This week we have eight vendor disclosures for products from
WAGO (7) and Beckhoff. We also have a researcher report of exploit code for previously
disclosed vulnerabilities for products from Phoenix Contact.
WAGO Advisories
VDE CERT published an advisory
describing two vulnerabilities in the WAGO e!Cockpit. The vulnerabilities were
reported by Nico Jansen of FH Aachen and Carl Hurd of Cisco Talos. WAGO
provides generic mitigation measures for these vulnerabilities.
The two reported vulnerabilities are:
Cleartext transmission of sensitive information - CVE-2019-5107;
and
Use of broken or risky cryptographic algorithm - CVE-2019-5106
NOTE: The CVE link above are to Talos vulnerability reports
that contains exploit code.
VDE CERT published an advisory
describing two vulnerabilities in the WAGO Web-Based Management Authentication.
The vulnerabilities were reported by Daniel Szameitat and Jan Hoff of innogy SE,
and Daniel Patrick DeSantis and Lilith [-_-] of Cisco Talos. WAGO has a new
firmware version that mitigates the vulnerabilities. There is no indication
that the researchers have been provided an opportunity to verify the efficacy
of the fix.
The two reported vulnerabilities are:
Regular expression without anchor - CVE-2019-5134;
and
Information exposure through timing discrepancy - CVE-2019-5135
NOTE: The CVE links above are to Talos vulnerability reports
that contains exploit code.
VDE CERT published an advisory
describing an insufficient resource pool vulnerability in the WAGO Web-Based
Management (wbm) of WAGO PLCs. The vulnerability was
reported (report contains exploit code) by Daniel Patrick DeSantis of Cisco Talos.
VDE CERT published an advisory describing
four vulnerabilities in the Wago Cloud Connectivity. The vulnerabilities were
reported by Kelly Leuschner of Cisco Talos. WAGO provides generic mitigation
measures for these vulnerabilities.
The four reported vulnerabilities are:
Improper access control - CVE-2019-5160;
Improper neutralization of special elements used in OS
command (3) - CVE-2019-5155,
CVE-2019-5157
and CVE-2019-5156;
NOTE: The CVE links above are to Talos vulnerability reports
that contains exploit code.
VDE CERT published an advisory
describing two vulnerabilities in the WAGO eCockpit Update Package. The
vulnerabilities were reported by Kelly Leuschner of Cisco Talos. WAGO provides
hashes for the wup files.
The two reported vulnerabilities are:
External control of file name path - CVE-2019-5159;
and
Improper input validation - CVE-2019-5158
NOTE: The CVE links above are to Talos vulnerability reports
that contains exploit code.
VDE CERT published an advisory
describing a reliance on file name or extension of external-supplied file vulnerability
in the WAGO Cloud Connectivity service. The vulnerability was
reported (report contains exploit code) by Kelly Leuschner of Cisco Talos.
WAGO provides generic mitigations for this vulnerability.
VDE CERT published an advisory describing
20 vulnerabilities in the WAGO I/O-Check Service. The vulnerabilities were
reported by Kelly Leuschner of Cisco Talos. WAGO provides generic mitigation
measures for these vulnerabilities.
The 20 reported vulnerabilities are:
Classic buffer overflow (10) - CVE-2019-5166, CVE-2019-5176,
CVE-2019-5177, CVE-2019-5178, CVE-2019-5179, CVE-2019-5180, CVE- 2019-5181, CVE-2019-5182,
CVE-2019-5185,
and CVE-2019-5186;
OS command injection (9) - CVE-2019-5167,
CVE-2019-5168, CVE-2019-5169, CVE-2019-5170, CVE-2019-5171, CVE- 2019-5172,
CVE-2019-5173, CVE-2019-5174, and CVE-2019-5175;
Double free - CVE-2019-5184
NOTE: The CVE links above are to Talos vulnerability reports
that contains exploit code.
Beckhoff Advisory
VDE CERT published an advisory
describing an uncontrolled resource vulnerability in the Beckhoff BK9000
couplers. The vulnerability was reported by Martin Menschner from Rhebo GmbH. According
to VDE CERT, Beckhoff is not changing this behavior.
Phoenix Contact Exploit
SEC Consult published a report containing
exploit code for the command injection vulnerability reported
earlier this month by Phoenix Contact. This was a coordinated disclosure.
Posts
No comments:
Post a Comment