Today CISA’s NCCIC-ICS published five control system security advisories for products from Mitsubishi, Siemens, Mesa Labs, Johnson Controls, and GENIVI Alliance. They also published updates for advisories for products from Mitsubishi (3) and Siemens (2).
Mitsubishi Advisory
This advisory describes an uncontrolled resource consumption vulnerability in the Mitisubishi MELSEC iQ-R series CPU. The vulnerability was reported by Younes Dragoni of Nozomi Networks. Mitisubishi provides generic workarounds to mitigate the vulenrablity.
NCCIC-ICS reports that a relatively low-skilled attacker can remotely exploit the vulnerability to prevent legitimate clients from connecting to an affected product.
Siemens Advisory
This advisory describes five vulnerabilities in the Siemens JT2Go and Teamcenter Visualization. The vulnerabilities were reported by Michael DePlante, Francis Provencher, and rgod via the Zero Day Initiative and Carsten Eiram from Risk Based Security.
The five reported vulnerabilities are:
• Out-of-bounds read (3) - CVE-2020-26998,
CVE-2020-26999, and CVE-2020-27002,
• Stack-based buffer overflow - CVE-2020-27001,
• Untrusted pointer dereference - CVE-2020-26991
NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerabilities to lead to arbitrary code execution or information leakage.
NOTE: I briefly discussed these vulnerabilities and the two JT2GTo updates below last Saturday.
Mesa Labs Advisory
This advisory describes five vulnerabilities in the Mesa Labs AmegaView continuous monitoring hardware and software platform. The vulnerability was reported by Stephen Yackey of Securifera. There will be no update to mitigate the vulnerabilities because the product is approaching end-of-service (end of the year).
The five reported vulnerabilities are:
• Command injection - CVE-2021-27447
and CVE-2021-27449,
• Improper authentication - CVE-2021-27451,
• Authentication bypass using an
alternate path or channel - CVE-2021-27453, and
• Improper privilege management - CVE-2021-27445
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerabilities to allow remote code execution or allow access to the device.
Johnson Controls Advisory
This advisory describes an off-by-one error vulnerability in the Sensormatic Electronics VideoEdge products. This is a third-party (SUDO) vulnerability with multiple published exploits (see here, here, and here for instance). The vulnerability was self-reported.
NCCIC-ICS reported that a relatively low-skilled attacker with local authenticated access could exploit this vulnerability to gain administrative access.
NOTE: This is virtually the same advisory that was published earlier this month for the Sensormatic Tyco AI. Each respective Johnson Control advisory calls the subsidiary ‘American Dynamics’ not Sensormatic.
GENIVI Advisory
This advisory describes a heap-based buffer overflow vulnerability in the GENIVI DLT-Daemon. The vulnerability was reported by Jan Schrewe of Informatik. GENIVI has a new version that mitigates the vulnerability. There is no indication that Schrewe has been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to lead to remote code execution or crash the application.
Factory Automation Update #1
This update provides additional information on an advisory that was originally published on July 30th, 2020 and most recently updated on January 14th, 2021. The new information includes providing updated affected version information and mitigation measures for:
• EZSocket, and
• PX Developer
Factory Automation Update #2
This update provides additional information on an advisory that was originally published on July 30th, 2020 and most recently updated on January 14th, 2021. The new information includes providing updated affected version information and mitigation measures for MELSEC iQ-R Series Motion Module.
FA Engineering Update
This update provides additional information on an advisory that was originally published on February 18th, 2021. The new information includes:
• Adding the following to the list of affected products:
◦ iQ Monozukuri ANDON (Data Transfer), and
◦ iQ Monozukuri Process Remote Monitoring (Data Transfer, and
• Providing updated affected version information and mitigation measures for:
◦ CPU Module Logging Configuration Tool,
◦ CW Configurator,
◦ Data Transfer,
◦ FR Configurator2,
◦ GT Designer3 Version1(GOT1000),
◦ GT Designer3 Version1(GOT2000),
◦ GT SoftGOT1000 Version3,
◦ GT SoftGOT2000 Version1,
◦ GX LogViewer,
◦ PX Developer, and
◦ RT ToolBox3
JT2Go Update #1
This update provides additional information on an advisory that was originally published on January 12th, 2021 and most recently updated on February 9th, 2021. The new information includes:
• Moving CVE-2020-26989,
CVE-2020-26990, and CVE-2020-28383 to advisory SSA-663999,
and
• Moving CVE-2020-26991 to SSA-695540
JT2Go Update #2
This update provides additional information on an advisory that was originally published on February 9th, 2021. The new information includes:
• Removing vulnerabilities
CVE-2020-26991, CVE-2020-26998, CVE-2020-26999, CVE-2020-27001, and CVE-2020-27002,
and
• Adding d CVE-2020-28383 and CVE2021-31784.
No comments:
Post a Comment