Saturday, March 6, 2021

ICS Public Disclosures – Week of 2-27-21

This week we have eight public disclosures from Bosch, Carestream, ENDRESS+HAUSER, Dell, Draeger, GE Healthcare, Pulse Secure, and VMWare. An update is available for products from Rockwell. There is an end-of-life notice from Honeywell. Finally, there is an exploit for products from VMware.

Bosch Advisory

Bosch published an advisory describing a side-channel key extraction vulnerability in the Bosch cameras and encoders built on platforms CPP-ENC, CPP3, CPP4, CPP5, CPP6, CPP7 and CPP7.3.  This is a third-party vulnerability (NXP). Since this is a chip-based vulnerability, Bosch is only able to provide generic workarounds. The original NinjaLab report on the NXP vulnerability contains proof-of-concept code.

NOTE: This third-party vulnerability was reported earlier in products from Rockwell, other vendors will probably also be affected.

Carestream Advisory

Carestream published an advisory discussing the Google heap-based buffer overflow vulnerability. Carestream provides a list of affected and unaffected products. Carestream will update Chrome in the next product release for the affected products.

ENDRESS+HAUSER Advisory

CERT-VDE published an advisory discussing the fdtCONTAINER vulnerability in a number of their products. ENDRESS+HAUSER provides generic workarounds pending development of appropriate mitigation measures in future versions of the product.

Dell Advisory

Dell published an advisory describing two vulnerabilities in their EMC OpenManage Server Administrator. The vulnerabilities were reported by David Yesland from Rhino Security Labs and Tenable. Dell has new versions that mitigate the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The two reported vulnerabilities are:

• Authentication bypass - CVE-2021-21513, and

• Path traversal - CVE-2021-21514

NOTE: The Tenable report contains proof-of-concept code for the

Draeger Advisory

Draeger published an advisory describing an out-of-bounds write vulnerability in their CC-Vision Basic and CC-Vision E-Cal Software. The vulnerability was reported by Mario Ceballos. Draeger had new versions that mitigate the vulnerability. There is no indication that Ceballos has been provided an opportunity to verify the efficacy of the fix.

GE Healthcare Advisory

GE Healthcare has published an advisory discussing the Microsoft Windows TCP/IP vulnerabilities. GE Healthcare reports that they are actively assessing products to see if they are affected.

Pulse Secure Advisory

Pulse Secure has published an advisory discussing the Trickboot vulnerability in their PSA-Series Hardware. Pulse Secure has a BIOS patch available that mitigates the vulnerability.

VMWare Advisory

VMWare published an advisory describing a remote code execution vulnerability in their View Planner product. The vulnerability was reported by Mikhail Klyuchnikov of Positive Technologies. VMware has a security patch that mitigates the vulnerability. There is no indication that Klyuchnikov has been provided an opportunity to verify the efficacy of the fix.

Rockwell Update

Rockwell published an update for their Logix Controllers advisory that was originally published on February 25th, 2021. The advisory was re-written for clarity.

NOTE: I suspect the NCCIC-ICS will update their advisory on this vulnerability this coming week.

Honeywell EOL Notice

Honeywell published an end-of-life notice for their Pro-Watch 4.3 and Pro-Watch 4.35 products. The products will no longer be supported after September 30th, 2021.

VMWare Exploit

Photubias published an exploit for an unauthenticated file upload vulnerability in the VMware vCenter Server 7.0. The vulnerability was previously reported by VMWare.

No comments:

 
/* Use this with templates/template-twocol.html */