This week we have vendor disclosures from Siemens, Schneider
(4) and Red Lion as well as advisory updates from Siemens (2) and Schneider. We
also have security researcher reports for products from Advantech (2) and
Schneider. And finally, we have an exploit published for products from Omron.
Siemens Advisory
Siemens published an
advisory describing 53 vulnerabilities in their SPPA-T3000 servers.
Vulnerabilities were reported by Gleb Gritsai, Eugenie Potseluevskaya, Sergey
Andreev, and Radu Motspan from Kaspersky Lab; Vyacheslav Moskvin and Ivan B
from Positive Technologies; and Can Demirel from Biznet Bilisim. Siemens has a
new service pack for one of the affected servers that addresses a very limited
number (3) of the applicable vulnerabilities. There is no indication that any
of the researchers have been provided an opportunity to verify the efficacy of
the fix.
NOTE 1: This is the advisory discussed in the TWITTER® thread I
mentioned earlier this week.
NOTE: The first vulnerability reported in the advisory (CVE-2018-4832)
was previously
reported in other Siemens products. Siemens has not yet provided updates
for all of those affected products and this is not one of the vulnerabilities
remediated in this advisory.
Siemens Updates
Siemens published an update
for an advisory that was originally
published on November 12th, 2019. The new information includes:
• Added SIMATIC S7-200 SMART to the
list of affected devices; and
• SIPLUS devices now explicitly
mentioned in the list of affected products
NOTE: NCCIC-ICS did publish an update for
their advisory on this vulnerability on Tuesday, but somehow I overlooked it in
my blog
post.
Siemens published an update
for an advisory that was originally
published on July 9th, 2019. The new information includes:
• Updates for SIMATIC IPC2X7E,
SIMATIC IPC327E, SIMATIC IPC377E; and
• SIPLUS devices now explicitly
mentioned in the list of affected products
Schneider Advisories
Schneider published an
advisory describing three improper check for unusual or exception condition
vulnerabilities in their Modicon Controllers. The vulnerabilities were reported
by Younes Dragoni (Nozomi Networks), Chansim Deng, Mengmeng Young and Gideon
Guo. Schneider has new firmware versions that mitigate the vulnerabilities.
There is no indication that the researchers have been provided an opportunity
to verify the efficacy of the fix.
Schneider published an
advisory describing an improper authorization vulnerability in their EcoStruxure™
Control Expert. The vulnerability was reported by Rongkuan Ma, Xin Che and Peng
Cheng (Zhejiang University). Schneider has a new version that mitigates the vulnerability.
There is no indication that the researchers have been provided an opportunity
to verify the efficacy of the fix.
Schneider published an
advisory describing a stack-based buffer overflow vulnerability in their Power
SCADA Operation product. The vulnerability is self-reported. Schneider has a
new version that mitigates the vulnerability.
Schneider published an
advisory describing a permissions, privileges and access control
vulnerability in their EcoStruxure Geo SCADA Expert (ClearSCADA). The vulnerability
was reported by William Knowles (Lancaster University). Schneider has a new
version that mitigates the vulnerability. There is no indication that Knowles
has been provided an opportunity to verify the efficacy of the fix.
NOTE: Earlier this week there had been a fifth advisory
listed on the Schneider security
notifications site for their Saitel DP (866e) and Saitel DR (HUe) products,
but that advisory has since been removed from the list.
Red Lion Advisory
Red Lion published an
advisory describing the URGENT/11
vulnerabilities in their NT24k Switch Series. The vulnerability is self-reported.
Red Lion has a firmware upgrade the implements the Wind River patch.
Advantech Researher Reports
Mat Powell from the Zero Day Initiative published a report
of a zero-day stack-based buffer overflow vulnerability in the Advantech Web
Access product. The vulnerability has been coordinated through NCCIC-ICS.
Advantech apparently reported that the vulnerability is in a third-party
component but has not shared with NCCIC-ICS whom that third-party is. I do not
know why NCCIC-ICS has not yet released an advisory on this vulnerability.
Tenable published a report [corrected bad link - 22:10 EDT 3-26-20] describing a stack-based buffer overflow vulnerability in the Advantech
Web Access product. Advantech has a new version that Tenable has confirmed
mitigates the vulnerability. The Tenable report includes exploit code.
NOTE: The two reports both describe stack-based buffer
overflows, but in different components of the product (BwOpcBs.exe in the ZDI
report; BwPAlarm.dll in the Tenable report)
Schneider Researcher Report
Applied Risk published a report describing an
insecure file permissions vulnerability in the Schneider ClearScada product.
This is probably the same vulnerability as described in the Schneider ExoStruxure
advisory above as William Knowles is associated with both reports.
Omron Exploit
NOBODY published an exploit for an
unrestricted externally accessible lock vulnerability in the Omron CJ2M PLC.
This appears to be the same vulnerability that was
reported this week.
Posts
No comments:
Post a Comment