Today the CISA NCCIC-ICS published five control system security advisories for products from Siemens (2), Schneider, and OSIsoft. They also published updates for two advisories for products from Siemens.
SCALANCE Advisory
This advisory describes an improper input validation vulnerability in the Siemens SCALANCE W 1750D. The vulnerability is self-reported. The Siemens advisory notes that this is a third-party (Aruba Instant) vulnerability that was originally reported by Aruba in 2016 as three separate CVE’s (CVE-2016-2031, CVE-2016-0801, and CVE-2016-0802); there are publicly available exploits for the first two CVE’s. Siemens reports that they consolidated the vulnerabilities to a single CVE. Siemens has a new firmware version that mitigates the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow an attacker to achieve remote code execution.
NOTE: Looking at the Aruba advisory and associated exploit reports it looks to me like there is more at risk here.
SIMATIC Advisory
This advisory describes an uncontrolled resource consumption vulnerability in the Siemens SIMATIC S7-300 CPUs and SINUMERIK Controller. The vulnerability was reported by WangFangLi from Beijing Winicssec Technology. Siemens is providing generic workarounds while working on appropriate updates.
NCCIC-ICS reports that an uncharacterized attacker could remotely exploit the vulnerability to allow an attacker to cause a denial-of-service condition.
Schneider Advisory
This advisory describes an improper check for unusual or exceptional conditions vulnerability in the Schneider PLC Simulator for EcoStruxure Control Expert. The vulnerability was reported by Parity Dynamics Research Team. The Schneider advisory describes three additional vulnerabilities and two addition reporting research teams. Schneider has a new version that mitigates all four vulnerabilities. There is no indication that any of the researchers have been provided an opportunity to verify the efficacy of the fix.
The four vulnerabilities reported by Schneider are:
• Classic buffer overflow - CVE-2020-7559,
• Improper check for unusual or exceptional
conditions - CVE-2020-7538,
• Incorrect authorization - CVE-2020-28211,
and
• Download of code without integrity check - CVE-2020-28213
NCCIC-ICS reports (for their single vulnerability) that a relatively low-skilled attacker could remotely exploit the vulnerability to cause a denial-of-service condition, which could result in a failure of the EcoStruxture Control Expert Simulator.
PI Vision Advisory
This advisory describes two vulnerabilities in the OSIsoft PI Vision 2020. The vulnerabilities are self-reported. OSIsoft has a new version that mitigates the vulnerabilities.
The two reported vulnerabilities are:
• Cross-site scripting - CVE-2020-25163,
and
• Incorrect authorization - CVE-2020-25167
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to allow a remote attacker with write access to the PI ProcessBook files to inject code that is imported into PI Vision, or disclose information to a user with insufficient privileges.
PI Interface Advisory
This advisory describes a numeric errors vulnerability in the OSIsoft PI Interface. The vulnerability is self-reported. OSIsoft has a new version that mitigates the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to allow an attacker-controlled OPC XML-DA Server to respond with a crafted XML message and exploit the PI Interface for OPC XML-DA, resulting in code execution.
UMC Stack Update
This update provides additional information on an advisory that was originally published on July 14th, 2020 and most recently updated on September 8th, 2020. The new information includes providing updated affected version information and mitigation measures for SIMOCODE ES.
SIMATIC Update
This update provides additional information on an advisory that was originally published on September 8th, 2020 and most recently updated on October 13th, 2020. The new information includes a corrected CVSS Score for CVE-2020-15791.
Other Advisories and Updates
Siemens published
two additional updates today. Schneider published
six additional advisories and five updates today. I will cover these this
weekend.
No comments:
Post a Comment