Saturday, June 27, 2020

Public ICS Disclosures – Week of 06-20-20


This week we have six Ripple20 advisories from vendors, one of them an update. There were also four vendor updates from Schneider, Rockwell (2) and Yokogawa. There was a researcher report for products from OSIsoft. There were also four exploits published for products from ABUS, SICK, mySCADA and Inductive Automation.

Ripple20 Advisories and Updates


HMS published a Ripple20 advisory that identifies affected products and generic mitigations.

Eaton published a Ripple20 advisory that identifies affected products and generic mitigations.

Boston Scientific published a Ripple20 advisory that admits that some (unidentified) products have the vulnerabilities but “concluded there is no increased security risk for patients who have our implantable products because of the Treck vulnerabilities”.

Schneider published a Ripple20 advisory that identifies affected products and generic mitigations.

Schneider published a Ripple20 advisory specifically for their network management card products.

Schneider updated their Ripple20 advisory that was originally published on June 16th, 2020. Refers to the first new advisory described above.

Schneider Update


Schneider published an update of their legacy Triconex advisory that was originally published on April 14th, 2020. The new information includes adding CVE numbers and descriptions and updated affected version and mitigation data.

NOTE: The revised advisory includes an interesting discussion about why Schneider decided that this update was necessary.

Rockwell Updates


Rockwell published an update for their FactoryTalk Linx Path Traversal advisory that was originally published on June 18th, 2020. The new information includes a revised list of affected products.

Rockwell published an update for FactoryTalk Linx multiple vulnerability advisory that was originally published on June 11th, 2020. The new information includes a revised list of affected products.

NOTE: The updated information is the same in both updates. See my note on the path traversal advisory in last week’s blog post.

Yokogawa Update


Yokogawa published an update for their unquoted service path advisory that was originally published on September 27th, 2019and most recently updated November 1st, 2019. The new information includes adding three new products to the affected product list and providing mitigation links for those products.

OSIsoft Report


Otorio published a report on a cross-site scripting vulnerability in the OSIsoft PI Web API 2019. The vulnerability was disclosed by OSIsoft on June 11th, 2020. The report includes a poor-quality video demonstrating an exploit of the vulnerability.

ABUS Exploit


Matthias Deeg published an exploit for a missing encryption of sensitive data vulnerability in the ABUS Secvest Wireless Control Device (FUBE50001). This was reportedly coordinated with ABUS.

SICK Exploit


Aliasrobotics published an exploit for a default credentials vulnerability in the SICK safety PLC. There is no indication that this was reported to SICK, so this is probably a 0-day exploit.

mySCADA Exploit


Emre ÖVÜNÇ published an exploit for a hard-coded credentials vulnerability in the mySCADA myPro HMI. There is no indication that this was reported to mySCADA, so this is probably a 0-day exploit.

Inductive Automation Exploit


Pedro Ribeiro and Radek Domanski published a Metasploit module for a a Java deserialization vulnerability in the Inductive Automation Ignition SCADA product. The vulnerability was disclosed by the vendor on June 2nd, 2020 and the NCCIC-ICS advisory was subsequently updated on June 11th, 2020.

No comments:

 
/* Use this with templates/template-twocol.html */