Public ICS Disclosures – Week of 8-29-20

This week we have two new vendor disclosures for products from SICK and BD. There were also three Ripple20 [Corrected link, 10-18-20, 0857] updates published for products from HMS, Braun and Schneider. We also have a vendor update from Yokogawa. There is also one researcher report with exploits for vulnerabilities for products from Red Lion.

SICK Advisory

SICK published an advisory describing an improper handling of exceptional conditions vulnerability in their SOPAS Engineering Tool. The vulnerability was reported by Ruben Santamarta of IOActive. SICK has released new firmware versions that mitigate the vulnerability. There is no indication that Santamarta has been provided an opportunity to verify the efficacy of the fix.

BD Advisory

BD published an advisory describing three third-party (VMware) vulnerabilities in selected BD products. BD is currently testing the VMware update.

The three reported vulnerabilities are:

• Local privilege escalation - CVE-2020-3957,

• Denial of service - CVE-2020-3958, and

• Memory leak - CVE-2020-3959

Ripple20 Updates

HMS published an update of their Ripple20 advisory that was originally published on June 23, 2020. The new information includes adding the following products to the not affected list:

• Anybus M-Bus to Modbus TCP gateway,

• Anybus WLAN Access Points (AWB4xxx), and

• Ewon Netbiter 100, 200 and 300-series

Braun published an update of their Ripple20 advisory that was originally published on June 30^th, 2020. The updated information includes more details on the Ripple20 effect on the Outlook 400ES infusion pump.

Schneider published an update of their Ripple20 advisory that was originally published on June 23, 2020 and most recently updated on August 6^th, 2020. The new information includes:

• Adding mitigation measures for Cooling Products using NMC2, and

• Adding partial remediations for TM3BC bus coupler module – EIP, TM3BC bus coupler module – SL, and TM3BC bus coupler module – CANOpen

Yokogawa Update

Yokogawa published an update for their CAMS for HIS advisory that was originally published on July 31^st, 2020. The new information includes updated affected product data.

Red Lion Report

SEC Consult published a report on multiple vulnerabilities in the Red Lion N-Tron products that were reported last week by CISA NCCIC-ICS. The SEC Consult report includes proof-of-concept exploit code and a list of outdated third-party components.