Saturday, September 19, 2020

Public ICS Disclosures – Week of 9-12-20

 This week we have four disclosures for CodeMeter vulnerabilities for products from ABB and Rockwell. There are also three vendor disclosures for products from MB Connect Line, Hi-Silicon, and B&R. There are 21 researcher reports for vulnerabilities in products from Fuji Electric (20) and Sierra Wireless.

CodeMeter Advisories

ABB published an advisory for the CodeMeter vulnerabilities in their Automation Builder product. ABB provides generic workarounds while it continues to investigate the vulnerabilities.

ABB published an update for their CodeMeter advisory for ABB Products. The new information includes providing a link to the advisory described above.

ABB published an update for their CodeMeter advisory for ABB Drives applications. The new information includes changing the recommended version of CodeMeter for Windows application to version 7.10a.

Rockwell published an update for their CodeMeter advisory for FactoryTalk Activation Manager. The new information includes:

• Updated mitigation information, and

• Updated CodeMeter version information

MB Advisory

CERT-VDE published an advisory describing four vulnerabilities in the mymbCONNECT24 and mbCONNECT24 products. The vulnerabilities were reported by Otorio. MB has new versions that mitigate the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The four reported vulnerabilities are:

• Blind SQL injection - CVE-2020-24569 and CVE-2020-24568,

• SSRF/CSRF - CVE-2020-24570, and

• Unauthenticated RCE – no CVE assigned

HI-Silicon Advisory

Incibe-cert published an advisory describing five vulnerabilities in the IPTV / H.264 / H.265 video encoders based on HiSilicon Hi3520d hardware. The vulnerabilities were reported by Alexei Kojenov; the report contains proof-of-concept code. Affected manufacturers include:

• URayTech;

• J-Tech Digital;

• VeCASTER PRO from Pro Video Instruments.

The five reported vulnerabilities include:

• Backdoor password - CVE-2020-24215 and CVE-2020-24218,

• Path transversal - CVE-2020-24219,

• Unauthenticated file uploads - CVE-2020-24217,

• Buffer overflow - CVE-2020-24214, and

• Unauthorized access to video streaming through RTSP - CVE-2020-24216

B&R Advisory

B&R published an advisory for the Ripple20 vulnerabilities in their products. They report that none of their products are affected by these vulnerabilities.

Fuji Electric Reports

Kimiya published 20 reports (ZDI-20-1184 thru ZDI-20-1204) of vulnerabilities in the Fuji Electric Tellus Lite product. The vulnerabilities were reported to ‘ICS-CERT’ (presumably, NCCIC-ICS) by the Zero Day Initiative back in April. These are apparently separate vulnerabilities from the 14 that were reported last week. The reported vulnerabilities include:

• Stack-based buffer overflow,

• Out-of-bounds write, and

• Out-of-bounds read

Sierra Wireless Report

Ruben Santamarta published a blog post describing two vulnerabilities in Sierra Wireless Air Link Products. Sierra Wireless has published an advisory [.PDF download link] for these vulnerabilities. The blog post includes proof-of-concept code.

The two reported vulnerabilities are:

• Privilege escalation - CVE-2020-8781, and

• Remote code execution - CVE-2020-8782

No comments:

/* Use this with templates/template-twocol.html */