Today the CISA NCCIC-ICS published six control system
security advisories for products from Siemens (4), Mitsubishi Electric and
Advantech. They also updated four advisories for products from Philips, Siemens
(2) and OSIsoft.
SINUMERIK Advisory
This advisory
describes 22 vulnerabilities in the Siemens SINUMERIK products. The vulnerabilities
are self-reported. Siemens has updates that mitigate the vulnerabilities.
The 22 reported vulnerabilities are:
• Buffer underflow - CVE-2018-15361,
• Heap-based buffer overflow (5) - CVE-2019-8258,
CVE-2019-8262, CVE-2019-8271, CVE-2019-8273, and CVE-2019-8274,
• Improper initialization - CVE-2019-8259,
• Out-of-bounds read (3) - CVE-2019-8260,
CVE-2019-8267, and CVE-2019-8270,
• Stack-based buffer overflow (3) -
CVE-2019-8263, CVE-2019-8269, and CVE-2019-8276,
• Access of memory location after
ends of buffer (4) - CVE-2019-8264, CVE-2019-8265, CVE-2019-8266, and CVE-2019-8280,
• Off-by-one error (2) - CVE-2019-8268,
and CVE-2019-8272,
• Improper null determination - CVE-2019-8275,
• Improper initialization - CVE-2019-8277,
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerabilities to allow remote code execution,
information disclosure, and denial-of-service attacks under certain conditions.
Note: according to the Siemens
advisory these are third-party vulnerabilities (in this case, UltraVNC, a
remote access system) – that were
reported by Kaspersky. A number of other VNC systems were included in that
report.
SIMATIC Advisory #1
This advisory
describes two vulnerabilities in the Siemens SIMATIC and SINAMICS products. The
vulnerabilities were reported by Nadav Erez of Claroty. Siemens has new
versions that mitigate the vulnerabilities. There is no indication that Erez
has been provided an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Uncontrolled search path - CVE-2020-7585,
and
• Heap-based buffer overflow - CVE-2020-7586
NCCIC-ICS reports that a relatively low-skilled attacker with
uncharacterized access could exploit the vulnerabilities to allow an attacker
to affect the availability of the devices under certain conditions.
NOTE: According to the Siemens advisory
the vulnerabilities were reported by Uri Katz of Claroty.
SIMATIC Advisory #2
This advisory
describes an unquoted search path or element vulnerability in the Siemens SIMATIC,
SINAMICS, SINEC, SINEMA and SINUMERIK products. This vulnerability was reported
by Ander Martinez of Titanium Industrial Security via INCIBE. Siemens has some
updates that mitigate the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker with
authorized local access could exploit the vulnerability to execute custom code
with SYSTEM level privileges.
LOGO! Advisory
This advisory
describes a missing authentication for critical function vulnerability in the
Siemens LOGO! Product. The vulnerability was reported by Alexander Perez-Palma
of Cisco Talos and Emanuel Almeida of Cisco Systems. Siemens has provided
generic mitigation measures for this vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to allow an attacker to read and
modify device configurations and obtain project files from affected devices.
NOTE: The Siemens
advisory says that an attacker would have to have access to port 135/tcp to
exploit this vulnerability.
Mitsubishi Advisory
This advisory
describes a resource exhaustion vulnerability in the Mitsubishi MELSEC iQ-R
series modules. The vulnerability was reported by Yossi Reuven of SCADAfence.
Mitsubishi has provided generic workarounds to mitigate the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to cause the Ethernet port to enter a
denial-of-service condition.
Advantech Advisory
This advisory
describes a stack-based buffer overflow vulnerability in the Advantech WebAccess
Node. The vulnerability was reported by Z0mb1E via the Zero Day Initiative.
Advantech has a patch that mitigates the vulnerability. There is no indication
that Z0mb1E has been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to crash the application being
accessed; a buffer overflow condition may allow remote code execution.
Philips Update
This update
provides additional information on an advisory that was originally
published on August 16th, 2018. The new information includes:
• Extending the expected update
publication from mid-2019 to 3rd Quarter 2020, and
• Change mitigation instructions
for PageWriter TC50 and TC70,
SIMATIC Update
This update
provides additional information on an advisory that was was originally
published on December 10th, 2019 and most
recently updated on March 10th, 2020. The new information includes:
• Revised version and mitigation information
for SIMOCODE pro V PN, and
• Clarified update version
information for SINAMICS G130/G150/S150 and SINAMICS S120
Industrial Products Update
This update
provides additional information on an advisory that was originally
published on September 10th, 2019 and most
recently updated April 14th, 2020. The new information includes:
• Added products SIMATIC NET CP
443-1 OPC UA, CP 443-1 RNA, CP 442-1 RNA, CP 443-1, CP 443-1 Advanced and CP
343-1 Advanced,
• Included additional information
to CP 1623 and CP 1628 regarding affected CVE,
• Added new vulnerability:
Excessive data query operations in large data table - CVE-2019-8460
Other Siemens Update
There was one other Siemens update that was
published today. I will cover it this weekend.
OSIsoft Update
This update
provides additional information on an advisory that was
originally published on May 12th, 2010. The new information
includes:
• Four new affected products:
◦ PI Connector for IEC 60870-5-104,
◦ PI Connector for OPC-UA,
◦ PI Connector for Siemens Simatic PCS 7, and
◦ PI Connector for UFL
• Major change to mitigation
measures
Posts
No comments:
Post a Comment