Tuesday, November 26, 2019

2 Advisories Published – 11-26-19

Today the CISA NCCIC-ICS published two control system security advisories for products from ABB.

ABB Advisory #1


This advisory describes a path traversal vulnerability in the ABB Relion 670 series. The vulnerability was reported by Kirill Nesterov of Kaspersky Lab. ABB has new versions that mitigate the vulnerability. There is no indication that Nesterov has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to allow an attacker to read and delete files on the device.

ABB Advisory #2


This advisory describes an improper input validation vulnerability in the ABB  Relion 650 and 670 Series. The vulnerability was reported by Ilya Karpov, Evgeniy Druzhinin, and Victor Nikitin of ScadaX. ABB has new versions that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow an attacker to reboot the device, causing a denial of service.

NOTE: I briefly reported on both of these vulnerabilities and a third that was also reported by ABB on the same day back in October. The third advisory dealt with OpenSSL vulnerabilities.
Posted by at
Labels: , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */