Today CISA’s NCCIC-ICS published two control system security advisories for products from Reolink and Simon Kelley, and one medical device security advisory for products from Philips.
Reolink Advisory
This advisory describes two vulnerabilities in the Reolink P2P protocol. The vulnerabilities were reported by Nozomi Networks. Reolink has a firmware upgrade that mitigates some of the risk.
The two reported vulnerabilities are:
• Use of hard-coded cryptographic
key - CVE-2020-25173, and
• Ceartext transmission of sensitive information - CVE-2020-25169
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to permit unauthorized access to sensitive information.
Dnsmasq Advisory
This advisory describes seven vulnerabilities in the Dnsmasq maintained by Simon Kelley. The vulnerabilities were reported by JSOF Tech (named DNSpooq by JSOF). Kelley has a new version that mitigates the vulnerabilities. The JSOF report confirms that the new version adequately mitigates the vulnerabilities.
The seven reported vulnerabilities are:
• Heap-based buffer overflow (4) - CVE-2020-25681,
CVE-2020-25682, CVE-2020-25683, and CVE-2020-25687,
• Insufficient verification of data
authenticity (2) - CVE-2020-25684 and CVE-2020-25686, and
• Use of a broken or risky cryptographic algorithm - CVE-2020-25685,
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to result in cache poisoning, remote code execution, and a denial-of-service condition.
NOTE: The JSOF report makes it clear that there will almost certainly a number of ICS vendors that will be affected by this set of DNS vulnerabilities. At least one vendor has already reported this vulnerability in some of their products, more will be coming.
Philips Advisory
This advisory describes an OS command injection vulnerability in the Philips Haswell workstations. The vulnerability was self-reported. Philips has a patch that mitigates the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit this vulnerability to remotely shut
down or restart the workstation.
Posts
No comments:
Post a Comment