Public ICS Disclosures – Week of 2-6-21 – Part 2

Now I will consider the advisories listed in the monthly tranche of disclosures (original and updates) from Siemens and Schneider that were not reported by NCCIC-ICS this week.

Siemens Advisory

Siemens published an advisory that describes a predictable exact value from previous values vulnerability in their Mentor Nucleus ReadyStart and Nucleus NET modules. The vulnerability was reported by Daniel dos Santos from Forescout Technologies. Siemens has an update for some of the affected products that mitigates the vulnerability. There is no indication that dos Santos has been provided an opportunity to verify the efficacy of the fix.

NOTE: This vulnerability is the apparently the same one that NCCIC-ICS reported in section 3.2.9 of ICSA-21-042-01, Multiple Embedded TCP/IP stacks. That is not, however, currently reflected in the NVC-NIST listing, which lists a different CWE than reported by CISA. And the NCCIC-ICS advisory does not list or link to this advisory.

Schneider Advisory

Schneider published an advisory that describes three vulnerabilities in its PowerLogic power metering products. These vulnerabilities are self-reported. Schneider has new versions for some of the affected products that mitigates the vulnerabilities.

The three reported vulnerabilities are:

• Cross-site request forgery - CVE-2021-22701, and

• Clear-text transmission of sensitive information (2) - CVE-2021-22702 and CVE-2021-22703.

Siemens Updates

Siemens published an update to their GNU/Linux subsystem advisory that was originally published in 2018 and most recently updated on December 8^th, 2020. The new information includes adding the following new CVE’s:

• CVE-2020-1971,

• CVE-2020-8694,

• CVE-2020-15437,

• CVE-2020-25704,

• CVE-2020-29361,

• CVE-2020-29362,

• CVE-2020-29363,

• CVE-2020-29369,

• CVE2020-29660,

• CVE-2020-29661,

• CVE-2020-35448,

• CVE-2020-36221,

• CVE-2020-36222,

• CVE-2020-36223,

• CVE-2020-36224,

• CVE-2020-36225,

• CVE-2020-36226,

• CVE-2020-36227,

• CVE-2020-36228,

• CVE-2020-36229,

• CVE-2020-36230, and

• CVE2021-21120

NOTE: The last corrective action listed was the introduction of v 2.8.4 in December of 2020.

 

Siemens published an update to their CodeMeter advisory that was originally published on September 8^th, 2020 and most recently updated on January 12^th, 2020. The new information includes updating mitigation information for SPPA S3000 (with fixes for the open CVEs).

NOTE: NCCIC-ICS does not update their CodeMeter advisory for changes in vendor advisories since the NCCIC-ICS advisory links to the latest version of the vendor advisory.

 

Siemens published an update to their SCALANCE click-jacking advisory that was originally published on February 11^th, 2020. The new information includes adding mitigation measures for the SCALANCE X-200IRT switch family.

Schneider Update

Schneider published an update for their SNMP Service on Modicon M340 advisory that was originally published on December 12^th, 2020. The new information includes:

• Adding BMXNOC0401 as an affected product, and

• Adding mitigation measures for BMXNOR0200H