Today the CISA NCIC-ICS published three control system security
advisories for products from Rockwell Automation (2) and ENTTEC. They also
published a medical device security advisory for products from Philips.
FactoryTalk Advisory
This advisory
describes two vulnerabilities in the Rockwell FactoryTalk View SE. The vulnerabilities
were reported by Ilya Karpov and Evgeny Druzhinin of ScadaX Security. Rockwell
has new versions that mitigate the vulnerability. There is no indication that
the researchers have been provided an opportunity to verify the efficacy of the
fix.
The two reported vulnerabilities are:
• Cleartext transmission of
sensitive information - CVE-2020-14480, and
• Weak encoding for passwords
- CVE-2020-14481
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit the vulnerabilities to lead to
unauthorized access to server data.
FactoryTalk Services Advisory
This advisory
describes an improper restriction of XML external entity reference
vulnerability in the Rockwell FactoryTalk Services Platform. The vulnerability
was reported by Applied Risk. Rockwell has a patch that mitigates the vulnerability.
There is no indication that the researchers have been provided an opportunity
to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit the vulnerability to lead to a
denial-of-service condition and to the arbitrary reading of any local file via
system level services.
NOTE: NCCIC-ICS did not publish a link to the Rockwell
advisory.
ENTTEC Advisory
This advisory
describes four vulnerabilities in the ENTTEC Datagate Mk2, Storm 24, Pixelator,
E-Streamer Mk2 lighting control products. The vulnerabilities were reported (report includes
proof-of-concept exploit code) by Mark Cross. ENTTEC has not yet offered
mitigation measures for these vulnerabilities.
The four reported vulnerabilities are:
• Hard-coded cryptographic key - CVE-2019-12776,
• Cross-site scripting - CVE-2019-12774,
• Improper access control - CVE-2019-12775,
and
• Improper permission assignment
for critical resource - CVE-2019-12777
NCCIC-ICS reports that a relatively low-skilled attacker
with remote access could use publicly available code to remotely exploit the vulnerability
to allow an attacker to gain unauthorized SSH/SCP access to devices, inject
malicious code, run commands with root privileges, and read, write, and execute
files in system directories as any user.
Philips Advisory
This advisory
describes an authentication bypass using alternate path or channel
vulnerability in the Philips Ultrasound Systems. The vulnerability is
self-reported. Philips has a new version that mitigates the vulnerability.
NCCIC-ICS reports that an uncharacterized attacker with
uncharacterized access could exploit the vulnerability to allow a
non-authenticated attacker to view or modify information. The Phillips
advisory reports that it would take a relatively high-skilled attacker with
local access to exploit the vulnerability.
Posts
No comments:
Post a Comment