Saturday, October 12, 2019

Public ICS Disclosures – Week of 09-05-19


This week we have URGENT/11 updates from three ICS vendors; seven new vendor disclosures from Siemens, Schneider (4), Beckhoff (2) and Drager; six updates of previously issued advisories from Siemens (2), Schneider (3) and Yokogawa, and one exploit of a previously reported vulnerability for products from SMA Solar Technology.

URGENT/11 Updates



Siemens Advisory


Siemens published an advisory describing twelve vulnerabilities in the Siemens SIMATIC WinAC
RTX (F) 2010. These vulnerabilities are known as Spectre, Meltdown, Spectre-NG, Foreshadow, L1 Terminal Fault (L1TF), ZombieLoad, and Microarchitectural Data Sampling (MDS). These vulnerabilities were reported by various researchers. Siemens has an update that mitigates the vulnerabilities.

Schneider Advisories


Modicon Controllers Advisory #1

Schneider published an advisory describing a file and directory information disclosure vulnerability in the Schneider Modicon brand of programmable logic controllers. The vulnerability was reported by Jared Rittle (Cisco Talos); the report includes proof-of-concept (POC) code. Schneider provides generic workarounds to mitigate the vulnerability.

Modicon Controllers Advisory #2

Schneider published an advisory describing six vulnerabilities in the Schneider Modicon brand of programmable logic controllers. The vulnerabilities were reported by Jared Rittle and Patrick DeSantis (Cisco Talos) (the CVE links below are to the individual reports which contain POC code). Schneider provides generic workarounds to mitigate the vulnerability.

The six reported vulnerabilities are:

Uncaught exception (5) - CVE-2019-6841, CVE-2019-6842, CVE-2019-6843, CVE-2019-6844 and CVE-2019-6847; and
Clear-text transmission of sensitive information - CVE-2019-6846;

Modicon Controllers Advisory #3

Schneider published an advisory describing a clear-text transmission of sensitive information vulnerability in the Schneider Modicon brand of programmable logic controllers. The vulnerability was reported by Jared Rittle (Cisco Talos). Schneider provides generic workarounds to mitigate the vulnerability.

Modicon Controllers Advisory #4

Schneider published an advisory describing three vulnerabilities in the Schneider Modicon brand of programmable logic controllers. The vulnerabilities were reported by Jared Rittle (Cisco Talos) (the CVE links below are to the individual reports which contain POC code). Schneider provides generic workarounds to mitigate the vulnerability.

The three reported vulnerabilities are:

Uncaught exception vulnerability - CVE-2019-6848; and
Information exposure (2) - CVE-2019-6849 and CVE-2019-6850

Beckhoff Advisories


TwinCat Advisory

VDE-CERT published an advisory describing a divide by zero vulnerability in the Beckhoff TwinCAT real-time controller. The vulnerability was reported by Andreas Galauner from Rapid7. The Beckhoff advisory on this vulnerability reports that they are working on an update to mitigate the vulnerability.

CE Remote Display Advisory

Beckhoff published an advisory describing an incorrect login response vulnerability in the Beckhoff CE Remote Display. The vulnerability was reported by Chen Jie from NSFOCUS and Tijl Deneut from University Howest. Beckhoff has updates that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Drager Advisory


Drager has published an advisory describing three vulnerabilities in the Drager Infinity® M300 patient monitor. Drager is self-reporting the vulnerabilities. Drager will be releasing a new version to mitigate the vulnerabilities in March 2020.

The three reported vulnerabilities are:

Network DDOS attack;
Repeated DDOS attacks; and
Information exposure

Siemens Updates


Industrial Products Update

Siemens published an update for an advisory that was originally published in May of 2017 and most recently updated on February 14th, 2019. The new information includes:

• Merged WinAC RTX 2010 SP2 and WinAC RTX F 2010 SP2 to SIMATIC WinAC RTX (F) 2010; and
• Added mitigation information for SIMATIC WinAC RTX (F) 2010

NOTE: I expect NCCIC-ICS to update their advisory this week.

SIMATIC S7 Update

Siemens published an update for an advisory that was originally reported in November 2018 and most recently updated on August 13th, 2019. The new information includes:

• Added CVE-2019-1125, CVE-2019-15666 and CVE-2019-15903; and
• Removed CVE2018-19591 from the list of fixed vulnerabilities

NOTE: NCCIC-ICS has not addressed these Linux vulnerabilities.

Schneider Updates


Floating License Manager Update

Schneider published an update for an advisory that was originally published in May 2019 and most recently updated on September 10th, 2019. The new information is updated remediations for EcoStruxure Power
Monitoring Expert.

NOTE: NCCIC-ICS may update their advisory, but they did not update for the last Schneider update.

SoMachine Update

Schneider published an update for an advisory that was originally published on August 13th, 2019. The new information is adding SoMove FDT to the list of affected products.

NOTE: NCCIC-ICS did not address this vulnerability.

Embedded Web Server Update

Schneider published an update for an advisory that was originally published in November 2018 and most recently updated on June 11th, 2019. The new information includes mitigation information for the M340 controller.

 NOTE: NCCIC-ICS did not address these vulnerabilities.

Yokogawa Update


Yokogawa published an update for an advisory that was originally published on September 27th, 2019. The new information includes updated affected version data and mitigation measures for Exaquantum.

NOTE: NCCIC-ICS will probably update their advisory this week.

SMA Exploit


Borja Merino published an exploit for a cross-site forgery vulnerability in the SMA Sunny WebBox. An advisory for the vulnerability was published on October 8th, 2019.

No comments:

 
/* Use this with templates/template-twocol.html */