Wednesday, February 12, 2020

13 Advisories and 5 Updates Published – 2-11-20

Today the CISA NCCIC-ICS published 13 control system security advisories for products from Synergy Systems and Solutions, Digi International and Siemens (11). They also updated five control system security advisories for products from Siemens.

Synergy Systems Advisory


This advisory describes two vulnerabilities in the SSS HUSKY RTU. The vulnerabilities were reported by VAPT Team, C3i Center. SSS has a new version that mitigates the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The two reported vulnerabilities are:

• Improper authentication - CVE-2019-20046; and
• Improper input validation - CVE-2019-20045

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to allow an attacker to read sensitive information, execute arbitrary code, or cause a denial-of-service condition.

Digi Advisory


This advisory describes two vulnerabilities in the Digi ConnectPort LTS 32 MEI. The vulnerabilities were reported by Murat Aydemir and Fatih Kayran of Biznet Bilisim. Digi has a new release that mitigates the vulnerabilities. There is no indication that the researchers have been provided with an opportunity to verify the efficacy of the fix.

The two reported vulnerabilities are:

• Unrestricted upload of file with dangerous type - CVE-2020-6975; and
• Cross-site scripting - CVE-2020-6973

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to limit system availability.

SIPROTEC Advisory


This advisory describes an improper input validation vulnerability in the Siemens SIPROTEC 4 and SIPROTEC Compact. The vulnerability was reported by Tal Keren from Claroty. Siemens has provided generic workarounds to mitigate the vulnerability.

NCCIC-ICS reports that an uncharacterized attacker could remotely exploit the vulnerability to conduct a denial-of-service attack over the network.

SIMATIC S7-1500 Advisory


This advisory describes a resource exhaustion vulnerability in the Siemens SIMATIC S7-1500 CPU family. The vulnerability is self-reported. Siemens has provided generic workarounds to mitigate the vulnerability.

NCCIC-ICS reports that an uncharacterized attacker could remotely exploit the vulnerability to conduct denial-of-service attacks.

SCALANCE S-600 Advisory


This advisory describes three vulnerabilities in the Siemens SCALANCE S-600 Firewall. One of the vulnerabilities was reported by Melih Berk Ekşioğlu. Siemens has provided generic workarounds to mitigate the vulnerability.

The three reported vulnerabilities are:

• Cross-site scripting - CVE-2019-6585; and
• Uncontrolled resource consumption (2) - CVE-2019-13925 and CVE-2019-13926

NCCIC-ICS reports that an uncharacterized attacker could remotely exploit the vulnerability to conduct denial-of-service or cross-site scripting attacks. User interaction is required for a successful exploitation of the cross-site-scripting attack.

OZW Web Server Advisory


This advisory describes and information disclosure vulnerability in the Siemens OZW web server. The vulnerability was reported by Maxim Rupp. Siemens has a new version that mitigates the vulnerability. There is no indication that Maxim has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to allow unauthenticated users to access project files.

SIPORT Advisory


This advisory describes an insufficient logging vulnerability in the Siemens SIPORT MP. The vulnerability is self-reported. Siemens has a new version that mitigates the vulnerability.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow the attacker to create special accounts with administrative privileges.

SCALANCE Advisory


This advisory describes a protection mechanism failure vulnerability in the Siemens SCALANCE X switches. The vulnerability is self-reported. Siemens has updates that mitigate the vulnerability.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to allow an attacker to perform administrative actions.

SIMATIC PCS 7 Advisory


This advisory describes an incorrect calculation of buffer size vulnerability in the Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC NET PC products. The vulnerability was reported by Nicholas Miles from Tenable. Siemens has new versions that mitigate the vulnerability. There is no indication that Miles has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow an attacker with network access to cause a denial-of-service condition.

SIMATIC S7 Advisory


This advisory describes a resource exhaustion vulnerability in the Siemens SIMATIC S7 devices. The vulnerability was reported by China Industrial Control Systems Cyber Emergency Response Team. Siemens has a new version that mitigates the vulnerability. There is no indication that the researchers were provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to allow remote attackers to perform a denial-of-service attack by sending a specially crafted HTTP request to the web server of an affected device.

PROFINET Advisory


This advisory describes a resource exhaustion vulnerability in the Siemens PROFINET-IO Stack. The vulnerability was reported by Yuval Ardon and Matan Dobrushin of OTORIO. Siemens has updates that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to lead to a denial-of-service condition.

NOTE: OTORIO reports that this same vulnerability is found in multiple vendor products including the Moxa EDS Ethernet Switches.

SIMATIC CP Advisory


This advisory describes two vulnerabilities in the Siemens SIMATIC CP 1543-1. The vulnerabilities are self-reported. Siemens has a new version that mitigates the vulnerabilities.

The two reported vulnerabilities are:

• Improper access control - CVE-2019-12815; and
• Loop with unreachable exit condition - CVE-2019-18217

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to allow for remote code execution and information disclosure without authentication, or unauthenticated denial of service.

Industrial Products Advisory


This advisory describes two vulnerabilities in the Siemens SCALANCE, SIMATIC, SIPLUS products. The vulnerabilities were reported by Artem Zinenko of Kaspersky Lab. Siemens has new versions that mitigate the vulnerabilities. There is no indication that Zinenko has been provided an opportunity to verify the efficacy of the fix.

The two reported vulnerabilities are:

• Data processing errors - CVE-2015-5621; and
• Null pointer dereference - CVE-2018-18065

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to allow remote attackers to conduct a denial-of-service attack by sending specially crafted packets to Port 161/UDP (SNMP).

SIMOCODE Update


This update provides additional information on an advisory that was originally published on March 9th, 2019 and most recently updated on January 14th, 2020. The new information includes the addition of two affected products:

• SITOP PSU8600; and
• TIM 1531 IRC

Industrial Products w/OPC UA Update


This update provides additional information on an advisory that was originally published on April 9th, 2019 and most recently updated on January 14th, 2020. The new information includes updated affected version data and mitigation links for SIMATIC NET PC Software.

PROFINET Update


This update provides additional information on an advisory that was originally published on October 10th, 2019 and most recently updated on January 14th, 2020. The new information includes updated affected version data and mitigation links for SINAMICS DCP.

Industrial Real Time Devices Update


This update provides additional information on an advisory that was originally published on October 10th, 2019 and most recently updated on January 14th, 2020. The new information includes updated affected version data and mitigation links for SINAMICS DCP.

SIMATIC Update


This update provides additional information on an advisory that was originally published on December 10th, 2019. The new information includes updated affected version data and mitigation links for:

• TIM 1531 IRC;
• SIMATIC NET PC Software

Other Siemens Advisories and Updates


Siemens also published two additional advisories and 3 updates yesterday that have not yet been addressed by NCCIC-ICS.

Additionally, on Monday Siemens published updates of 58 previously published advisories. All of these updates were adding references to the SIPLUS device variants as affected products. Siemens has been adding references to this as they have been updating advisories for the last couple of months, so it looks like they are just doing the final house cleaning on the issue. I do not expect NCCIC-ICS to update all of their applicable advisories.

No comments:

 
/* Use this with templates/template-twocol.html */