Tuesday, January 12, 2021

6 Advisories Published – 1-12-21

Today the CISA NCCIC-ICS published five control system security advisories for products from Siemens (4) and Schneider Electric. They also published a medical device security advisory for products from SOOIL Developments. NCCIC-ICS also updated seven advisories today. I will report on them separately.

SCALANCE Advisory #1

This advisory describes three vulnerabilities in the Siemens SCALANCE X Products. The vulnerabilities are self-reported. Siemens has updates for several of the affected products.

The three reported vulnerabilities are:

• Missing authentication for critical function - CVE-2020-15799, and

• Heap-based buffer overflow (2) - CVE-2020-15800 and CVE-2020-25226

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to cause denial-of-service conditions and further impact the system through heap and buffer overflows.

Solid Edge Advisory

This advisory describes six vulnerabilities in the Siemens Solid Edge. The vulnerabilities was reported by rgod via the Zero Day Initiative. Siemens has an updated version that mitigates the vulnerability. There is no indication that rgod has been provided an opportunity to verify the efficacy of the fix.

The six reported vulnerabilities are:

• Out-of-bounds write (4) - CVE-2020-28381, CVE-2020-28382, CVE-2020-28383, and CVE-2020-28386, and

• Stack-based buffer overflow (2) - CVE-2020-28384 and CVE-2020-26989

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit these vulnerabilities to allow arbitrary code execution on an affected system.

JT2Go Advisory

This advisory describes eighteen vulnerabilities in the Siemens JT2Go and Teamcenter Visualization products. The vulnerabilities was reported by rgod via ZDI. Siemens has new versions that mitigate the vulnerabilities. There is no indication that rgod has been provided an opportunity to verify the efficacy of the fix.

The eighteen reported vulnerabilities are:

Type confusion - CVE-2020-26980, CVE-2020-26990,

• Improper restriction of XML external entity reference - CVE-2020-26981,

• Out-of-bounds write (7) - CVE-2020-26982, CVE-2020-26983, CVE-2020-26984, CVE-2020-26988, CVE-2020-26995, CVE-2020-26996, and CVE-2020-28383,

• Heap-based buffer overflow (4) - CVE-2020-26985, CVE-2020-26986, CVE-2020-26987, and CVE-2020-26994,

• Stack-based buffer overflow (3) - CVE-2020-26989, CVE-2020-26992, and CVE-2020-26993,

• Untrusted pointer dereference - CVE-2020-26991,

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit these vulnerabilities to lead to arbitrary code execution.

SCALANCE Advisory #2

This advisory describes two use of hard-coded cryptographic key vulnerabilities in the Siemens SCALANCE X200, X200IRT, X300 switch families. The vulnerabilities are self-reported. Siemens has updates for some of the affected products which mitigate the vulnerabilities.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerabilities to allow an attacker to execute a man-in-the-middle attack and decrypt previously captured traffic.

Schneider Advisory

This advisory describes two unrestricted upload of file with dangerous type vulnerabilities in the Schneider EcoStruxure Power Build – Rapsody products. The vulnerabilities were reported by rgod via ZDI. Schneider is working on mitigation measures.

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit these vulnerabilities to  allow a local attacker to upload a malicious SSD file, resulting in a use-after-free condition or a stack-based buffer overflow.

SOOIL Advisory

This advisory describes nine vulnerabilities in the SOOIL Dana Diabecare Insulin Pumps. The vulnerabilities were reported by Julian Suleder, Birk Kauer, Raphael Pavlidis, and Nils Emmerich of ERNW Research GmbH. SOOIL has new versions that mitigate the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The nine reported vulnerabilities are:

• Use of hard-coded credentials - CVE-2020-27256,

• Insufficiently protected credentials - CVE-2020-27258,

• Insufficiently random values - CVE-2020-27264,

• Use of client-side authentication - CVE-2020-27266,

• Client-side enforcement of server-side security - CVE-2020-27268,

• Authentication bypass by capture-replay - CVE-2020-27269,

• Unprotected transport of credentials - CVE-2020-27270,

• Key exchange without entity authentication - CVE-2020-27272, and

• Authentication bypass spoofing - CVE-2020-27276

No comments:

 
/* Use this with templates/template-twocol.html */