the writing, editing, reviewing and posting of these advisories are currently working without pay though they may (probably will) be paid once the FFF is fixed, but that does not make their day-to-day life outside of the office any easier. Please remember them in your thoughts and prayers, and most importantly in your letters to your congresscritters.


No comments:

 
/* Use this with templates/template-twocol.html */