Today the NCCIC-ICS published a control system security
advisory for products from Treck. They also updated an earlier advisory for
products from Mitsubishi.
Treck Advisory
This advisory
describes 19 vulnerabilities in the Treck TCP/IP stack. The vulnerabilities were
reported (Ripple20) by Shlomi
Oberman and Moshe Kol from JSOF. Treck has a new version that mitigates the vulnerabilities.
There is no indication that the researchers have been provided an opportunity
to verify the efficacy of the fix.
The 19 reported vulnerabilities are:
• Improper handling of length parameter
inconsistency (4) - CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11907,
• Improper input validation (9) - CVE-2020-11899,
CVE-2020-11901, CVE-2020-11902, CVE-2020-11906, CVE-2020-11909, CVE-2020-11910,
CVE-2020-11912, CVE-2020-11913, CVE-2020-11914
• Double free - CVE-2020-11900,
• Out-of-bounds read (2) - CVE-2020-11903,
CVE-2020-11905,
• Integer overflow or wraparound - CVE-2020-11904,
• Improper null termination - CVE-2020-11908,
• Improper access control - CVE-2020-11911,
NCCIC-ICS reports that an uncharacterized attacker could remotely
exploit the vulnerabilities to allow remote code execution or exposure of
sensitive information. NOTE: There is publicly
available (registration required) exploit code for two of the vulnerabilities;
CVE-2020-11896 RCE, and CVE-2020-11898 Info Leak.
NOTE: The Treck TCP/IP stack is used by a number of vendors.
NCCIC reports that the following vendors have prepared advisories for their
affected products (no real mitigations available yet):
• B.Braun
• Rockwell
Mitsubishi Update
This update
provides additional information on an advisory that was originally
published on June 9th, 2020. The new information includes
revised mitigation instructions.
Posts
No comments:
Post a Comment