Today CISA’s NCCIC-ICS published two control system security advisories for products from Horner Automation and Luxion. They also updated an advisory for products from WAGO.
Horner Advisory
This advisory describes an out-of-bounds read vulnerability in the Horner Cscape control system application programming software. The vulnerability was reported by Francis Provencher via the Zero Day Initiative. Horner has a new version that mitigates the vulnerability. There is no indication that Provencher has been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit this vulnerability to allow code execution in the context of the current process.
Luxion Advisory
This advisory describes five vulnerabilities in the Luxion KeyShot 3D rendering and animation software. The vulnerabilities were reported by rgod via ZDI. Luxion has an update that mitigates the vulnerabilities. There is no indication that rgod has been provided an opportunity to verify the efficacy of the fix.
The five reported vulnerabilities are:
• Out-of-bounds write - CVE-2021-22647,
• Out-of-bounds read - CVE-2021-22643,
• Insufficient UI warning of dangerous
operation - CVE-2021-22645,
• Untrusted pointer dereference - CVE-2021-22649,
and
• Path traversal - CVE-2021-22651
NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit these vulnerabilities to allow arbitrary code execution, the storing of arbitrary scripts into automatic startup folders, and the attacking of products without sufficient UI warning.
WAGO Update
This update provides additional information for an advisory that was originally published on January 21st, 2011. The new information includes:
• Adding Weidmüller as an affected
vendor,
• Re-writes vulnerability
description to expand affect beyond just RTIS products, and
• Added links to Emerson and Weidmüller advisories.
NOTE 1: I reported on the Weidmüller advisory on January 23rd.
NOTE 2: The Rockwell advisory about which I
reported on January 30th is still missing from the list of affected
vendors.
Posts
No comments:
Post a Comment