Public ICS Disclosures – Week of 3-13-21

This week we have 19 vendor disclosures from GE Grid (17), Moxa, and Philips. We have one update from BD. We have three researcher reports for products from Soyal. Finally, we have two exploits for products from QNAP and VMware.

GE Grid Advisories

GE Grid published advisories for the below listed products. The advisories are only available to GE registered customers. It is possible that these are all related to the vulnerabilities reported by NCCIC-ICS in the GE UR product earlier this week.

C30 Controller,

C60 Breaker Management Relay,

C70 Capacitor Bank Protection and Control System,

B30 Bus Differential Relay,

B90 Bus Differential System,

F35 Multiple Feeder Management Relay,

F60 Feeder Management Relay,

G30 Generator Management Relay,

G60 Generator Management Relay,

L30 Line Current Differential Relay,

L60 Line Phase Comparison Relay,

L90 Line Current Differential Relay,

M60 Motor Management Relay,

D30 Line Distance Relay,

D60 Line Distance Relay,

N60 Network Stability and Synchrophasor Measurement System,

T35 Transformer Management Relay, and

T60 Transformer Management Relay ,

Moxa Advisory

Moxa published an advisory describing three vulnerabilities in their VPort 06EC-2V Series IP Cameras. The vulnerabilities were reported by Qian Chen of Qihoo 360 Nirvan Team. Moxa has patches available to mitigate the vulnerabilities. There is no indication that Qian has been provided an opportunity to verify the efficacy of the fix.

The three reported vulnerabilities are:

• Null pointer dereference,

• Integer underflow, and

• Out-of-bounds read.

Philips Advisory

Philips published an advisory discussing the F5 Network vulnerabilities. Philips has identified the following products as being affected by the vulnerabilities:

• Clinical Collaboration Platform,

• IS PACS,

• Universal Data Manager, and

• VueByond

BD Update

BD published an update for their BD Alaris advisory that was originally published on February 6^th, 2017 and most recently updated on October 19^th, 2017. The new information includes:

• Updating the affected product list to include an out-of-service product,

• Adding Palo Alto Networks as the original reporter of the vulnerability,

• Adding a description of the replacement of an internal flash drive vulnerability, and

• Adding a notice that a product update is pending FDA review.

NOTE: NCCIC-ICS has not yet updated their advisory (ICSMA-17-017-02) for this updated information.

Soyal Reports

Zero Science published three reports for vulnerabilities in the SOYAL Biometric Access Control System. The vulnerability disclosures were coordinated with ZOYAL, but status of the mitigation measures is not currently available. Exploits have been published for each of the three reported vulnerabilities by LiquidWorm

The three reported vulnerabilities are:

• CSRF change admin password – (exploit),

• Weak default credentials – (exploit), and

• Master code disclosure – (exploit)

QNAP Exploit

Luiz Martinez published an exploit for an unquoted service path vulnerability in the QNAP QVR Client. There is no CVE number provided nor is there any mention of coordination with QNAP, so this may be a 0-day exploit.

VMWare Exploit

Grant Willcox and Mikhail Klyuchnikov published a Metasploit module for an unauthenticated log file upload vulnerability in the VMwareView Planner product. This vulnerability was previously reported by VMware.