Today the DHS NCCIC-ICS published seven control system
security advisories for products from Siemens and six updates for products from
Siemens (5) and Interpeak.
EN100 Ethernet Module Advisory
This advisory
describes three vulnerabilities in the Siemens EN100 Ethernet Module. The vulnerabilities
are self-reported. Siemens has a new version that mitigates the vulnerability.
The three reported vulnerabilities are:
• Improper restriction of
operations within the bounds of a memory buffer - CVE-2019-13942;
• Cross-site scripting - CVE-2019-13943;
and
• Relative path traversal CVE-2019-13944
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerabilities to allow an attacker to execute
remote code, cause a denial-of-service condition, and obtain sensitive
information about the device.
SIMATIC S7-1200 Advisory
This advisory
describes two vulnerabilities in the Siemens SIMATIC S7-1200 and S7-1500 CPU
families. The vulnerabilities were reported by Eli Biham, Sara Bitan, Aviad
Carmel, and Alon Dankner from Faculty of Computer Science, Technion Haifa;
Uriel Malin and Avishai Wool from School of Electrical Engineering, Tel-Aviv
University; and Artem Zinenko from Kaspersky. Siemens has updates that mitigate
the vulnerabilities. There is no indication that any of the researchers have
been provided an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Use of a broken or risky
cryptographic algorithm - CVE-2019-10929; and
• Missing support for integrity
check - CVE-2019-10943
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit these vulnerabilities to allow an attacker to modify
network traffic or impact the perceived integrity of the user program stored on
the CPU.
NOTE: Siemens originally
published their advisory for these vulnerabilities back in August, but
NCCIC-ICS never reported on it. Siemens published an update
for their advisory today.
XHQ Operations Intelligence Advisory
This advisory
describes three vulnerabilities in the Siemens XHQ Operations Intelligence. The
vulnerabilities are self-reported. Siemens has a new version that mitigates the
vulnerabilities.
The three reported vulnerabilities are:
• Cross-site request forgery - CVE-2019-13930;
• Improper neutralization of script-related
HTML tags in a web page - CVE-2019-13931; and
• Improper input validation - CVE-2019-13932
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerabilities to allow an attacker to read or
modify contents of the web application.
SIMATIC Products Advisory
This advisory
describes a use of broken or risky cryptographic algorithm vulnerability in the
Siemens SIMATIC products. The vulnerability was reported by Eli Biham, Sara
Bitan, Aviad Carmel, and Alon Dankner from Faculty of Computer Science,
Technion Haifa; and Uriel Malin and Avishai Wool from the School of Electrical
Engineering, Tel-Aviv University, reported this vulnerability to Siemens.
Siemens has updates for three of the affected products. There is no indication
that any of the researchers have been provided an opportunity to verify the
efficacy of the fix.
An uncharacterized attacker could remotely exploit this vulnerability
to allow an attacker already in a man-in-the-middle position to modify network
traffic exchanged on Port 102/TCP. The Siemens
advisory notes that the attack must conduct a man-in-the-middle attack to
exploit the vulnerability.
RUGGEDCOM ROS Advisory
This advisory
describes two vulnerabilities in the Siemens RUGGEDCOM ROS. The vulnerabilities
are self-reported. Siemens has provided generic workarounds to mitigate the
vulnerabilities.
The two reported vulnerabilities are:
• Improper restriction of
operations within the bounds of a memory buffer - CVE-2018-18440; and
• Resource management errors - CVE-2019-13103
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit these vulnerabilities to allow a
denial-of-service condition or arbitrary code execution. The Siemens
advisory reports that an attacker must have local access to exploit these
vulnerabilities.
SiNVR Advisory
This advisory
describes seven vulnerabilities in the Siemens SiNVR 3 video management solution.
The vulnerabilities were reported by Raphaël Rigo from Airbus Security Lab.
Siemens has provided generic workarounds for the vulnerabilities.
The seven reported vulnerabilities are:
• Cleartext storage of sensitive
information in GUI - CVE-2019-13947;
• Improper authentication (2) - CVE-2019-18337
and CVE-2019-18341;
• Relative path traversal - CVE-2019-18338;
• Missing authentication for
critical function - CVE-2019-18339;
• Weak cryptography for passwords -
CVE-2019-18340; and
• Exposed
dangerous method or function - CVE-2019-18342
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit these vulnerabilities to allow an attacker to read (and
reset) passwords of other SiNVR 3 CCS (Central Control Server) users, read the
CCS and SiNVR users database including the passwords of all users in obfuscated
cleartext, list arbitrary directories or read files outside of the CCS application
context, extract device configuration files and passwords from the user
database, read data from the EDIR directory, read or delete arbitrary files, or
access other resources on the same CCS server.
SCALANCE Advisory
This advisory
describes an improper enforcement of message integrity during transmission in a
communication channel vulnerability in the Siemens SCALANCE W700 and W1700
wireless communication devices. The vulnerabilities are self-reported.
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit the vulnerability to allow an
attacker to access confidential data. The Siemens
advisory notes that the attacker must be within wireless range of the
device to exploit the vulnerability.
SCALANCE Update
This update
provides additional information on an advisory that was originally
published on May 24th, 2013. The new information includes:
• Added Scalance X-200 switch family;
• Updated CVSS Scores from CVSSv2
to CVSSv3.1; and
• SIPLUS devices now explicitly
mentioned in the list of affected products
SIMATIC CP 343-1 Update
This update
provides additional information on an advisory that was originally
published on November 11th, 2016 and most recently
updated on March 21st, 2017. The new information includes SIPLUS
devices now explicitly mentioned in the list of affected products.
NOTE: Siemens most recently updated their advisory last
month and those corrections about the S7-400 CPUs are not included in the
NCCIC-ICS update. Unfortunately none of the versions (except the latest) of the
Siemens advisory are listed on the Siemens CERT page and I did not see last
month’s update.
SIPROTEC 5 Update
This update
provides additional information on an advisory that was originally
published on July 9th, 2019 and most recently
updated on August 13th, 2019. The new information includes an
update for SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet
communication modules.
SINAMICS Update
This update
provides additional information on an advisory that was originally
published on August 15th, 2019 and most
recently updated on November 11th, 2019. The new information includes
updated version information and mitigation links for:
• SINAMICS SM120 V4.7; and
• SINAMICS SM120 V4.8
Industrial Products Update
This update
provides additional information on an advisory that was originally
published on September 10th, 2019 and most
recently updated on November 14th, 2019. The new information
includes:
• Added solution for SCALANCE W700;
and
• SIPLUS devices now explicitly
mentioned in the list of affected products
Interpeak (ICS) Update
This update
provides additional information on an advisory that was originally
published on October 1st, 2019 and most
recently updated on October 10th, 2019. The new information is
the addition for links to vendor advisories for:
NOTE: Both advisory links are to updates published today of
Siemens advisories that were published earlier; August
2nd, 2019 and September
10th, 2019 respectively.
Additional Siemens Advisories
Siemens published
one additional new advisory and two updates today that did not show up on the
NCCIC-ICS page. We will probably see the other new advisory covered on
Thursday.
Posts
No comments:
Post a Comment