Tuesday, April 7, 2020

5 Advisories and 1 Update Published


Today the CISA NCCIC-ICS published five control system security advisories for products from KUKA, Fuji Electric, HMS Networks, GE Digital and Advantech. They also updated an advisory for products from Synergy.

KUKA Advisory


This advisory describes an improper enforcement of message integrity in a communications channel vulnerability in the KUKA Sim Pro. The vulnerability was reported by Federico Maggi of Trend Micro. KUKA has an upgrade that mitigates the vulnerability. There is no indication that Maggi has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to result in a loss of integrity in external 3D models fetched from remote servers. When tested on real machines, this effect is unpredictable.

Fuji Advisory


This advisory describes a heap-based buffer overflow vulnerability in the Fuji V-Server Lite. The vulnerability was reported by kimiya via the Zero Day Initiative. Fuji has a new version that mitigates the vulnerability. There is no indication that kimiya has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reported that a relatively low-skilled attacker could remotely exploit the vulnerability to allow a remote attacker to gain elevated privileges for remote code execution.

HMS Advisory


This advisory describes a cross-site scripting vulnerability in the HMS eWON Flexy and Cosy. The vulnerability was reported by Ander Martínez of Titanium Industrial Security. HMS has a firmware update that mitigates the vulnerability. There is no indication that Martinez has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that an uncharacterized attacker could remotely exploit this vulnerability to initiate a password change.

NOTE: I briefly discussed this vulnerability back in February.

GE Advisory


This advisory describes an improper privilege management vulnerability in the GE Digital CIMPLICITY HMI/SCADA product. The vulnerability was reported by Sharon Brizinov of Claroty. GE has a new version that mitigates the vulnerability. There is no indication that Brizinov has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerability to allow an adversary to modify the systemwide CIMPLICITY configuration, leading to the arbitrary execution of code.

NOTE: I briefly discussed this vulnerability last weekend.

Advantech Advisory


This advisory describes eight vulnerabilities in the Advantech WebAccess/NMS network management system. The vulnerability was reported by rgod of 9sg via ZDI. Advantech has a new version that mitigates the vulnerability. There is no indication that rgod was provided an opportunity to verify the efficacy of the fix.

The eight reported vulnerabilities are:

• Unrestricted upload of file with dangerous type - CVE-2020-10621;
• SQL injection (2) - CVE-2020-10617 and CVE-2020-10623;
• Relative path traversal (2) - CVE-2020-10619 and CVE-2020-10631;
• Missing authentication for critical function - CVE-2020-10625;
• Improper restriction of XML external entity reference -CVE-2020-10629; and
• OS command injection - CVE-2020-10603

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to allow an attacker to gain remote code execution, upload files, delete files, cause a denial-of-service condition, and create an admin account for the application.

Synergy Update


This update provides new information on an advisory that was originally published on February 11th, 2020. The new information includes:

• Four new vulnerabilities:
Missing authentication for critical function - CVE-2019-16879;
Improper check for unusual or exceptional conditions - CVE-2020-7800;
Exposure of sensitive information to an unauthorized actor - CVE-2020-7801; and
Incorrect default permissions - CVE-2020-7802
• Links to three associated advisories from SSS (here, here and here)

No comments:

 
/* Use this with templates/template-twocol.html */