Tuesday, April 20, 2021

7 Advisories and 3 Updates Published – 4-20-21

Today CISA’s NCCIC-ICS published seven control system security advisories for products from Siemens, Eaton, Delta Electronics (2), Delta Industrial, Rockwell Automation, and Hitachi ABB Power Grids. They also published three control system security updates for products from Siemens, Mitsubishi and Hitachi ABB.

Siemens Advisory

This advisory describes an improper privilege management vulnerability in the Siemens sold Mendix products. This is a third-party (Mendix) vulnerability. Siemens has new versions for some of their affected products.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to  allow a non-administrative user to gain administrative privileges.

NOTE: I reported on this out-of-zone advisory by Siemens last Thursday.

Eaton Advisory

This advisory describes six vulnerabilities in the Eaton Intelligent Power Manager (IPM). The vulnerabilities were reported by Amir Preminger from Claroty. Eaton has a new version that mitigates the vulnerabilities. There is no indication that Preminger has been provided an opportunity to verify the efficacy of the fix.

The six vulnerabilities reported are:

• SQL injection - CVE-2021-23276,

• Eval injection - CVE-2021-23277,

• Improper input validation (2) - CVE-2021-23278 and CVE-2021-23279,

• Unrestricted upload of file with dangerous type - CVE-2021-23280, and

• Code injection - CVE-2021-23281

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerabilities to allow attackers to change certain settings, upload code, delete files, or execute commands.

CNCSoft-B Advisory

This advisory describes two vulnerabilities in the Delta Electronics CNCSoft-B. The vulnerability was reported by Natnael Samson via the Zero Day Initiative. Delta has an updated version that mitigates the vulnerability. There is no indication that Samson has been provided an opportunity to verify the efficacy of the fix.

The two reported vulnerabilities are:

• Out-of-bounds read - CVE-2021-22660, and

• Out-of-bounds write - CVE-2021-22664

NCCIC-ICS reports that an uncharacterized attacker with uncharacterized access could exploit the vulnerability to lead to arbitrary code execution.

CNSSoft Advisory

This advisory describes an out-of-bounds read vulnerability in the Delta Electronics CNCSoft ScreenEditor. The vulnerability was reported by Natnael Samson via ZDI. Delta has an updated version that mitigates the vulnerability. There is no indication that Samson has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that an uncharacterized attacker with uncharacterized access could exploit the vulnerability to allow arbitrary code execution.

Delta Industrial Advisory

This advisory describes a stack-based buffer overflow vulnerability in the Delta Industrial Automation COMMGR communication management software, and accompanying PLC simulators. The vulnerability was reported by Peter Cheng from CyberSpace Non-Attack Research Institute of Elex CyberSecurity. Delta has a new version that mitigates the vulnerability. There is no indication than Cheng has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulenrabilty to allow for remote code execution or cause the application to crash, resulting in a denial-of-service condition in the application server.

Rockwell Advisory

This advisory describes eight vulnerabilities in the Rockwell Stratix Switches. These are third-party vulnerabilities (Cisco). Rockwell has new versions that mitigate the vulnerabilities.

The eight reported vulnerabilities are:

• Insufficiently protected credentials - CVE-2021-1392,

• Insufficient verification of data authenticity - CVE-2021-1403,

• Use of out-of-range pointer offset - CVE-2021-1352,

• Insertion of sensitive information into log file - CVE-2021-1442,

• OS command injection - CVE-2021-1452,

• Command injection - CVE-2021-1443, and

• Improper input validation (2) - CVE-2021-1220 and CVE-2021-1356

NOTE 1: Links above are to the Cisco advisories.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to result in denial-of-service conditions, unauthorized privilege escalation, web socket hijacking, relative path traversal, or command injection.

NOTE 2: I briefly reported on these vulnerabilities back in March.

Hitachi ABB Advisory

This advisory describes a cross-site scripting vulnerability in the Hitachi ABB Ellipse APM. The vulnerability is self-reported. Hitachi ABB has new versions that mitigate the vulnerabilty.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser.

Siemens Update

This update provides additional information on an advisory that was originally published on March 10th, 2020. The new information includes:

• Adding a partial solution for SiNVR/SiVMS Video Server, and

• Removing information for Control Center Server (CCS), which is now addressed in SSA-761844

NOTE: I briefly reported on the Siemens update on Sunday.

Mitsubishi Update

This update provides additional information on an advisory that was originally published on June 9th, 2020 and most recently updated on November 5th, 2020. The new information includes clarifying in the vulnerability overview that the resource exhaustion is effected at the Ethernet port by sending a

specially crafted packet.

Hitachi ABB Update

This update provides additional information on an advisory that was originally published on April 6th, 2021. The new information includes updating affected versions and providing mitigation measures for Relion 670 series version 2.0. Hitachi ABB updated their advisory.

No comments:

 
/* Use this with templates/template-twocol.html */