Today the CISA NCCIC-ICS published five control system
security advisories for products from KUKA, Fuji Electric, HMS Networks, GE
Digital and Advantech. They also updated an advisory for products from Synergy.
KUKA Advisory
This advisory
describes an improper enforcement of message integrity in a communications
channel vulnerability in the KUKA Sim Pro. The vulnerability was reported by Federico
Maggi of Trend Micro. KUKA has an upgrade that mitigates the vulnerability.
There is no indication that Maggi has been provided an opportunity to verify
the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to result in a loss of integrity in
external 3D models fetched from remote servers. When tested on real machines,
this effect is unpredictable.
Fuji Advisory
This advisory
describes a heap-based buffer overflow vulnerability in the Fuji V-Server Lite.
The vulnerability was reported by kimiya via the Zero Day Initiative. Fuji has
a new version that mitigates the vulnerability. There is no indication that
kimiya has been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reported that a relatively low-skilled attacker
could remotely exploit the vulnerability to allow a remote attacker to gain
elevated privileges for remote code execution.
HMS Advisory
This advisory
describes a cross-site scripting vulnerability in the HMS eWON Flexy and Cosy.
The vulnerability was reported by Ander MartÃnez of Titanium Industrial
Security. HMS has a firmware update that mitigates the vulnerability. There is
no indication that Martinez has been provided an opportunity to verify the
efficacy of the fix.
NCCIC-ICS reports that an uncharacterized attacker could
remotely exploit this vulnerability to initiate a password change.
NOTE: I briefly
discussed this vulnerability back in February.
GE Advisory
This advisory
describes an improper privilege management vulnerability in the GE Digital
CIMPLICITY HMI/SCADA product. The vulnerability was reported by Sharon Brizinov
of Claroty. GE has a new version that mitigates the vulnerability. There is no
indication that Brizinov has been provided an opportunity to verify the
efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit the vulnerability to allow an
adversary to modify the systemwide CIMPLICITY configuration, leading to the
arbitrary execution of code.
NOTE: I briefly
discussed this vulnerability last weekend.
Advantech Advisory
This advisory
describes eight vulnerabilities in the Advantech WebAccess/NMS network
management system. The vulnerability was reported by rgod of 9sg via ZDI.
Advantech has a new version that mitigates the vulnerability. There is no
indication that rgod was provided an opportunity to verify the efficacy of the
fix.
The eight reported vulnerabilities are:
• Unrestricted upload of file with
dangerous type - CVE-2020-10621;
• SQL injection (2) - CVE-2020-10617
and CVE-2020-10623;
• Relative path traversal (2) - CVE-2020-10619
and CVE-2020-10631;
• Missing authentication for
critical function - CVE-2020-10625;
• Improper restriction of XML external
entity reference -CVE-2020-10629; and
• OS command injection - CVE-2020-10603
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit these vulnerabilities to allow an attacker to gain
remote code execution, upload files, delete files, cause a denial-of-service
condition, and create an admin account for the application.
Synergy Update
This update
provides new information on an advisory that was originally
published on February 11th, 2020. The new information includes:
• Four new vulnerabilities:
◦ Missing authentication for critical function - CVE-2019-16879;
◦ Improper check for unusual or exceptional conditions
- CVE-2020-7800;
◦ Exposure of sensitive information to an
unauthorized actor - CVE-2020-7801; and
◦ Incorrect default permissions - CVE-2020-7802
Posts
No comments:
Post a Comment