This week we have eight vendor notifications from Schneider
(7) and Siemens; updates for four previouls published advisories from Schneider
(2) and Siemens (2); as well as two exploit reports for previously published
vulnerabilities in products from Wind River, and Cisco.
Schneider Advisories
Magelis Advisory
Schneider published
an
advisory describing an improper check for unusual or exceptional conditions
vulnerability in their Magelis HMI Panel products. The vulnerability was
reported by VAPT Team. Schneider provides generic workarounds to mitigate the vulnerability.
There is no indication that the researchers have been provided an opportunity
to verify the efficacy of the fix.
Modicon 340 Advisory
Schneider published
an
advisory describing an improper check for unusual or exceptional conditions
vulnerability in their Modicon M340 controllers. The vulnerability was reported
by VAPT Team. Schneider provides generic workarounds to mitigate the vulnerability.
There is no indication that the researchers have been provided an opportunity
to verify the efficacy of the fix.
Modicon Advisory
Schneider published
an
advisory describing three improper check for unusual or exceptional
conditions vulnerabilities in their Modicon Ethernet / Serial RTU Modules. The
vulnerability was reported by VAPT Team. Schneider provides generic workarounds
to mitigate the vulnerability. There is no indication that the researchers have
been provided an opportunity to verify the efficacy of the fix.
SoMachine Advisory
Schneider published
an
advisory describing an untrusted search path vulnerability in their SoMachine
HVAC. The vulnerability was reported by Yongjun Liu of the nsfocus security
team. Schneider has a new version that mitigates the vulnerability. There is no
indiction that Yonguin has been provided an opportunity to verify the efficacy
of the fix.
TelevisGo Advisory
Schneider published
an
advisory describing 22 vulnerabilities in the third party
UltraVNC (remote
accesss) software component embedded within the TelevisGo product. The vulnerabilities
were reported by Kaspersky Labs. Schneider has a hot-fix available that
mitigates the vulnerability. There is no indication that the researchers have
been provided an opportunity to verify the efficacy of the fix.
The 22 reported vulnerabilities
are:
• Buffer errors (9) - CVE-2019-8258, CVE-2018-15361, CVE-2019-8262,
CVE-2019-8263, CVE-2019-8269, CVE-2019-8271, CVE-2019-8273, CVE-2019-8274, and CVE-2019-8276;
• Resource management errors (2) - CVE-2019-8259, and
CVE-2019-8277;
• Out-of-bounds read (8) - CVE-2019-8260, CVE-2019-8261,
CVE-2019-8280, CVE-2019-8264, CVE-2019-8265, CVE-2019-8266, CVE-2019-8267, and CVE-2019-8270;
• Incorrect calculation (2) - CVE-2019-8268, CVE-2019-8272;
and
• Improper access control - CVE-2019-8275.
Software Update Service Advisory
Schneider published
an
advisory describing a deserialization of trusted data vulnerability in their
Software Update (SESU) SUT Service. The vulnerability was reported by Amir
Preminger of Claroty. Schneider has a new version that mitigates the vulnerability.
There is no indication that Preminger has been provided an opportunity to
verify the efficacy of the fix.
spaceLYnk Advisory
Schneider published
an
advisory describing an authentication vulnerability in their
spaceLYnk and Wiser for KNX controllers. The
vulnerability was reported by Sumedt Jitpukdebodin. Schneider has new versions
that mitigate the vulnreabilty. There is no indication that Jitpukdebodin has
been provided an opportunity to verify the efficacy of the fix.
Schneider Updates
Modicon Controllers Update
Added mitigation measures for M340;
Added four new vulnerabilities (links
for reports w/exploits from Talos):
SCADAPack Update
Schneider published
an
update for an advisory that was originally published on May 24
th,
2017. New information includes:
• Updated researcher acknowledgement section;
• Corrected CVE ID from CVE-2017-6028 to
CVE-2017-6034; and
• Corrected vulnerability description
Siemens Advisory
Siemens published
an
advisory describing two vulnerabilities in their SIMATIC S7-1200 and
SIMATIC
S7-1500 CPU families.
The vulnerabilities
were
reported by Eli Biham, Sara Bitan, Aviad Carmel, and Alon Dankner, Uriel
Malin, and Avishai Woo. Siemens has generic workarounds that mitigate the
vulenrabilities. There is no indication that the researchers have been provided
an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Man-in-the-middle vulnerability - CVE-2019-10929;
and
• Code change vulnerability - CVE-2019-10943
Siemens Updates
ZombieLoad Update
• SIMATIC IPCs 427D, 477D, 627D, 627E, 647D, 647E,
677D, 677E, 827D, 847D, 847E; and
• FieldPG M6
GNU/Linux Update
Siemens published
an update
for an advisory that was originally published on November 27
th, 2019.
New information includes:
• Added CVE-2018-19591, CVE-2019-11360,
CVE-2019-13272; and
• Moved CVE2018-16862 from buildtime to runtime
relevant
Cisco Exploit
Angelo Ruwantha
published a Metasploit module
for a vulnerability in the Cisco Adaptive Security Appliance; Cisco published
an
advisory on this vulnerability on June 6thy, 2018. NCCIC-ICS published
an
advisory for Rockwell Automation Allen-Bradley Stratix 5950 listing this
vulnerability.
WindRiver (Urgent/11) Exploit
Zhou Yu
published
an exploit for an integer overflow vulnerability in the Wind River VxWorks (one
of the
Urgent/11 vulnerabilities).