Public ICS Disclosures – Week of 4-10-21 – Part 2

Today we look at three vendor disclosures from Siemens (2) and Schneider. There are also six vendor updates from Siemens (5) and Schneider.

Siemens Advisories

This advisory describes four vulnerabilities in the DNS modules of their Nucleus products. These are the NAME:WRECK DNS vulnerabilities. Siemens has updates that mitigate the vulnerabilities in some of the affected products.

The four reported vulnerabilities are:

• Improper null termination - CVE-2020-27736,

• Out-of-bounds read - CVE-2020-27737,

• Access of memory location after end of buffer - CVE-2020-27738, and

• Use of insufficiently random variables - CVE-2021-25677

 

This advisory describes a use of hard-coded cryptographic key vulnerability in their Smartclient installer. Siemens has provides workarounds to mitigate the vulnerability.

Schneider Advisory

This advisory discusses two Windows® vulnerabilities in their s NTZ Mekhanotronika Rus. LLC control panels. Schneider provides links to two Microsoft updates that mitigate the vulnerabilities.

The two reported vulnerabilities are:

• Windows NTLM tampering vulnerability - CVE-2019-1040, and

• Win32k elevation of privilege vulnerability - : CVE-2019-0803

Siemens Updates

This update provides additional details on their GNU/Linux subsystem advisory that was originally published in 2018 and most recently updated on March 9^th, 2021. The new information includes adding:

• CVE-2017-12424,

• CVE-2017-20002,

• CVE-2020-14871 (exploit),

• CVE-2021-3428,

• CVE-2021-3450,

• CVE-2021-27219, and

• CVE-2021-28153

NOTE: NCCIC-ICS does not cover this advisory.

 

This update provides additional details on their CodeMeter advisory that was originally published in 2018 and most recently updated on March 9^th, 2021.  The new information includes updating the solution for:

• PSS CAPE, and

• SIMIT

NOTE: NCCIC-ICS does not update their CodeMeter advisory for changes in vendor advisories since the NCCIC-ICS advisory links to the latest version of the vendor advisory.

 

This update provides additional details on their  DNSpooq advisory that was originally published on January 19^th, 2021 and most recently updated on March 9^th, 2021. The new information includes adding solutions for:

• SCALANCE M-800/S615, and

• RUGGEDCOM RM1224

NOTE: NCCIC-ICS does not update their DNSSpooq advisory for changes in vendor advisories since the NCCIC-ICS advisory links to the latest version of the vendor advisory.

 

This update provides additional details on the Solid Edge advisory that was originally published on March 9^th, 2021. The new information includes:

• Adding fix information for two of the vulnerabilities, and

• Adding a reference to SSA-574442.

NOTE: NCCIC-ICS should have updated their advisory.

 

This update provides additional details on their SiNVR/SiVMS Video Server advisory that was originally published on March 10^th, 2020. The new information includes:

• Adding a partial solution for SiNVR/SiVMS Video Server, and

• Removing information for Control Center Server (CCS), which is now addressed in SSA-761844

NOTE: NCCIC-ICS should have updated their advisory.

Schneider Update

This update provides additional information on their Ripple20 advisory that was originally published on June 23, 2020 and most recently updated on March 9^th, 2021. The new information includes adding remediation for Acti9 PowerTag Link C.