Saturday, October 19, 2019

Public ICS Disclosures – Week of 10-12-19

This week we have four vendor disclosures for products from Phoenix Contact, ABB, Gemalto and Eaton. We also have an updated disclosure from Schneider and a report of a cyberattack from Pilz.

Phoenix Contact Advisory

Phoenix Contact published an advisory [.PDF download link] for an out-of-bounds read vulnerability in their Automationworx Suite. The vulnerability was reported by the 9sg Security Team via the Zero Day Initiative. Phoenix Contact has provided generic workarounds pending publication of a new version.

NOTE: The vulnerability was reportedly coordinate through NCCIC-ICS so an advisory from them should be forthcoming.

ABB Advisory

ABB published an advisory describing an improper authentication vulnerability in their UnoDM. The vulnerability was reported by Maxim Rupp. ABB has updates that mitigate the vulnerability. There is no indication that Maxim has been provided an opportunity to verify the efficacy of the fix.

Gemalto Advisory

Gemalto announced that they have published an advisory (customer registration required for access) for a vulnerability in their Sentinel LDK License Manager when installed as a service.

NOTE: I suspect that owners of systems from other vendors that use the LDK License Manager will have to wait for notification from those vendors before they will be able to learn about this vulnerability and fixes available for it.

Eaton Advisory

Eaton published an advisory describing an undisclosed vulnerability in their CGLine+ when connected to CGVision. The vulnerability is self-reported. Eaton has a new version that mitigates the vulnerability.

Schneider Update

Schneider published an update of their URGENT/11 advisory. The new information includes updated version information and mitigation links for:

SCADAPack 57x RTUs; and

Pilz Cyberattack

Pilz is currently reporting that: “Since Sunday, October 13, 2019, all server and PC workstations including the communication network of the automation company have been affected worldwide. The website is currently only partially functional.”

They also note that: “Data sent to us by partners and customers have not been lost or misappropriated by third parties. At the current time, however, we cannot completely exclude this.”

NOTE: Both quotes are Google Translations from German.

No comments:

/* Use this with templates/template-twocol.html */