Public ICS Disclosure – Week of 2-7-20

This week we have eight vendor disclosures for products from Siemens (2), Schneider Electric, Phoenix Contact, HMS, ABB (2) and Moxa. We also have three advisory updates from Siemens and one from Schneider.

Siemens Advisories

Siemens published an advisory describing three vulnerabilities found in Intel chips used in Siemens products. The vulnerabilities were identified and reported (advisory links below) by Intel. Siemens has provided generic workarounds to mitigate the vulnerabilities.

The three reported vulnerabilities are:

• Insufficient memory protection (2) - CVE-2019-0151 and CVE-2019-0152; and

• Heap-based buffer overflow - CVE-2019-0169

Siemens published an advisory describing a resource allocation vulnerability in their Profinet-IO stack. The vulnerability was reported by Yuval Ardon and Matan Dobrushin from OTORIO. Siemens has updates that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Schneider Advisory

Schneider Published an advisory describing an uncontrolled search path element vulnerability in their ProSoft Configurator. The vulnerability was reported by Yongjun Liu from nsfocus. Schneider has a new version that mitigates the vulnerability. There is no indication that Yongiun has been provided an opportunity to verify the efficacy of the fix.

Phoenix Contact Advisory

Phoenix Contact has published an advisory [.PDF download link] describing a remote configuration vulnerability in their Emalytics Controllers. The vulnerability was reported by Anil Parmar. Phoenix Contact has a new firmware version that mitigates the vulnerability. There is no indication that Parmar has been provided an opportunity to verify the efficacy of the fix.

HMS Advisory

HMS has published an advisory describing a cross-site scripting vulnerability in their Flexy and Cosy products. The vulnerability was reported by Ander Martínez from Titanium Industrial Security. HMS has a new firmware version that mitigates the vulnerability. There is no indication that Martinez has been provided an opportunity to verify the efficacy of the fix.

ABB Advisories

ABB published an advisory describing a direct object reference vulnerability in their Asset Suite product. The vulnerability is self-reported. ABB has a new version that mitigates the vulnerability.

ABB published an advisory describing 14 vulnerabilities in their eSOMS product. The vulnerabilities are self-reported. ABB has a new version that mitigates the vulnerabilities.

Moxa Advisory

Moxa published an advisory describing 8 vulnerabilities in their OnCell cellular gateway. The vulnerabilities were reported by Alexander Zaytsev from Kaspersky Lab. Moxa has new firmware versions that mitigate the vulnerabilities. There is no indication that Zaytsey has been provided an opportunity to verify the efficacy of the fix.

Siemens Updates

Siemens published an update to their  Linux TCP SACK PANIC advisory for Industrial Products that was originally published on September 10^th, 2019 and most recently updated on November 14^th, 2019. The new information includes revised version data and mitigation links for:

• TIM 1531 IRC;

• SIMATIC CP 1242-7, CP 1243-7 LTE (EU andUS versions), CP 1243-1, CP 1243-8 IRC, CP 1543-1, CP 1542SP-1, CP 1542SP1 IRC, CP 1543SP-1; and

• SCALANCE W1700.

NOTE: NCCIC-ICS updated their advisory on February 11^th, but did not list it on their web site.

Siemens published an update for their ZombieLoad advisory that was originally published on July 9^th, 2019 and most recently updated on December 10^th, 2019. The new information includes updated version data and mitigation links for:

• SIMATIC IPC547E;

• SIMATIC IPC347E; and

• SIMATIC IPC3000 SMART V2

Siemens published an update for their GNU/Linux subsystem vulnerabilities advisory that was originally published on November 27^th, 2018 and most recently updated on January 14^th, 2020. The new information includes adding the following new vulnerabilities;

• CVE-2019-5188;

• CVE-2019-11190;

• CVE-2019-19956;

• CVE-2019-20054,

• CVE-2019-20079;

• CVE-2019-20388; and

• CVE-2020-7595

Schneider Update

Schneider published an update for their U.motion Builder advisory that was originally published on April 5^th, 2018. The new information includes an updated remediation section.