Yesterday the DHS NCCIC-ICS published two control system
security advisories for products from WAGO and Delta Industrial Automation, and
one for PLC products from multiple vendors.
PLC Advisory
This advisory
describes an uncontrolled resource consumption vulnerability in specific PLC
products from ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO. The
vulnerability was reported by Matthias Niedermaier (Hochschule Augsburg),
Jan-Ole Malchow (Freie Universität Berlin), and Florian Fischer (Hochschule
Augsburg). The responses range from a firmware update from Schneider, to ‘its
not really a vulnerability but here are generic workarounds’, to ‘its not a
vulnerability’ from Siemens. There is no indication that the researchers have
been provided an opportunity to verify the efficacy of the fixes.
NCCIC-ICS reports that a relatively low-skilled attacker could
use a publicly available
exploit to emotely influence configured cycle times.
NOTE: The Schneider
advisory referenced in this advisory was released
in February and listed a 2018 CVE number for the reported vulnerability. Neither CVE number is currently available.
WAGO Advisory
This advisory
describes a hard-coded credential vulnerability in the WAGO Series 750-88x and
750-87x PLCs. The vulnerability was reported by Jörn Schneeweisz of Recurity
Labs. WAGO has new firmware that mitigates the vulnerability. There is no
indication that Schneeweisz has been provided an opportunity to verify the
efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to change the settings or alter the
programming of the device.
NOTE: I briefly
mentioned this vulnerability last Saturday.
Delta Advisory
This advisory
describes three vulnerabilities in the Delta Industrial Automation CNCSoft screen
editor software. The vulnerabilities were reported by Natnael Samson and an
anonymous researcher via the Zero Day Initiative. Delta has an updated version
that mitigates the vulnerabilities. There is no indication that the researchers
have been provided an opportunity to verify the efficacy of the fix.
The three reported vulnerabilities are:
• Stack-based buffer overflow - CVE-2019-10947;
• Heap-based buffer overflow - CVE-2019-10951; and
• Out-of-bounds read - CVE-2019-10949
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit this vulnerability to cause buffer
overflow conditions that may allow information disclosure, remote code
execution, or crash the application.
Posts
No comments:
Post a Comment