We have one new vendor disclosure this week for products from HMS. We also have three vendor updates for products from Rockwell and Schneider (2). We also have news of a possible cyberattack on Softing, a control system vendor.
HMS Advisory
HMS published an advisory discussing the BLURtooth vulnerability. HMS reports that none of their products are affected by this vulnerability.
NOTE: The BLURtooth vulnerability is a currently unpatched vulnerability in some implementations of the Bluetooth standard that allows attacker-in-the-middle exploits. I expect that we will be seeing more vendor communications about this vulnerability in the coming weeks, especially from medical device manufacturers where the use of Bluetooth is more common.
Rockwell Update
Rockwell published an update for their advisory on OSIsoft PI System vulnerabilities that was originally published on May 12th, 2020. The new information includes new version information for vulnerability mitigation.
Schneider Updates
Schneider published an update for their Ripple20 advisory. The new information includes:
• Adding remediation for
“EGX150/Link150 Ethernet Gateway”, “Acti9 PowerTag Link / HD”, “Acti9 Smartlink
SI D”, and “Acti9 Smartlink SI B”, and
• Adding PowerLogic EGX100 to affected products list.
Schneider published an update for their APC by Schneider Electric Network Management Cards advisory that was originally published on June 23rd, 2020 and most recently updated on September 1st, 2020. The new information includes updated overview section, available remediations and affected products tables (some affected products were moved from the above advisory to this one).
Vendor News
When I checked the Softing advisory web page today an interesting popup appeared. It said:
“IMPORTANT NOTE:
“Softing AG fell victim to targeted
cyber attacks through no fault of its own. Unknown perpetrators have invaded
the internal networks. In order to avoid possible damage to the IT
infrastructure, we have severely restricted the external communication options.
“For urgent inquiries we are still
available to our customers under the following contact details:
“Softing Industrial Automation: +49 15119489547”
A brief Google® search reveals no news items about this attack.
As always with an attack on a control system vendor we have
to be concerned about the potential product security problems that could arise
from the compromise of the system. Access to product source code could allow
for easier vulnerability detection by the attacker or even possible
modification of that source code to insert vulnerabilities. Access to vendor
web site code could allow for the establishment of drive-by code. None of the above
is a given, but it does provide an area for potential concern, particularly if
the company is not completely forthcoming about the extent of the attack. Hopefully
we are just be early in the news cycle on this attack and more information will
become publicly available in the coming days.
Posts
No comments:
Post a Comment