Tuesday the DHS NCCIC-ICS published nine control system
security advisories for products from Siemens (8) and Omron and updated four previously
published advisories for Siemens (3) and WIBU-Key.
SIMATIC Panels Advisory
This advisory
describes three vulnerabilities in the Siemens SIMATIC WinCC Runtime Advanced,
WinCC Runtime Professional, WinCC (TIA Portal); HMI Panels. The vulnerabilities
are self-reported. Siemens has updates available for many of the affected
products.
The three reported vulnerabilities are:
• Use of hard-coded credentials - CVE-2019-6572;
• Insufficiently protected credentials - CVE-2019-6576;
and
• Cross-site scripting - CVE-2019-6577
NCCIC-ICS reports that a relatively low-skilled attacker
with network access could remotely exploit these vulnerabilities to allow an
attacker with network access to the device to read/write variables via SNMP.
NOTE: The NCCIC-ICS advisory references the incorrect
Siemens advisory, it should have been SSA-804486.
The incorrect advisory listed is for a different vulnerability in a similar
list of products.
SIMATIC PCS7 Advisory
This advisory
describes three vulnerabilities in the Siemens SIMATIC PCS 7, WinCC Runtime
Professional, WinCC (TIA Portal) products. The vulnerabilities were reported by
Vladimir Dashchenko and Sergey Temnikov from Kaspersky Lab, CNCERT/CC, and
ChengBin Wang from Guoli Security Technology. Siemens has an update for one of
the affected products and has provided generic workarounds for the remainder
pending mitigation development. There is no indication that any of the
researchers have been provided an opportunity to verify the efficacy of the
fix.
The three reported vulnerabilities are:
• SQL injection - CVE-2019-10916;
• Uncaught exception - CVE-2019-10917; and
• Exposed dangerous method or function - CVE-2019-10918
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerabilities to allow an attacker to execute
arbitrary commands on the affected system.
SCALANCE Advisory
This advisory
describes five vulnerabilities in the Siemens SCALANCE W1750D. The
vulnerability is self-reported. Siemens has a new version that mitigates the
vulnerability.
The five reported vulnerabilities are:
• Command injection (2) - CVE-2018-7084 and CVE-2018-7082;
• Information exposure (2) - CVE-2018-7083 and CVE-2018-16417;
and
• Cross-site scripting - CVE-2018-7064
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit these vulnerabilities to allow an attacker execute
arbitrary commands within the underlying operating system, discover sensitive
information, take administrative actions on the device, or expose session
cookies for an administrative session.
Perfect Harmony Advisory
This advisory
describes an improper input validation vulnerability in the Siemens SINAMICS PERFECT
HARMONY GH180 medium voltage converter. The vulnerability is self-reported.
Siemens has an upgrade available to mitigate the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to cause a denial-of-service condition.
NXG I and II Advisory
This advisory
describes an uncontrolled resource consumption vulnerability in the Siemens SINAMICS
PERFECT HARMONY GH180 Drives with NXG I and NXG II controls. The vulnerability
is self-reported. Siemens has an upgrade available to mitigate the
vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker
with access to the Ethernet Modbus Interface could exploit the vulnerability to
cause a denial-of-service condition exceeding the number of available
connections.
LOGO!8 Advisory
This advisory
describes three vulnerabilities in the Siemens LOGO!8 BM programmable logic
controller. The vulnerability was reported by Manuel Stotz and Matthias Deeg
from SySS GmbH. Siemens has provided generic mitigation measures for the
vulnerability. There is no indication that the researchers have been provided
an opportunity to verify the efficacy of the fix.
The three reported vulnerabilities are:
• Missing authentication for critical function - CVE-2019-10919;
• Improper handling of extra values - CVE-2019-10920;
and
• Plain-text storage of a password - CVE-2019-10921
NCCIC-ICS reports that a relatively low-skilled attacker
with access to port 10005/tcp could remotely exploit the vulnerability to allow
device reconfiguration, access to project files, decryption of files, and
access to passwords.
SIMATIC WinCC Advisory
This advisory
describes a missing authentication for critical function vulnerability in the
Siemens SIMATIC WinCC and SIMATIC PCS 7 products. The vulnerability was
reported by Vladimir Dashchenko and Sergey Temnikov from Kaspersky Lab. Siemens
has newer versions that along with enabling ‘encrypted communications’
mitigates the vulnerability. There is no indication that the researchers have
been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to allow an unauthenticated attacker
with access to the affected devices to execute arbitrary code.
Omron Advisory
This advisory
describes an untrusted search path vulnerability in the Omron Network
Configurator for DeviceNet. The vulnerability was anonymously reported by n0b0dy.
Omron is working on an update to mitigate the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit the vulnerability to allow an
attacker to achieve arbitrary code execution under the privileges of the
application.
Industrial Products with OPC Update
This update
provides additional information on an advisory that was originally published on
April 9th, 2019. The new information includes:
• Clarifying product names for SIMATIC HMI Products;
• Adding solution for SIMATIC S7-1500 CPU family; and
• Modifying affected versions for SIMATIC Net PC
Software
SIMATIC Update
This update
provides additional information on an advisory that was originally published on
April 9th, 2019. The new information from Siemens included:
• Specification for SINAMICS products;
• Adding solution for SIMATIC S7-1500 CPU family; and
• Adding solution for SIMATIC S7-PLCSIM Advanced
NCCIC-ICS also added a number of affected products that were
missing from their original advisory.
WIBU Key Update
This update
provides additional information on an advisory that was originally
published on February 12th, 2019 and updated on March
12th, 2019 and again on April 9th, 2019. The new
information includes:
• Adding new affected products from Siemens.
S7-400 Update
This update
provides additional information on an advisory that was originally
published on November 13th, 2018. The new information includes:
• Adding the names of the researchers who reported
the vulnerabilities; and
• Adding solution for S7-400H V6.
Posts
No comments:
Post a Comment