Today the CISA NCCIC-ICS published 13 control system
security advisories for products from Synergy Systems and Solutions, Digi
International and Siemens (11). They also updated five control system security
advisories for products from Siemens.
Synergy Systems Advisory
This advisory
describes two vulnerabilities in the SSS HUSKY RTU. The vulnerabilities were
reported by VAPT Team, C3i Center. SSS has a new version that mitigates the
vulnerabilities. There is no indication that the researchers have been provided
an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Improper authentication - CVE-2019-20046;
and
• Improper input validation - CVE-2019-20045
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit these vulnerabilities to allow an attacker to read
sensitive information, execute arbitrary code, or cause a denial-of-service
condition.
Digi Advisory
This advisory
describes two vulnerabilities in the Digi ConnectPort LTS 32 MEI. The vulnerabilities
were reported by Murat Aydemir and Fatih Kayran of Biznet Bilisim. Digi has a
new release that mitigates the vulnerabilities. There is no indication that the
researchers have been provided with an opportunity to verify the efficacy of
the fix.
The two reported vulnerabilities are:
• Unrestricted upload of file with
dangerous type - CVE-2020-6975; and
• Cross-site scripting - CVE-2020-6973
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to limit system availability.
SIPROTEC Advisory
This advisory
describes an improper input validation vulnerability in the Siemens SIPROTEC 4
and SIPROTEC Compact. The vulnerability was reported by Tal Keren from Claroty.
Siemens has provided generic workarounds to mitigate the vulnerability.
NCCIC-ICS reports that an uncharacterized attacker could
remotely exploit the vulnerability to conduct a denial-of-service attack over
the network.
SIMATIC S7-1500 Advisory
This advisory
describes a resource exhaustion vulnerability in the Siemens SIMATIC S7-1500
CPU family. The vulnerability is self-reported. Siemens has provided generic
workarounds to mitigate the vulnerability.
NCCIC-ICS reports that an uncharacterized attacker could
remotely exploit the vulnerability to conduct denial-of-service attacks.
SCALANCE S-600 Advisory
This advisory
describes three vulnerabilities in the Siemens SCALANCE S-600 Firewall. One of
the vulnerabilities was reported by Melih Berk Ekşioğlu. Siemens has provided generic
workarounds to mitigate the vulnerability.
The three reported vulnerabilities are:
• Cross-site scripting - CVE-2019-6585;
and
• Uncontrolled resource consumption
(2) - CVE-2019-13925 and CVE-2019-13926
NCCIC-ICS reports that an uncharacterized attacker could
remotely exploit the vulnerability to conduct denial-of-service or cross-site
scripting attacks. User interaction is required for a successful exploitation
of the cross-site-scripting attack.
OZW Web Server Advisory
This advisory
describes and information disclosure vulnerability in the Siemens OZW web
server. The vulnerability was reported by Maxim Rupp. Siemens has a new version
that mitigates the vulnerability. There is no indication that Maxim has been
provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to allow unauthenticated users to
access project files.
SIPORT Advisory
This advisory
describes an insufficient logging vulnerability in the Siemens SIPORT MP. The vulnerability
is self-reported. Siemens has a new version that mitigates the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to allow the attacker to create
special accounts with administrative privileges.
SCALANCE Advisory
This advisory
describes a protection mechanism failure vulnerability in the Siemens SCALANCE
X switches. The vulnerability is self-reported. Siemens has updates that
mitigate the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to allow an attacker to perform
administrative actions.
SIMATIC PCS 7 Advisory
This advisory
describes an incorrect calculation of buffer size vulnerability in the Siemens SIMATIC
PCS 7, SIMATIC WinCC, SIMATIC NET PC products. The vulnerability was reported
by Nicholas Miles from Tenable. Siemens has new versions that mitigate the
vulnerability. There is no indication that Miles has been provided an
opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to allow an attacker with network
access to cause a denial-of-service condition.
SIMATIC S7 Advisory
This advisory
describes a resource exhaustion vulnerability in the Siemens SIMATIC S7
devices. The vulnerability was reported by China Industrial Control Systems
Cyber Emergency Response Team. Siemens has a new version that mitigates the
vulnerability. There is no indication that the researchers were provided an opportunity
to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to allow remote attackers to perform
a denial-of-service attack by sending a specially crafted HTTP request to the
web server of an affected device.
PROFINET Advisory
This advisory
describes a resource exhaustion vulnerability in the Siemens PROFINET-IO Stack.
The vulnerability was reported
by Yuval Ardon and Matan Dobrushin of OTORIO. Siemens has updates that
mitigate the vulnerability. There is no indication that the researchers have
been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to lead to a denial-of-service
condition.
NOTE: OTORIO reports that this same vulnerability is found
in multiple vendor products including the Moxa
EDS Ethernet Switches.
SIMATIC CP Advisory
This advisory
describes two vulnerabilities in the Siemens SIMATIC CP 1543-1. The vulnerabilities
are self-reported. Siemens has a new version that mitigates the vulnerabilities.
The two reported vulnerabilities are:
• Improper access control - CVE-2019-12815;
and
• Loop with unreachable exit
condition - CVE-2019-18217
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit these vulnerabilities to allow for remote code execution
and information disclosure without authentication, or unauthenticated denial of
service.
Industrial Products Advisory
This advisory
describes two vulnerabilities in the Siemens SCALANCE, SIMATIC, SIPLUS products.
The vulnerabilities were reported by Artem Zinenko of Kaspersky Lab. Siemens
has new versions that mitigate the vulnerabilities. There is no indication that
Zinenko has been provided an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Data processing errors - CVE-2015-5621;
and
• Null pointer dereference - CVE-2018-18065
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit these vulnerabilities to allow remote attackers to
conduct a denial-of-service attack by sending specially crafted packets to Port
161/UDP (SNMP).
SIMOCODE Update
This update
provides additional information on an advisory that was originally published on
March 9th, 2019 and most
recently updated on January 14th, 2020. The new information includes
the addition of two affected products:
• SITOP PSU8600; and
• TIM 1531 IRC
Industrial Products w/OPC UA Update
This update provides
additional information on an advisory that was originally published on April
9th, 2019 and most
recently updated on January 14th, 2020. The new information includes
updated affected version data and mitigation links for SIMATIC NET PC Software.
PROFINET Update
This update
provides additional information on an advisory that was originally
published on October 10th, 2019 and most
recently updated on January 14th, 2020. The new information includes
updated affected version data and mitigation links for SINAMICS DCP.
Industrial Real Time Devices Update
This update
provides additional information on an advisory that was originally
published on October 10th, 2019 and most
recently updated on January 14th, 2020. The new information includes
updated affected version data and mitigation links for SINAMICS DCP.
SIMATIC Update
This update
provides additional information on an advisory that was originally
published on December 10th, 2019. The new information includes updated affected
version data and mitigation links for:
• TIM 1531 IRC;
• SIMATIC NET PC Software
Other Siemens Advisories and Updates
Siemens also published two additional advisories and 3
updates yesterday that have not yet been addressed by NCCIC-ICS.
Posts
No comments:
Post a Comment