Saturday, February 22, 2020

Public ICS Disclosure – Week of 2-15-20

This week we have four vendor disclosures for products from Phoenix Contact, Philips, BD and Belden. We also have one researcher report on products from Siemens.

Phoenix Contact Advisory

Phoenix Contact published an advisory [.PDF download link] describing an unauthenticated web server access vulnerability in their Emalytics Controllers ILC 2050 BI. The vulnerability was reported by Anil Parmar. Phoenix Contact has a new version that mitigates the vulnerability. There is no indication that Parmar has been provided an opportunity to verify the efficacy of the fix.

Philips Advisory

Philips published an advisory on the SweynTooth Bluetooth vulnerabilities. Philips is looking to see if any of their products are affected.

NOTE: The 12 disclosed vulnerabilities affect the Bluetooth Low Energy chipsets sold by major SoC vendors, such as Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip,
STMicroelectronics and Telink Semiconductor.

BD Advisory

BD published an advisory describing Windows® 32K graphics vulnerabilities (CVE-2019-1458 and CVE-2019-1468) in their products using Windows operating systems. BD is currently working to test and validate the Microsoft patch for BD products. Microsoft included fixes for these vulnerabilities in their December 10th, 2019 updates.

Belden Advisory

Belden published an advisory describing a buffer overflow vulnerability in their Hirschmann HiOS and HiSecOS devices. The vulnerability was reported by Sebastian Krause and Toralf Gimpel of GAI NetConsult. Belden has updates available that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Siemens Report

Tenable published a report describing a denial of service vulnerability in the Siemens TIA Portal. Siemens published their advisory on this vulnerability earlier this month. The Tenable report includes proof of concept code.

No comments:

/* Use this with templates/template-twocol.html */