Public ICS Disclosures – Week of 10-19-19

This week we have three vendor disclosures from ABB and two vendor updates from 3S and Yokogawa. There is also an exploit report for previously reported vulnerabilities in products from Moxa.

ABB Advisories

Relion® 670 series

ABB published an advisory describing a path traversal vulnerability in the MMS server included in their Relion 670 series protection and control IEDs. The vulnerability was reported by Kirill Nesterov of Kaspersky Lab. ABB has new versions that mitigate the vulnerability. There is no indication that Nesterov has been provided an opportunity to verify the efficacy of the fix.

Relion® 650 series and Relion® 670 series

ABB published an advisory describing a terminal reboot vulnerability in the SPA protocol over TCP/IP included in their Relion 650 and 670 series protection and control IEDs. The vulnerability was reported by Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin of Positive Technologies and Victor Nikitin of i-Grids. ABB has updates that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Relion® 650 series and Relion® 670 series

ABB published an advisory describing four known OpenSSL vulnerabilities (CVE-2017-3737, CVE-2018-0739, CVE-2018-0737, CVE-2018-0732) in their Relion 650 and 670 series protection and control IEDs. These vulnerabilities are self-reported. ABB has updates that mitigate the vulnerabilities.

3S Update

3S published an update an advisory that was originally published on September 12^th, 2019. The new information includes:

• Revised affected version numbers;

• Added CVE number for vulnerability; and

• Revised version number for mitigation

Yokogawa Update

Yokogawa published an update for an advisory that was originally published on September 27^th, 2019 and most recently updated on October 11^th, 2019. The new information includes a link to the patch for the Exaquantum product.

Moxa Exploit

RANDORISEC published exploit code for two vulnerabilities in the Moxa Moxa EDR-810 Series Secure Routers. One of these vulnerabilities was addressed in an NCCIC-ICS advisory published on October 1^st, 2019. The second vulnerability was reported in a Moxa advisory published on October 2^nd, 2019.