This week we have eight vendor disclosures for products from Schneider (7) and Thales Group. We also have nine updates for advisories for products from Schneider (5), Siemens (2), Carestream and Rockwell.
Schneider Advisories
Schneider published an advisory describing three vulnerabilities in the web servers of their Modicon M340, Modicon Quantum and Modicon Premium Legacy products. The vulnerabilities were reported (here and here) by Kai Wang of Fortinet's FortiGuard Labs. Schneider is working on mitigation measures for those affected products that are not end-of-life.
The three reported vulnerabilities are:
• Out-of-bounds read - CVE-2020-7562,
• Out-of-bounds write - CVE-2020-7563,
and
• Classic buffer overflow - CVE-2020-7564
Schneider published an
advisory describing an improper privilege management vulnerability in their
EcoStruxure™ Operator Terminal Expert runtime (Vijeo XD). The vulnerability was
reported by Lasse Trolle Borup of Danish Cyber Defence. Schneider has a service
pack that mitigates the vulnerability. There is no indication that the researchers
have been provided an opportunity to verify the efficacy of the fix.
Schneider published an advisory describing nine vulnerabilities in their Interactive Graphical SCADA System (IGSS) product. The vulnerabilities were reported by kimiya via the Zero Day Initiative. Schneider has a new version that mitigates the vulnerabilities. There is no indication that kimiya has been provided an opportunity to verify the efficacy of the fix.
The nine reported vulnerabilities are:
• Improper restriction of
operations within the bounds of a memory buffer (4) – CVE-2020-7550, CVE-2020-7551,
CVE-2020-7552, and CVE-2020-7554,
• Out-of-bounds write (4) - CVE-2020-7553,
CVE-2020-7555, CVE-2020-7556, and CVE-2020-7558, and
• Out-of-bounds read - CVE-2020-7557
Schneider published an advisory describing seven vulnerabilities in their EcoStruxure Building Operation (EBO) product offerings. The vulnerabilities were reported by Luis Vázquez, Francisco Palma, and Diego León of Zerolynx, and Alessandro Bosco, Luca Di Giuseppe, Alessandro Sabetta, Massimiliano Brolli of TIM Security Red Team Research. Schneider has a version that mitigates the vulenrabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.
The seven reported vulnerabilities are:
• Unrestricted upload of file with
dangerous type - CVE-2020-7569,
• Cross-site scripting stored - CVE-2020-7570,
• Cross-site scripting reflected - CVE-2020-7571,
• Improper restriction of XML
external entity reference - CVE-2020-7572,
• Improper access control - CVE-2020-7573,
• Windows unquoted search path - CVE-2020-28209,
and
• Cross-site scripting - CVE-2020-28210
Schneider published an advisory describing four vulnerabilities in their Modicon M221 product. The vulnerabilities were reported by Yehuda Anikster and Rei Henigman of Claroty, and Seok Min Lim and Bryon Kaan of Trustwave (here). Schneider provides generic work arounds to mitigate the vulnerabilities.
The four reported vulnerabilities are:
• Inadequate encryption strength - CVE-2020-7565,
• Small space of random values - CVE-2020-7566,
• Missing encryption of sensitive
data - CVE-2020-7567, and
• Exposure of sensitive data to an unauthorized actor - CVE-2020-7568
NOTE: The Trustwave report contains proof-of-concept code.
Schneider published an advisory describing an improper access control vulnerability in their Easergy T300 remote terminal unit. The vulnerability was reported by Evgeniy Druzhinin and Ilya Karpov of Rostelecom-Solar. Schneider has a new version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.
Schneider published an advisory discussing the Drovorub malware and its impact on their Q Data Radio and J Data Radio devices. Schneider is providing generic workarounds pending further work on mitigating the vulnerabilities.
Thales Advisory
Thales Group published an advisory for their Sentinel RMS License Manager. The advisory is only available to registered customers. We should expect to see various vendors incorporating the fix for this in their affected products.
Schneider Updates
Schneider published an update for their Ripple20 advisory. The new information includes adding mitigation measures for:
• eIFE Ethernet Interface for
MasterPact MTZ drawout circuit breakers,
• IFE Ethernet Interface for
ComPact, PowerPact, and MasterPact circuit breakers, and
• IFE Gateway
Schneider published an
update for their EcoStruxure advisory that was originally
published on May 12th, 2020 and most
recently updated on June 9th, 2020. The new information includes
adding mitigation measures for CVE-2020-7495 & CVE-2020-7497.
Schneider published an
update for their Modicon M218/M241/M251/M258 Logic Controllers advisory
that was originally
published on April 14th, 2020. The new information includes adding
mitigation measures for M258.
Schneider published an
update for their Modicon Controllers advisory that was originally
published on March 20th, 2020. The new information includes
adding mitigation information for CVE-2020-7475.
Schneider published an update for their Modicon M580 controller advisory that was originally published on October 8th, 2019. The new information includes adding mitigation information for CVE-2019-6848 and CVE-2019-6849.
Siemens Updates
Siemens published an update for their CodeMeter advisory. The new information includes adding SICAM 230 to the list of affected versions including mitigation measures.
Siemens published an update for their GNU/Linux advisory that was originally published in 2018 and most recently updated on October 13th, 2020. The new information includes adding:
• CVE-2020-10769,
• CVE-2020-14314,
• CVE-2020-25211, and
• CVE-2020-25641
Carestream Update
Carestream published an update [.PDF download link] for their Bad Neighbor advisory. The new information includes lists of affected and unaffected products.
Rockwell Update
Rockwell published an update for their Urgent/11 advisory. The new information
includes mitigation measures for ControlLogix 5580 and CompactLogix products.
Posts
No comments:
Post a Comment