Thursday, March 4, 2021

2 Advisories Published – 3-4-21

Today the CISA NCCIC-ICS published two control system security advisories for products from Schneider Electric and Rockwell Automation.

Schneider Advisory

This advisory describes seven vulnerabilities in the Schneider EcoStruxure Building Operation. The vulnerabilities were reported by Luis Vázquez, Francisco Palma, and Diego León of Zerolynx (via INCIBE CERT) and Alessandro Bosco, Luca Di Giuseppe, Alessandro Sabetta, and Massimiliano Brolli of TIM Security Red Team Research. Schneider has a new version that mitigates the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The seven reported vulnerabilities are:

• Unrestricted upload of file with dangerous type - CVE-2020-7569,

• Cross-site scripting (3) - CVE-2020-7570, CVE-2020-7571, and CVE-2020-28210,

• Improper restriction of XML external entity reference - CVE-2020-7572,

• Improper access control - CVE-2020-7573, and

• Unquoted search path or element - CVE-2020-28209

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to allow unauthorized file uploads and command execution by a remote user, which could result in loss of availability, confidentiality, and integrity of the workstation.

NOTE: I briefly discussed these vulnerabilities back in November of last year.

Rockwell Advisory

This advisory describes two vulnerabilities in the Rockwell 1734-AENTR Series B and Series C communications module. The vulnerabilities were reported by Adam Eliot of the Loon Security Team. Rockwell has new firmware versions that mitigate the vulnerabilities. There is no indication that Eliot has been provided an opportunity to verify the efficacy of the fix.

The two reported vulnerabilities are:

• Improper access control - CVE-2020-14504, and

• Cross-site scripting - CVE-2020-14502

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to lead to unauthorized data modification on the affected devices.

No comments:

 
/* Use this with templates/template-twocol.html */