Yesterday the DHS NCCIC-ICS published six control system
advisories for products from Leão Consultoria e Desenvolvimento de Sistemas
(LCDS), Rockwell, 3S (2), Fuji Electric and Advantech.
LCDS Advisory
This advisory
describes two vulnerabilities in the LCDS LAquis SCADA software. The vulnerabilities
were reported by Francis Provencher (PRL) via the Zero Day Initiative. LCDS has
an update available that mitigates the vulnerability. There is no indication
that Provencher has been provided an opportunity to verify the efficacy of the
fix.
The two reported vulnerabilities are:
• Out-of-bounds read - CVE-2019-10994; and
• Type confusion - CVE-2019-10980
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit the vulnerability to allow an
attacker to obtain confidential information or execute remote code.
Rockwell Advisory
This advisory
describes two vulnerabilities in the Rockwell Arena Simulation Software. The
vulnerabilities were reported by kimiya of 9SG Security Team via ZDI. Rockwell
has a new version that mitigates the vulnerability. There is no indication that
kimiya has been provided an opportunity to verify the efficacy of the fix.
• Use after free - CVE-2019-13510; and
• Information exposure - CVE-2019-13511
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit the vulnerabilities to allow an
attacker to cause a current Arena session to fault or enter a denial-of-service
(DoS) state, allowing the attacker to run arbitrary code.
First CODESYS Advisory
This advisory
describes an insufficiently protected credentials vulnerability in the CmpUserMgr
component of 3S CODESYS products. The vulnerability was reported by JunYoung
Park. 3S will correct this vulnerability in a new version to be released in
February. The 3S
advisory strongly recommends activating and using encryption of online
communication whenever possible.
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit this vulnerability to allow for an
attacker with access to PLC traffic to obtain user credentials.
NOTE: Is it just me or is this advisory just a seven-month
zero-day announcement?
Second CODESYS Advisory
This advisory
describes two vulnerabilities in the CmpGateway component of the 3S CODESYS
products. These vulnerabilities are self-reported. 3S has a new version that
mitigates the vulenrabilities.
The two reported vulnerabilities are:
• Unverified ownership - CVE-2019-9010; and
• Uncontrolled memory allocation - CVE-2019-9012
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerabilities to allow a remote attacker to close
existing communication channels or to take over an already established user
session to send crafted packets to a PLC.
NOTE 1: There were six other advisories published by 3S at
the same time as the two referenced in these two NCCIC-ICS advisories. I will
address them this weekend.
NOTE 2: A reminder that the CODESYS operating system is used
in a wide variety of devices and systems. These vulnerabilities will have
widespread application. Few vendors are expected to publish updates referencing
these vulnerabilities.
Fuji Advisory
This advisory
describes and out-of-bounds read vulnerability in the Fuji FRENIC Loader. The vulnerability was reported
by kimiya of 9SG Security Team via ZDI. Fuji has a new version that mitigates
the vulnerability. There is no indication that the kimiya has been provided an
opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit the vulnerability to allow
information disclosure.
Advantech Advisory
This advisory
describes an out-of-bounds write vulnerability in the Advantech WebAccess HMI
Designer. The vulnerability was reported by Mat Powell via ZDI. Advantech has a
new version that mitigates the vulnerability. There is no indication that Powell
has been provided an opportunity to verify the efficacy of the fix.
Posts
No comments:
Post a Comment