This week we have two vendor disclosures about the CodeMeter vulnerabilities from Bosch and 3S. There are four vendor disclosures for products from Mitsubishi (2), Yokogawa, and Eaton. We also have two researcher reports for vulnerabilities in products from Siemens and Aveva.
CodeMeter Advisories
Bosch published an advisory describing the CodeMeter vulnerabilities in their Rexroth Products. Bosch recommends updating the CodeMeter software. One Bosch update is available to mitigate the vulnerabilities.
3S published an advisory [.PDF download link] describing the CodeMeter vulnerabilities in a number of their products. 3S has new versions of CODESYS V3 that mitigates the vulnerability.
NOTE: This advisory would seem to indicate that the universe of vulnerable products is much larger than previously thought. Vendors using CODESYS products would not have known to check for the CodeMeter vulnerability in their systems.
Mitsubishi Advisories
Mitsubishi published an advisory describing a TCP/IP stack session management vulnerability in a number of their products. The vulnerabilities were reported by Ta-Lun Yen of Trend Micro via the Zero Day Initiative. Mitsubishi has new versions that mitigate the vulnerability in many of the affected products. There is no indication that Ta-Lun has been provided an opportunity to verify the efficacy of the fix.
Mitsubishi published an advisory describing the Ripple20 vulnerabilities in the WiFi interface for a number of their products. Mitsubishi provides generic workarounds for the vulnerabilities.
NOTE: There is no overlap in the product lists for the two advisories which would indicate that two different TCP/IP stacks are being used.
Yokogawa Advisory
Yokogawa published an advisory describing a classic buffer overflow vulnerability in their FA-M3 Programming Tool. The vulnerability has been reported by Parity Dynamics. Yokogawa has a new version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.
Eaton Advisory
Eaton published an advisory describing an uncontrolled search path element vulnerability in their 9000x programing and configuration software. The vulnerability was reported by Yongjun liu. Eaton has a new version that mitigates the vulnerability. There is no indication that Yongjun has been provided an opportunity to verify the efficacy of the fix.
Siemens Report
Otorio published a blog post describing two vulnerabilities in the Siemens PCS 7 products. According to the post Siemens will provide instruction to avoid the vulnerabilities in the “next update of SIMATIC PCS 7 Compendium Part F”.
The two reported vulnerabilities are:
• A WinCC configuration flaw, and
• A PCS 7 configuration flaw.
NOTE: I cannot find a Siemens advisory that addresses similarly described vulnerabilities, but without a CVE number I cannot really be sure that Siemens has not addressed them.
Aveva Report
Talos published a
report describing three vulnerabilities in the Aveva Enterprise Data
Management Web data management platform. These vulnerabilities were previously
disclosed by Aveva. The Talos report includes proof-of-concept code.
No comments:
Post a Comment