Tuesday, June 16, 2020

1 Advisory and 1 Update Published – 6-16-20

Today the NCCIC-ICS published a control system security advisory for products from Treck. They also updated an earlier advisory for products from Mitsubishi.

Treck Advisory

This advisory describes 19 vulnerabilities in the Treck TCP/IP stack. The vulnerabilities were reported (Ripple20) by Shlomi Oberman and Moshe Kol from JSOF. Treck has a new version that mitigates the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The 19 reported vulnerabilities are:

• Improper handling of length parameter inconsistency (4) - CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11907,
• Improper input validation (9) - CVE-2020-11899, CVE-2020-11901, CVE-2020-11902, CVE-2020-11906, CVE-2020-11909, CVE-2020-11910, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914
• Double free - CVE-2020-11900,
• Out-of-bounds read (2) - CVE-2020-11903, CVE-2020-11905,
• Integer overflow or wraparound - CVE-2020-11904,
• Improper null termination - CVE-2020-11908,
• Improper access control - CVE-2020-11911,

NCCIC-ICS reports that an uncharacterized attacker could remotely exploit the vulnerabilities to allow remote code execution or exposure of sensitive information. NOTE: There is publicly available (registration required) exploit code for two of the vulnerabilities; CVE-2020-11896 RCE, and CVE-2020-11898 Info Leak.

NOTE: The Treck TCP/IP stack is used by a number of vendors. NCCIC reports that the following vendors have prepared advisories for their affected products (no real mitigations available yet):


Mitsubishi Update

This update provides additional information on an advisory that was originally published on June 9th, 2020. The new information includes revised mitigation instructions.

No comments:

/* Use this with templates/template-twocol.html */