Saturday, October 26, 2019

Public ICS Disclosures – Week of 10-19-19


This week we have three vendor disclosures from ABB and two vendor updates from 3S and Yokogawa. There is also an exploit report for previously reported vulnerabilities in products from Moxa.

ABB Advisories


Relion® 670 series

ABB published an advisory describing a path traversal vulnerability in the MMS server included in their Relion 670 series protection and control IEDs. The vulnerability was reported by Kirill Nesterov of Kaspersky Lab. ABB has new versions that mitigate the vulnerability. There is no indication that Nesterov has been provided an opportunity to verify the efficacy of the fix.

Relion® 650 series and Relion® 670 series
ABB published an advisory describing a terminal reboot vulnerability in the SPA protocol over TCP/IP included in their Relion 650 and 670 series protection and control IEDs. The vulnerability was reported by Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin of Positive Technologies and Victor Nikitin of i-Grids. ABB has updates that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Relion® 650 series and Relion® 670 series

ABB published an advisory describing four known OpenSSL vulnerabilities (CVE-2017-3737, CVE-2018-0739, CVE-2018-0737, CVE-2018-0732) in their Relion 650 and 670 series protection and control IEDs. These vulnerabilities are self-reported. ABB has updates that mitigate the vulnerabilities.

3S Update


3S published an update an advisory that was originally published on September 12th, 2019. The new information includes:

Revised affected version numbers;
Added CVE number for vulnerability; and
Revised version number for mitigation

Yokogawa Update


Yokogawa published an update for an advisory that was originally published on September 27th, 2019 and most recently updated on October 11th, 2019. The new information includes a link to the patch for the Exaquantum product.

Moxa Exploit


RANDORISEC published exploit code for two vulnerabilities in the Moxa Moxa EDR-810 Series Secure Routers. One of these vulnerabilities was addressed in an NCCIC-ICS advisory published on October 1st, 2019. The second vulnerability was reported in a Moxa advisory published on October 2nd, 2019.

Posted by at
Labels: , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */