Thursday, December 17, 2020

3 Advisories Published – 12-17-20

Today the CISA NCCIC-ICS published three control system security advisories for products from PTC (2) and Emerson.

LinkMaster Advisory

This advisory describes an incorrect default permissions vulnerability in the PTC Kepware LinkMaster application. The vulnerability was reported by Yuri Kramarz of Cisco Talos. PTC has a new version that mitigates the vulnerability. There is no indication that Kramarz has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit this vulnerability to allow a local attacker to globally overwrite the service configuration to execute arbitrary code with NT SYSTEM privileges.

NOTE: The Talos report include proof-of-concept code.

KEPServerEX Advisory

This advisory describes three vulnerabilities in the PTC Kepware KEPServerEX connectivity platform. The vulnerability was reported by Uri Katz of Claroty. PTC has updates that mitigate the vulnerability. There is no indication that Katz has been provided an opportunity to verify the efficacy of the fix.

The three reported vulnerabilities are:

• Stack-based buffer overflow - CVE-2020-27265,

• Heap-based buffer overflow - CVE-2020-27263, and

• Use after free - CVE-2020-27267

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to lead to a server crashing, a denial-of-service condition, data leakage, or remote code execution.

NOTE 1: NCCIC-ICS reports that these vulnerabilities could serve as a third-party vulnerability in the following products:

Rockwell Automation KEPServer Enterprise,

GE Digital Industrial Gateway Server, and

Software Toolbox TOP Server

NOTE 2: NCCIC-ICS only provided links to the GE advisory.

Emerson Advisory

This advisory describes an improper authentication vulnerability in the Emerson Rosemount X-STREAM gas analysis software. The vulnerability was reported by Maxim Rupp. Emerson has firmware updates that mitigate the vulnerability. There is no indication that Maxim has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to allow an attacker through a specially crafted URL to download files and obtain sensitive information.

Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */