This week we have URGENT/11 updates from three ICS vendors;
seven new vendor disclosures from Siemens, Schneider (4), Beckhoff (2) and Drager;
six updates of previously issued advisories from Siemens (2), Schneider (3) and
Yokogawa, and one exploit of a previously reported vulnerability for products
from SMA Solar Technology.
URGENT/11 Updates
Siemens Advisory
Siemens published an
advisory describing twelve vulnerabilities in the Siemens SIMATIC WinAC
RTX (F) 2010. These vulnerabilities are known as Spectre,
Meltdown, Spectre-NG, Foreshadow, L1 Terminal Fault (L1TF), ZombieLoad, and
Microarchitectural Data Sampling (MDS). These vulnerabilities were reported by
various researchers. Siemens has an update that mitigates the vulnerabilities.
Schneider Advisories
Modicon Controllers Advisory #1
Schneider published an
advisory describing a file and directory information disclosure vulnerability
in the Schneider Modicon brand of programmable logic controllers. The
vulnerability was reported
by Jared Rittle (Cisco Talos); the report includes proof-of-concept (POC) code.
Schneider provides generic workarounds to mitigate the vulnerability.
Modicon Controllers Advisory #2
Schneider published an
advisory describing six vulnerabilities in the Schneider Modicon brand of
programmable logic controllers. The vulnerabilities were reported by Jared
Rittle and Patrick DeSantis (Cisco Talos) (the CVE links below are to the
individual reports which contain POC code). Schneider provides generic
workarounds to mitigate the vulnerability.
The six reported vulnerabilities are:
• Uncaught exception (5) - CVE-2019-6841,
CVE-2019-6842,
CVE-2019-6843,
CVE-2019-6844
and CVE-2019-6847;
and
Modicon Controllers Advisory #3
Schneider published an
advisory describing a clear-text transmission of sensitive information
vulnerability in the Schneider Modicon brand of programmable logic controllers.
The vulnerability was reported by Jared Rittle (Cisco Talos). Schneider provides
generic workarounds to mitigate the vulnerability.
Modicon Controllers Advisory #4
Schneider published an
advisory describing three vulnerabilities in the Schneider Modicon brand of
programmable logic controllers. The vulnerabilities were reported by Jared
Rittle (Cisco Talos) (the CVE links below are to the individual reports which
contain POC code). Schneider provides generic workarounds to mitigate the
vulnerability.
The three reported vulnerabilities are:
Beckhoff Advisories
TwinCat Advisory
VDE-CERT published an advisory describing
a divide by zero vulnerability in the Beckhoff TwinCAT real-time controller.
The vulnerability was reported
by Andreas Galauner from Rapid7. The Beckhoff
advisory on this vulnerability reports that they are working on an update
to mitigate the vulnerability.
CE Remote Display Advisory
Beckhoff published an
advisory describing an incorrect login response vulnerability in the
Beckhoff CE Remote Display. The vulnerability was reported by Chen Jie from
NSFOCUS and Tijl Deneut from University Howest. Beckhoff has updates that
mitigate the vulnerability. There is no indication that the researchers have
been provided an opportunity to verify the efficacy of the fix.
Drager Advisory
Drager has published an
advisory describing three vulnerabilities in the Drager Infinity® M300
patient monitor. Drager is self-reporting the vulnerabilities. Drager will be
releasing a new version to mitigate the vulnerabilities in March 2020.
The three reported vulnerabilities are:
• Network DDOS attack;
• Repeated DDOS attacks; and
• Information exposure
Siemens Updates
Industrial Products Update
Siemens published an update
for an advisory that was originally
published in May of 2017 and most recently
updated on February 14th, 2019. The new information includes:
• Merged WinAC RTX 2010 SP2 and
WinAC RTX F 2010 SP2 to SIMATIC WinAC RTX (F) 2010; and
• Added mitigation information for
SIMATIC WinAC RTX (F) 2010
NOTE: I expect NCCIC-ICS to update their advisory
this week.
SIMATIC S7 Update
Siemens published an update
for an advisory that was originally
reported in November 2018 and most
recently updated on August 13th, 2019. The new information
includes:
• Added CVE-2019-1125,
CVE-2019-15666 and CVE-2019-15903; and
• Removed CVE2018-19591 from the
list of fixed vulnerabilities
NOTE: NCCIC-ICS has not addressed these Linux
vulnerabilities.
Schneider Updates
Floating License Manager Update
Schneider published an
update for an advisory that was originally
published in May 2019 and most recently updated on September 10th,
2019. The new information is updated remediations for EcoStruxure Power
Monitoring Expert.
NOTE: NCCIC-ICS may update their advisory, but
they did not update for the last Schneider update.
SoMachine Update
Schneider published an
update for an advisory that was originally
published on August 13th, 2019. The new information is adding SoMove
FDT to the list of affected products.
NOTE: NCCIC-ICS did not address this vulnerability.
Embedded Web Server Update
Schneider published an
update for an advisory that was originally
published in November 2018 and most
recently updated on June 11th, 2019. The new information
includes mitigation information for the M340 controller.
NOTE: NCCIC-ICS did not
address these vulnerabilities.
Yokogawa Update
Yokogawa published an update for an advisory that was originally
published on September 27th, 2019. The new information includes
updated affected version data and mitigation measures for Exaquantum.
NOTE: NCCIC-ICS will probably update their advisory this
week.
SMA Exploit
Borja Merino published an exploit for a
cross-site forgery vulnerability in the SMA Sunny WebBox. An advisory for the vulnerability
was
published on October 8th, 2019.
Posts
No comments:
Post a Comment