Saturday, August 3, 2019

Public ICS Disclosures – Week of 07-27-19


It has been a very busy week in the ICS disclosure arena. We have vendor disclosures about the VxWorks vulnerabilities announced earlier this week; disclosures from Siemens, ABB, Schneider and Belden. We also have vendor disclosures from 3S and an update from Rockwell. Finally, we have new Metasploit module for a previously disclosed vulnerability from Schneider.

VxWorks Vulnerability


The Wind River OS vulnerabilities were just reported this week and we already have three (major) ICS vendors adding their advisories to the list of vulnerable products:

Siemens (in an out-of-cycle report);
Schneider; and
ABB, in:
AC 800PEC;
Belden

It will be interesting to see if NCCIC-ICS updates their advisory for each new vendor that adds to the list of covered products. Unfortunately, I do not expect NCCIC-ICS to provide any information about future updates (and there will be many as fixes are further applied) to the advisories published.

3S Advisories


This week, as earlier noted, 3S published 8 advisories for their CODESYS operating system, two of which NCCIC-ICS has reported. The remaining six advisories are covered below:

OPC UA Server Advisory

3S published an advisory describing a null pointer dereference vulnerability in the CODESYS Control V3 OPC UA Server. The vulnerability is self-reported. 3S has an update available to mitigate the vulnerability.

Communications Server Advisory

3S published an advisory describing a detection of error condition without action vulnerability in CODESYS V3 products containing a CODESYS communication server. The vulnerability was reported by Martin Hartmann from cirosec GmbH. 3S has a new version that mitigates the vulnerability. There is no indication that Hartmann has been provided an opportunity to verify the efficacy of the fix.

Library Manager Advisory

3S published an advisory describing a cross-site scripting vulnerability in the CODESYS V3 Library Manager. The vulnerability was reported by Heinz Füglister of WRH Walter Reist Holding AG. 3S has an update that mitigates the vulnerability. There is no indication that Füglister has been provided an opportunity to verify the efficacy of the fix.

On-Line User Management Advisory

3S published an advisory describing an incorrected inherited permissions vulnerability in the CODESYS Control V3 online user management. The vulnerability was reported by Martin Hartmann from cirosec GmbH. 3S has updates available that mitigate the vulnerability. There is no indication that Martin has been provided an opportunity to verify the efficacy of the fix.

Channel Management Advisory

3S published an advisory describing an uncontrolled memory allocation vulnerability in CODESYS Gateway V3 memory management. The vulnerability was reported by Martin Hartmann from cirosec GmbH. 3S has an update available that mitigates the vulnerability. There is no indication that Martin has been provided an opportunity to verify the efficacy of the fix.

Web Server Advisory

3S published an advisory describing a directory traversal vulnerability in the CODESYS V3 web server. The vulnerability was reported by Ivan Cheyrezy of Schneider Electric. 3S has an update that mitigates the vulnerability. There is no indication that Cheyrezy has been provided an opportunity to verify the efficacy of the fix.

Rockwell Update


Rockwell published an update to their advisory on PanelView 5510 Graphic Terminals that was originally published on July 9th, 2019. The update includes:

Modified description of the vulnerability;
Revision of the recommended work arounds; and
Provided a link for CVE-2019-10970

Schneider Metasploit


Lucas Dinucci published a Metasploit module for a previously disclosed vulnerability in the Schneider Electric Pelco Endura NET55XX webUI.

No comments:

 
/* Use this with templates/template-twocol.html */