Today the CISA NCCIC-ICS published four control system security advisories for products from ProSoft Technology, Rockwell Automation, Fatek, and PerFact.
ProSoft Advisory
This advisory describes a permissions, privileges, and access controls vulnerability in the ProSoft industrial cellular gateways. The vulnerability was reported by Maxim Rupp. ProSoft has a new firmware version that mitigates the vulnerability. There is no indication that Maxim has been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow an attacker to change the current user’s password and alter device configurations.
Note: Interesting Twitversation about this advisory today.
Rockwell Advisory
This advisory describes an insufficiently protected credentials vulnerability in the Rockwell Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers. The vulnerability was independently reported by Lab. of Information Systems Security Assurance, Kaspersky, and Claroty. Rockwell describes compensating controls to mitigate the vulnerability. There is no indication that the researchers were provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow a remote unauthenticated attacker to bypass the verification mechanism and connect with Logix controllers. Additionally, this vulnerability could enable an unauthorized third-party tool to alter the controller’s configuration and/or application code.
Fatek Advisory
This advisory describes five vulnerabilities in the Fatek FvDesigner software tool. The vulnerabilities were reported by Francis Provencher and rgod via the Zero Day Initiative. Fatek is working on mitigation measures.
The five reported vulnerabilities are:
• Use after free - CVE-2021-22662,
• Access of uninitialized pointer -
CVE-2021-22670,
• Stack-based buffer overflow - CVE-2021-22666,
• Out-of-bounds write - CVE-2021-22683,
and
• Out-of-bounds read - CVE-2021-22638
NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerabilities to allow an attacker to read/modify information, execute arbitrary, and/or crash the application.
PerFact Advisory
This advisory describes an external control of system or configuration setting vulnerability in the PerFact OpenVPN-Client. The vulnerability was reported by Sharon Brizinov of Claroty. PerFact has a new version that mitigates the vulnerability. There is no indication that Sharon has been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to allow for local privilege
escalation or remote code execution through a malicious webpage.
No comments:
Post a Comment