It has been a very busy week in the ICS disclosure arena. We
have vendor disclosures about the VxWorks vulnerabilities announced earlier
this week; disclosures from Siemens, ABB, Schneider and Belden. We also have
vendor disclosures from 3S and an update from Rockwell. Finally, we have new
Metasploit module for a previously disclosed vulnerability from Schneider.
VxWorks Vulnerability
The Wind River OS vulnerabilities were just reported
this week and we already have three (major) ICS vendors adding their advisories
to the list of vulnerable products:
• ABB, in:
It will be interesting to see if NCCIC-ICS updates their
advisory for each new vendor that adds to the list of covered products.
Unfortunately, I do not expect NCCIC-ICS to provide any information about future
updates (and there will be many as fixes are further applied) to the advisories
published.
3S Advisories
This week, as earlier
noted, 3S published 8 advisories for their CODESYS operating system, two of
which NCCIC-ICS has reported. The remaining six advisories are covered below:
OPC UA Server Advisory
3S published an
advisory describing a null pointer dereference vulnerability in the CODESYS
Control V3 OPC UA Server. The vulnerability is self-reported. 3S has an update
available to mitigate the vulnerability.
Communications Server Advisory
3S published an
advisory describing a detection of error condition without action
vulnerability in CODESYS V3 products containing a CODESYS communication server.
The vulnerability was reported by Martin Hartmann from cirosec GmbH. 3S has a
new version that mitigates the vulnerability. There is no indication that Hartmann
has been provided an opportunity to verify the efficacy of the fix.
Library Manager Advisory
3S published an
advisory describing a cross-site scripting vulnerability in the CODESYS V3
Library Manager. The vulnerability was reported by Heinz Füglister of WRH
Walter Reist Holding AG. 3S has an update that mitigates the vulnerability.
There is no indication that Füglister has been provided an opportunity to
verify the efficacy of the fix.
On-Line User Management Advisory
3S published an
advisory describing an incorrected inherited permissions vulnerability in
the CODESYS Control V3 online user management. The vulnerability was reported
by Martin Hartmann from cirosec GmbH. 3S has updates available that mitigate
the vulnerability. There is no indication that Martin has been provided an
opportunity to verify the efficacy of the fix.
Channel Management Advisory
3S published an
advisory describing an uncontrolled memory allocation vulnerability in CODESYS
Gateway V3 memory management. The vulnerability was reported by Martin Hartmann
from cirosec GmbH. 3S has an update available that mitigates the vulnerability.
There is no indication that Martin has been provided an opportunity to verify
the efficacy of the fix.
Web Server Advisory
3S published an
advisory describing a directory traversal vulnerability in the CODESYS V3
web server. The vulnerability was reported by Ivan Cheyrezy of Schneider
Electric. 3S has an update that mitigates the vulnerability. There is no indication
that Cheyrezy has been provided an opportunity to verify the efficacy of the fix.
Rockwell Update
Rockwell published an update to their advisory on PanelView
5510 Graphic Terminals that was originally
published on July 9th, 2019. The update includes:
• Modified description of the vulnerability;
• Revision of the recommended work arounds; and
Schneider Metasploit
Lucas Dinucci published
a Metasploit module for a previously
disclosed vulnerability in the Schneider Electric Pelco Endura NET55XX
webUI.
Posts
No comments:
Post a Comment