Today CISA’s NCCIC-ICS published three control system security advisory for products from Advantech (2) and Rockwell Automation.
Spectre RT Advisory
This advisory describes nine vulnerabilities in the Advantech Spectre RT Industrial Routers. The vulnerabilities were reported by Ilya Karpov and Evgeniy Druzhinin of Rostelecom-Solar and Vlad Komarov of ScadaX. Advantech has a newer version that mitigates the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.
The nine reported vulnerabilities are:
• Improper neutralization of input
during web page generation - CVE-2019-18233,
• Cleartext transmission of
sensitive information - CVE-2019-18231,
• Improper restriction of excessive
authentication attempts - CVE-2019-18235,
• Use of broken or risky
cryptographic algorithm (3) - CVE-2018-20679, CVE-2016-6301, and CVE-2015-9261 {3rd
party vulnerabilities (BusyBox)}, and
• Use of platform-dependent third-party components (3) - CVE-2016-2842, CVE-2016-0799, CVE-2016-6304 {3rd party vulnerabilities (OpenSSL)}.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerabilities to allow information disclosure, deletion of files, and remote code execution. A number of the NIST CVE reports contain links to publicly available exploits for selected vulnerabilities.
NOTE: I briefly discussed these vulnerabilities back in January.
BB-ESWGP Advisory
This advisory describes a use of hard-coded credentials vulnerability in the Advantech BB-ESWGP506-2SFP-T industrial ethernet switches. The vulnerability was reported by an anonymous researcher via the Zero Day Initiative. Advantech no longer supports this product.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow an attacker to gain unauthorized access to sensitive information and execute arbitrary code.
Rockwell Advisory
This advisory describes a use of password hash with insufficient computational effort vulnerability in the Rockwell FactoryTalk Services Platform. The vulnerability is self-reported. Rockwell has a new version that mitigates the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow a remote, unauthenticated attacker to create new users in the FactoryTalk Services Platform administration console. These new users could allow an attacker to modify or delete configuration and application data in other FactoryTalk software connected to the FactoryTalk Services Platform.
NOTE: I briefly
discussed this vulnerability in August of last year.
Posts
No comments:
Post a Comment