Saturday, August 17, 2019

Public ICS Disclosures – Week of 08-10-19


This week we have eight vendor notifications from Schneider (7) and Siemens; updates for four previouls published advisories from Schneider (2) and Siemens (2); as well as two exploit reports for previously published vulnerabilities in products from Wind River, and Cisco.

Schneider Advisories


Magelis Advisory

Schneider published an advisory describing an improper check for unusual or exceptional conditions vulnerability in their Magelis HMI Panel products. The vulnerability was reported by VAPT Team. Schneider provides generic workarounds to mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Modicon 340 Advisory

Schneider published an advisory describing an improper check for unusual or exceptional conditions vulnerability in their Modicon M340 controllers. The vulnerability was reported by VAPT Team. Schneider provides generic workarounds to mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Modicon Advisory

Schneider published an advisory describing three improper check for unusual or exceptional conditions vulnerabilities in their Modicon Ethernet / Serial RTU Modules. The vulnerability was reported by VAPT Team. Schneider provides generic workarounds to mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

SoMachine Advisory

Schneider published an advisory describing an untrusted search path vulnerability in their SoMachine HVAC. The vulnerability was reported by Yongjun Liu of the nsfocus security team. Schneider has a new version that mitigates the vulnerability. There is no indiction that Yonguin has been provided an opportunity to verify the efficacy of the fix.

TelevisGo Advisory

Schneider published an advisory describing 22 vulnerabilities in the third party UltraVNC (remote accesss) software component embedded within the TelevisGo product. The vulnerabilities were reported by Kaspersky Labs. Schneider has a hot-fix available that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The 22 reported vulnerabilities are:

Buffer errors (9) - CVE-2019-8258, CVE-2018-15361, CVE-2019-8262, CVE-2019-8263, CVE-2019-8269, CVE-2019-8271, CVE-2019-8273, CVE-2019-8274, and CVE-2019-8276;
Resource management errors (2) - CVE-2019-8259, and CVE-2019-8277;
Out-of-bounds read (8) - CVE-2019-8260, CVE-2019-8261, CVE-2019-8280, CVE-2019-8264, CVE-2019-8265, CVE-2019-8266, CVE-2019-8267, and CVE-2019-8270;
Incorrect calculation (2) - CVE-2019-8268, CVE-2019-8272; and
Improper access control - CVE-2019-8275.

Software Update Service Advisory

Schneider published an advisory describing a deserialization of trusted data vulnerability in their Software Update (SESU) SUT Service. The vulnerability was reported by Amir Preminger of Claroty. Schneider has a new version that mitigates the vulnerability. There is no indication that Preminger has been provided an opportunity to verify the efficacy of the fix.

spaceLYnk Advisory


Schneider published an advisory describing an authentication vulnerability in their  spaceLYnk and Wiser for KNX controllers. The vulnerability was reported by Sumedt Jitpukdebodin. Schneider has new versions that mitigate the vulnreabilty. There is no indication that Jitpukdebodin has been provided an opportunity to verify the efficacy of the fix.

Schneider Updates


Modicon Controllers Update

Schneider published an update that was originally published on May 14th, 2019.  New information includes:
Added mitigation measures for M340;
Added four new vulnerabilities (links for reports w/exploits from Talos):
Denial of service vulnerability - CVE-2019-6809;
Denial of service vulnerability - CVE-2019-6828;
Denial of service vulnerability - CVE-2019-6829; and
Denial of service vulnerability - CVE-2019-6830

SCADAPack Update

Schneider published an update for an advisory that was originally published on May 24th, 2017. New information includes:

Updated researcher acknowledgement section;
Corrected CVE ID from CVE-2017-6028 to CVE-2017-6034; and
Corrected vulnerability description

Siemens Advisory


Siemens published an advisory describing two vulnerabilities in their SIMATIC S7-1200 and SIMATIC
S7-1500 CPU families.  The vulnerabilities were reported by Eli Biham, Sara Bitan, Aviad Carmel, and Alon Dankner, Uriel Malin, and Avishai Woo. Siemens has generic workarounds that mitigate the vulenrabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The two reported vulnerabilities are:

Man-in-the-middle vulnerability - CVE-2019-10929; and
Code change vulnerability - CVE-2019-10943

Siemens Updates


ZombieLoad Update

Siemens published an update for an advisory that was originally published on July 9th, 2019. New information includes:

SIMATIC IPCs 427D, 477D, 627D, 627E, 647D, 647E, 677D, 677E, 827D, 847D, 847E; and
FieldPG M6

GNU/Linux Update

Siemens published an update for an advisory that was originally published on November 27th, 2019. New information includes:

Added CVE-2018-19591, CVE-2019-11360, CVE-2019-13272; and
Moved CVE2018-16862 from buildtime to runtime relevant

Cisco Exploit


Angelo Ruwantha published a Metasploit module for a vulnerability in the Cisco Adaptive Security Appliance; Cisco published an advisory on this vulnerability on June 6thy, 2018. NCCIC-ICS published an advisory for Rockwell Automation Allen-Bradley Stratix 5950 listing this vulnerability.

WindRiver (Urgent/11) Exploit


Zhou Yu published an exploit for an integer overflow vulnerability in the Wind River VxWorks (one of the Urgent/11 vulnerabilities).

No comments:

 
/* Use this with templates/template-twocol.html */