Today the CISA NCCIC-ICS published two control system
security advisories for products from Schneider Electric and Johnson Controls.
Schneider Advisory
This advisory
describes five vulnerabilities in the Schneider EcoStruxure Operator Terminal Expert.
The vulnerabilities were reported by Sharon Brizinov and Amir Preminger of
Claroty Research (via the Zero Day Initiative), Steven Seeley and Chris
Anastasio of Incite Team (via ZDI), and Fredrik Østrem, Emil Sandstø, and Cim
Stordal of Cognite. Schneider has an update that mitigates the vulnerabilities.
There is no indication that the researchers have been provided an opportunity
to verify the efficacy of the fix.
The five reported vulnerabilities are:
• SQL Injection - CVE-2020-7493,
• Path traversal (3) - CVE-2020-7494,
CVE-2020-7495 and CVE-2020-7497, and
• Argument injection - CVE-2020-7496
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could use publicly available code to exploit the
vulnerabilities to allow unauthorized write access or remote code execution.
NOTE: I briefly discussed
these vulnerabilities last Saturday.
Johnson Controls Advisory
This advisory
describes a cleartext storage of sensitive information vulnerability in Sensormatic
Electronics (subsidiary of Johnson Controls) video management systems. The
vulnerability is self-reported. Johnson Controls has new versions that mitigate
the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to allow an attacker to access
credentials used for access to the application.
Posts
No comments:
Post a Comment