Yesterday the DHS NCCIC-ICS published four control system
security advisories for products from Siemens (2), GE and SMA Solar Technology.
They also updated a medical device advisory for products from BD and five
control system advisories for products from Siemens.
SIMATIC Advisory #1
This advisory
describes a use of hard-coded cryptographic key vulnerability in the Siemens SIMATIC
IT Unified Architecture Discrete Manufacturing (UADM). This vulnerability is
self-reported. Siemens has a new version that mitigates the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to allow an attacker to gain read and
write access to the related TeamCenter station. The Siemens
advisory notes that the remote attacker would have to be authenticated and
have network access to network access to port 1434/tcp of SIMATIC IT UADM to
exploit the vulnerability.
SIMATIC Advisory #2
This advisory
describes an uncontrolled resource consumption vulnerability in the Siemens SIMATIC
WinAC RTX (F) 2010. The vulnerability was reported by Tal Keren from Claroty.
Siemens has provided generic workarounds to mitigate the vulnerability. There
is no indication that Keren was provided an opportunity to verify the efficacy
of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to allow an attacker to perform a
denial-of-service attack that could compromise the availability of the service
provided by the software.
GE Advisory
This advisory
describes two vulnerabilities in the GE Mark VIe Controller. The
vulnerabilities were reported by Sharon Brizinov of Claroty. GE provides
generic workarounds to mitigate the vulnerability. There is no indication that
Brizinov has been proved an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Improper authorization - CVE-2019-13554; and
• Use of hard-coded credentials - CVE-2019-13918
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit the vulnerabilities to allow an
attacker to create read/write/execute commands within the Mark VIe control
system.
SMA Advisory
This advisory
describes a cross-site request forgery vulnerability in the SMA Sunny WebBox.
The vulnerability was reported by Borja Merino and Eduardo Villaverde of the Technical
Inspection Laboratory of the Mining School (University of León). SMA provides
generic workarounds for this end-of-life product. There is no indication that
the researchers have been provided an opportunity to verify the efficacy of the
fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to allow an attacker to generate a
denial-of-service condition, modify passwords, enable services, achieve
man-in-the-middle, and modify input parameters associated with devices such as
sensors.
BD Update
This update
provides additional information on an advisory that was originally
published on September 5th, 2019. The updated information
includes:
• Revised affected versions for Pyxis ES Versions;
and
• New mitigation measures for all products
Industrial Product Update #1
This update
provides additional information on an advisory that was originally
published on September 10th, 2019. The new information includes revised
affected versions and mitigation measures for:
• SINUMERIK 840D sl;
• SINUMERIK 828D; and
• SINUMERIK 808D
NOTE: This advisory describes the Siemens response to the
Linux TCP
SACK PANIC vulnerabilities.
SIMATIC Update #1
This update
provides additional information on an advisory that was originally published on
March 9th, 2019 and last
updated on July 9th, 2019. The new information includes:
• Renaming SIMATIC WinAC RTX 2010 to SIMATIC WinAC
RTX (F) 2010;
• Updating affected version numbers for SIMATIC WinAC
RTX (F) 2010; and
• Providing mitigation information for SIMATIC WinAC
RTX (F) 2010
SIMATIC Update #2
This update
provides additional information on an advisory that was originally
published on May 20th, 2018 and most recently updated on May 14th,
2019. The new information includes:
• Renaming SIMATIC WinAC RTX 2010 to SIMATIC WinAC
RTX (F) 2010;
• Updating affected version numbers for SIMATIC WinAC
RTX (F) 2010; and
• Providing mitigation information for SIMATIC WinAC
RTX (F) 2010
Industrial Products Update #2
This update
provides additional information on an advisory that was originally
published on December 5th, 2017 and most
recently updated on March 12th, 2019. The new information
includes:
• Renaming SIMATIC WinAC RTX 2010 to SIMATIC WinAC
RTX (F) 2010;
• Updating affected version numbers for SIMATIC WinAC
RTX (F) 2010; and
• Providing mitigation information for SIMATIC WinAC
RTX (F) 2010
PROFINET Update
This update
provides additional information on an advisory that was originally
published on May 9th, 2017 and most recently
updated on February 5th, 2019. The new information includes:
• Renaming SIMATIC WinAC RTX 2010 to SIMATIC WinAC
RTX (F) 2010;
• Updating affected version numbers for SIMATIC WinAC
RTX (F) 2010; and
•
Providing mitigation information for SIMATIC WinAC RTX (F) 2010
Other Siemens Announcements
Yesterday Siemens announced
a total of five new security advisories and ten advisory updates. Some will be
covered (hopefully) later this week by NCCIC-ICS and the remainder I will
discuss Saturday.
Posts
No comments:
Post a Comment