Saturday, April 3, 2021

Public ICS Disclosures – Week of 3-27-21

This week we have four vendor disclosures from Bosch (2), Dell, and VMware. There is an update from CODESYS. We also have three researcher reports for products from Rockwell Automation and Softing (2). Finally, we have an exploit for ScadaBR.

Bosch Advisories

Bosch published an advisory describing a stack-based buffer overflow in their Rexroth ActiveMover product using Ethernet IP. This is a third-party (Hilscher) vulnerability. Bosch has a newer version that mitigates the vulnerabilty.

 

Bosch published an advisory describing a stack-based buffer overflow in their Rexroth ActiveMover using Profinet. This is a third-party (Hilscher) vulnerability. Bosch provides generic workarounds to mitigate the vulnerability.

Dell Advisory

Dell published an advisory describing a configuration vulnerability in their Wyse ThinOS. The vulnerability was reported by Emanuel Rodrigues. Dell has new versions that mitigate the vulnerability. There is no indication that Rodrigues has been provided an opportunity to verify the efficacy of the fix.

VMware Advisory

VMware has published an advisory describing two vulnerabilities in their vRealize Operations product. The vulnerabilities were reported by Egor Dimitrenko of Positive Technologies. VMware has updates that mitigate the vulnerabilities. There is no indication that Dimitrenko has been provided an opportunity to verify the efficacy of the fix.

The two reported vulnerabilities are:

• Server-side request forgery - CVE-2021-21975, and

• Arbitrary file write - CVE-2021-21983

NOTE: Tenable has published a report on these vulnerabilities.

CODESYS Update

CODESYS published an update [.PDF download link] for their Control V3 password handling advisory that was originally published on August 1st, 2019 and most recently updated on May 14th, 2020. The new information includes:

• Enabling online user management by default,

• Adding additional JIRA reference CDS-73742, and

• Extending available software updates by V3.5.17.0 update

NOTE: The NCCIC-ICS advisory (ICSA-19-213-04) has not yet been updated.

Rockwell Report

Claroty published a report on the Rockwell FactoryTalk AssetCentre vulnerabilities that were announced earlier this week.

Softing Reports

Gruppo Tim published two reports for vulnerabilities in the Softing AG OPC Toolbox. The reports contain proof of concept code. There is no indication that Softing has been contacted.

The two reported vulnerabilities are:

• Cross-site scripting - CVE-2021-29661, and

• Cross-site request forgery - CVE-2021-29660

ScadaBR Exploit

Fellipe Oiveira published an exploit for an arbitrary file upload vulnerability in the ScadaBR. There are no CVEs or indications that the vendor has been contacted. This may be a 0-day exploit.

No comments:

 
/* Use this with templates/template-twocol.html */