4 Advisories and 6 Updates Published – 10-08-19

Yesterday the DHS NCCIC-ICS published four control system security advisories for products from Siemens (2), GE and SMA Solar Technology. They also updated a medical device advisory for products from BD and five control system advisories for products from Siemens.

SIMATIC Advisory #1

This advisory describes a use of hard-coded cryptographic key vulnerability in the Siemens SIMATIC IT Unified Architecture Discrete Manufacturing (UADM). This vulnerability is self-reported. Siemens has a new version that mitigates the vulnerability.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to allow an attacker to gain read and write access to the related TeamCenter station. The Siemens advisory notes that the remote attacker would have to be authenticated and have network access to network access to port 1434/tcp of SIMATIC IT UADM to exploit the vulnerability.

SIMATIC Advisory #2

This advisory describes an uncontrolled resource consumption vulnerability in the Siemens SIMATIC WinAC RTX (F) 2010. The vulnerability was reported by Tal Keren from Claroty. Siemens has provided generic workarounds to mitigate the vulnerability. There is no indication that Keren was provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to allow an attacker to perform a denial-of-service attack that could compromise the availability of the service provided by the software.

GE Advisory

This advisory describes two vulnerabilities in the GE Mark VIe Controller. The vulnerabilities were reported by Sharon Brizinov of Claroty. GE provides generic workarounds to mitigate the vulnerability. There is no indication that Brizinov has been proved an opportunity to verify the efficacy of the fix.

The two reported vulnerabilities are:

• Improper authorization - CVE-2019-13554; and

• Use of hard-coded credentials - CVE-2019-13918

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerabilities to allow an attacker to create read/write/execute commands within the Mark VIe control system.

SMA Advisory

This advisory describes a cross-site request forgery vulnerability in the SMA Sunny WebBox. The vulnerability was reported by Borja Merino and Eduardo Villaverde of the Technical Inspection Laboratory of the Mining School (University of León). SMA provides generic workarounds for this end-of-life product. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to allow an attacker to generate a denial-of-service condition, modify passwords, enable services, achieve man-in-the-middle, and modify input parameters associated with devices such as sensors.

BD Update

This update provides additional information on an advisory that was originally published on September 5^th, 2019. The updated information includes:

• Revised affected versions for Pyxis ES Versions; and

• New mitigation measures for all products

Industrial Product Update #1

This update provides additional information on an advisory that was originally published on September 10^th, 2019. The new information includes revised affected versions and mitigation measures for:

• SINUMERIK 840D sl;

• SINUMERIK 828D; and

• SINUMERIK 808D

NOTE: This advisory describes the Siemens response to the Linux TCP SACK PANIC vulnerabilities.

SIMATIC Update #1

This update provides additional information on an advisory that was originally published on March 9^th, 2019 and last updated on July 9^th, 2019. The new information includes:

• Renaming SIMATIC WinAC RTX 2010 to SIMATIC WinAC RTX (F) 2010;

• Updating affected version numbers for SIMATIC WinAC RTX (F) 2010; and

• Providing mitigation information for SIMATIC WinAC RTX (F) 2010

SIMATIC Update #2

This update provides additional information on an advisory that was originally published on May 20^th, 2018 and most recently updated on May 14^th, 2019. The new information includes:

• Renaming SIMATIC WinAC RTX 2010 to SIMATIC WinAC RTX (F) 2010;

• Updating affected version numbers for SIMATIC WinAC RTX (F) 2010; and

• Providing mitigation information for SIMATIC WinAC RTX (F) 2010

Industrial Products Update #2

This update provides additional information on an advisory that was originally published on December 5^th, 2017 and most recently updated on March 12^th, 2019. The new information includes:

• Renaming SIMATIC WinAC RTX 2010 to SIMATIC WinAC RTX (F) 2010;

• Updating affected version numbers for SIMATIC WinAC RTX (F) 2010; and

• Providing mitigation information for SIMATIC WinAC RTX (F) 2010

PROFINET Update

This update provides additional information on an advisory that was originally published on May 9^th, 2017 and most recently updated on February 5^th, 2019. The new information includes:

• Renaming SIMATIC WinAC RTX 2010 to SIMATIC WinAC RTX (F) 2010;

• Updating affected version numbers for SIMATIC WinAC RTX (F) 2010; and

• Providing mitigation information for SIMATIC WinAC RTX (F) 2010

Other Siemens Announcements

Yesterday Siemens announced a total of five new security advisories and ten advisory updates. Some will be covered (hopefully) later this week by NCCIC-ICS and the remainder I will discuss Saturday.