Thursday, October 12, 2017

ICS-CERT Publishes 5 Advisories and 1 Update

Today the DHS publishes five control system security updates for products from ProMinent, WECON, Envitech, NXP Semiconductor, and Siemens. They also updated a previously published control system security advisory for products from Marel Food Processing Systems.

Siemens Advisory


This advisory describes two vulnerabilities in the Siemens BACnet Field Panels. The vulnerabilities are self-reported. Siemens has developed a new firmware version that mitigates the vulnerabilities.

The two reported vulnerabilities are:

• Authentication bypass using an alternate path or channel - CVE-2017-9946; and
• Path traversal - CVE-2017-9947

ICS-CERT reports that a relatively low skilled attacker could remotely exploit the vulnerability to allow unauthenticated attackers with access to the integrated webserver to download sensitive information. The Siemens security advisory notes that the first vulnerability requires network access to exploit.

NXP Advisory


This advisory describes two vulnerabilities in the NXP MQX real time operating system (RTOS). The vulnerability was reported by Scott Gayou. ICS-CERT reports that NXP intends to issue a new version in January to mitigate the vulnerabilities. NXP provides a work around for the first vulnerability in the latest version (the second does not exist in that version) and recommends that users upgrade to that newer version pending the January update.

The two reported vulnerabilities are:

• Classic buffer overflow – CVE-2017-12718; and
• Out-of-bounds read – CVE-2017-12722

ICS-CERT reports that a relatively low skilled attacker could remotely exploit the vulnerabilities to cause a buffer overflow condition that may, in turn, cause remote code execution or out-of-bounds read conditions, resulting in a denial of service.

Envitech Advisory


This advisory describes an improper authentication vulnerability in the Envitech EnviDAS Ultimate web application. The vulnerability was reported by Can Demirel and Deniz Çevik of Biznet Bilisim. Envitech has a new version that mitigates the vulnerability. ICS-CERT reports that the researchers have verified the efficacy of the fix.

ICS-CERT reports that relatively low skilled attacker could remotely exploit the vulnerability  to view and edit settings without authenticating and execute code remotely.

WECON Advisory


This advisory describes a stack-based buffer overflow vulnerability in the WECON LeviStudio HMI Editor. The vulnerability was reported by Andrea “rgod” Micalizzi, working with iDefense Labs. WECON has developed a new version that mitigates the vulnerability. There is no indication that Micalizzi was provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low skilled attacker could remotely exploit the vulnerability to effect a denial of service and arbitrary code execution.

ProMinent Advisory


This advisory describes multiple vulnerabilities in the ProMinent MultiFLEX M10a Controller. The vulnerabilities were reported by Maxim Rupp. ICS-CERT reports that ProMinent has not mitigated the vulnerabilities.

The reported vulnerabilities are:

• Client-side enforcement of server-side security - CVE-2017-14013l;
• Insufficient session expiration - CVE-2017-14007;
• Cross-site request forgery - CVE-2017-14011;
• Information exposure - CVE-2017-14009; and
• Unverified password change - CVE-2017-14005

ICS-CERT reports that a relatively low skilled attacker could remotely exploit the vulnerabilities  to bypass protection mechanisms, assume the identity of authenticated users, and change the device configuration.

Marel Update


This update provides additional information on an advisory originally published on April 4th, 2017 and updated on August 17th. This update provides information on the firewall update for the Pluto platform that Marel has released.


The advisory still states that “Marel has created an update for Pluto-based applications, which was scheduled for release in October, 2017. This update will restrict remote access by implementing SSH authentication”.

No comments:

 
/* Use this with templates/template-twocol.html */