Saturday, October 31, 2020

Public ICS Disclosures – Week of 10-24-20

This week we have three medical device manufacturers (BD, Philips, and Spacelabs) publishing advisories related to the government’s warning about Ryuk ransomware. There are two new vendor advisories for the CodeMeter vulnerabilities for products from ENDRESS+HAUSER and TRUMPF. We also have three additional vendor disclosures for products from WAGO and Moxa (2).

Ryuk Ransomware

BD published an advisory for the Ryuk ransomware. The advisory provides a list of products that have been susceptible to the five common vulnerabilities used to infect systems with the ransomware. Versions are available that mitigate those vulnerabilities.

Philips published an advisory for the Ryuk ransomware. Philips is specifically evaluating the Netlogon vulnerability as part of their look at this problem.

Spacelabs published an advisory for the Ryuk ransomware. The advisory provides a description of the potentially affected products, but no direct impact is reported.

CodeMeter Advisories

CERT-VDE published an advisory for the CodeMeter vulnerabilities in products from ENDRESS+HAUSER. The advisory provides a list of affected products and recommends applying the WIBU Systems updates.

CERT-VDE published an advisory for the CodeMeter vulnerabilities in products from TRUMPF. The advisory provides a list of affected products. TRUMPF is working on updated versions that will mitigate the vulnerabilities.

WAGO Advisory

CERT-VDE published an advisory describing an uncontrolled resource consumption vulnerability in the WAGO 750-88x and 750-352 PLC families. The vulnerability was reported by William Knowles of Applied Risk. WAGO has a new firmware version that mitigates the vulnerability. There is no indication that the Knowles has been provided an opportunity to verify the efficacy of the fix.

Moxa Advisories

Moxa published an advisory describing a privilege escalation via Web console vulnerability in their NPort 5100A Series serial device servers. The vulnerability was reported by Nikita Firsov. Moxa has a new firmware version that mitigates the vulnerability. There is no indication that Firsov has been provided an opportunity to verify the efficacy of the fix.

Moxa published an advisory describing an improper restriction of operations vulnerability in their EDR-G903, EDR-G902, and EDR-810 Series Secure Routers. The vulnerability was reported by Xinjie Ma from Chaitin Security Research Lab. Moxa has new firmware versions that mitigate the vulnerability. There is no indication that Xinjie has been provided an opportunity to verify the efficacy of the fix.

No comments:

 
/* Use this with templates/template-twocol.html */