Public ICS Disclosure – Week of 1-9-21 – Part 2

In the second part of this week’s ‘Public ICS Disclosure’ we have two vendor disclosures from Schneider that were missed by NCCIC-ICS. We also have five updates from Schneider (4) and Siemens. There were two end-of-life notices published by Honeywell. There is also a researcher report about products from FreyrSCADA.

Schneider Advisories

Schneider published an advisory describing an improper input validation vulnerability in their EcoStruxure™ Operator Terminal Expert and Pro-face BLUE products. The vulnerability is self-reported. Schneider has a new service pack that mitigates the vulnerability.

 

Schneider published an advisory describing a heap-based buffer overflow in their Sepam ACE850 communications interface. This is a third-party (Treck) vulnerability. Schneider provides generic workarounds to mitigate the vulnerability.

NOTE: Schneider is reporting just one of the four latest Treck vulnerabilities reported by NCCIC-ICS.

Schneider Updates

Schneider published an update for their general Ripple20 advisory  that was originally published on June 23, 2020 and most recently updated on December 8^th, 2020. The new information includes adding mitigation measures for PowerLogic PM5000 Series Power Meters.

 

Schneider published an update for their APC Ripple20 advisory that was  originally published on June 23, 2020 and most recently updated on December 18^th, 2020. The new information includes updating the mitigation measures for their Uninterruptible Power Supply (UPS) using NMC3.

 

Schneider published an update for their EcoStruxure™ Operator Terminal Expert advisory that was originally published on November 10^th, 2020. The new information includes adding Pro-face BLUE and WinGP to the list of affected products.

 

Schneider published an update for their Modicon advisory that was originally published on November 10^th, 2020 and most recently updated on December 8^th, 2020. The new information includes adding M100/M200 to the list of affected products.

NOTE: NCCIC-ICS published their report (ICSA-20-334-04) on these vulnerabilities for the previous Schneider revision, so I suppose they should have updated their advisory, but it is getting kind of confusing here.

Siemens Update

Siemens published an update for their CodeMeter advisory that was that was originally published on September 8^th, 2020 and most recently updated on November 10^th, 2020. The new information includes updating mitigation measures for PCS neo and SPPA T3000.

Honeywell End-of-Life Notices

Honeywell published an end-of-life notice [.PDF download link] for PRO3200 Series Access Control Boards.

Honeywell published an end-of-life notice [.PDF download link] for PW6000 Series Access Control Boards.

NOTE: I think that it is commendable that Honeywell takes the time to publish end-of-life notices for their now unsupported equipment. This means that any new vulnerabilities discovered in these products will not be fixed. Owners of this equipment should definitely start considering replacing them with newer products.

FreyrSCADA Report

Talos published a report describing a comparison of incompatible type vulnerability in the FreyrSCADA IEC104 server simulator. It is a coordinated disclosure with FreyrSCADA reportedly providing a patch to mitigate the vulnerability. The Talos report includes proof-of-concept code.