Today CISA’s NCCIC-ICS published seven control system security advisories for products from Siemens, Eaton, Delta Electronics (2), Delta Industrial, Rockwell Automation, and Hitachi ABB Power Grids. They also published three control system security updates for products from Siemens, Mitsubishi and Hitachi ABB.
Siemens Advisory
This advisory describes an improper privilege management vulnerability in the Siemens sold Mendix products. This is a third-party (Mendix) vulnerability. Siemens has new versions for some of their affected products.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow a non-administrative user to gain administrative privileges.
NOTE: I reported on this out-of-zone advisory by Siemens last Thursday.
Eaton Advisory
This advisory describes six vulnerabilities in the Eaton Intelligent Power Manager (IPM). The vulnerabilities were reported by Amir Preminger from Claroty. Eaton has a new version that mitigates the vulnerabilities. There is no indication that Preminger has been provided an opportunity to verify the efficacy of the fix.
The six vulnerabilities reported are:
• SQL injection - CVE-2021-23276,
• Eval injection - CVE-2021-23277,
• Improper input validation (2) - CVE-2021-23278
and CVE-2021-23279,
• Unrestricted upload of file with dangerous
type - CVE-2021-23280, and
• Code injection - CVE-2021-23281
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerabilities to allow attackers to change certain settings, upload code, delete files, or execute commands.
CNCSoft-B Advisory
This advisory describes two vulnerabilities in the Delta Electronics CNCSoft-B. The vulnerability was reported by Natnael Samson via the Zero Day Initiative. Delta has an updated version that mitigates the vulnerability. There is no indication that Samson has been provided an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Out-of-bounds read - CVE-2021-22660,
and
• Out-of-bounds write - CVE-2021-22664
NCCIC-ICS reports that an uncharacterized attacker with uncharacterized access could exploit the vulnerability to lead to arbitrary code execution.
CNSSoft Advisory
This advisory describes an out-of-bounds read vulnerability in the Delta Electronics CNCSoft ScreenEditor. The vulnerability was reported by Natnael Samson via ZDI. Delta has an updated version that mitigates the vulnerability. There is no indication that Samson has been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that an uncharacterized attacker with uncharacterized access could exploit the vulnerability to allow arbitrary code execution.
Delta Industrial Advisory
This advisory describes a stack-based buffer overflow vulnerability in the Delta Industrial Automation COMMGR communication management software, and accompanying PLC simulators. The vulnerability was reported by Peter Cheng from CyberSpace Non-Attack Research Institute of Elex CyberSecurity. Delta has a new version that mitigates the vulnerability. There is no indication than Cheng has been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulenrabilty to allow for remote code execution or cause the application to crash, resulting in a denial-of-service condition in the application server.
Rockwell Advisory
This advisory describes eight vulnerabilities in the Rockwell Stratix Switches. These are third-party vulnerabilities (Cisco). Rockwell has new versions that mitigate the vulnerabilities.
The eight reported vulnerabilities are:
• Insufficiently protected
credentials - CVE-2021-1392,
• Insufficient verification of data
authenticity - CVE-2021-1403,
• Use of out-of-range pointer
offset - CVE-2021-1352,
• Insertion of sensitive
information into log file - CVE-2021-1442,
• OS command injection - CVE-2021-1452,
• Command injection - CVE-2021-1443,
and
• Improper input validation (2) - CVE-2021-1220 and CVE-2021-1356
NOTE 1: Links above are to the Cisco advisories.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to result in denial-of-service conditions, unauthorized privilege escalation, web socket hijacking, relative path traversal, or command injection.
NOTE 2: I briefly reported on these vulnerabilities back in March.
Hitachi ABB Advisory
This advisory describes a cross-site scripting vulnerability in the Hitachi ABB Ellipse APM. The vulnerability is self-reported. Hitachi ABB has new versions that mitigate the vulnerabilty.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser.
Siemens Update
This update provides additional information on an advisory that was originally published on March 10th, 2020. The new information includes:
• Adding a partial solution for
SiNVR/SiVMS Video Server, and
• Removing information for Control Center Server (CCS), which is now addressed in SSA-761844
NOTE: I briefly reported on the Siemens update on Sunday.
Mitsubishi Update
This update
provides additional information on an advisory that was originally
published on June 9th, 2020 and most
recently updated on November 5th, 2020. The new information
includes clarifying in the vulnerability overview that the resource exhaustion is
effected at the Ethernet port by sending a
specially crafted packet.
Hitachi ABB Update
This update
provides additional information on an advisory that was originally
published on April 6th, 2021. The new information includes
updating affected versions and providing mitigation measures for Relion 670
series version 2.0. Hitachi ABB updated their
advisory.
Posts
No comments:
Post a Comment