Public ICS Disclosures – Week of 10-10-20 – Part 1

This week we have seven vendor disclosures from Eaton, HMS, Bender,
Sprecher, Bosch, Rockwell, and Carestream. There are also three vendor updates
from ABB and Eaton (2). We also have an exploit that was published for products
from BACnet Interoperability Test Services, Inc.

Eaton Advisory

Eaton published an
advisory
for the CodeMeter vulnerabilities
in their Xsoft-CODESYS programming software.

NOTE: This is the first CodeMeter advisory that is specifically tied to the 4th party CODESYS implmenetation of the Wibu-Systems code that I have seen.

HMS Advisory

HMS published an advisory for the Ripple20 vulnerabilities,
reporting that none of their products are affected.

NOTE: The advisory indicates that HMS employed a third-party
research firm to help them assess the potential exposure to these vulnerabilities.

Bender Advisory

Bender published an advisory
describing an improper authentication vulnerability in their COMTRAXX products.
The vulnerability was reported by Maxim Rupp. Bender has a new software version
that mitigates the vulnerability. There is no indication that Maxim has been
provided an opportunity to verify the efficacy of the fix.

Sprecher Advisory

Sprecher published an advisory
describing an input validation vulnerability in their SPRECON-E engineering
tools. The vulnerability was reported by Gregor Bonney of CyberRange-e at
Innogy. Sprecher has a firmware update that mitigates the vulnerability. There
is no indication that Bonney has been provided an opportunity to verify the efficacy
of the fix.

Bosch Advisory

Bosch published an
advisory
describing the Microsoft® remote
desktop services vulnerability
in their Rexroth industrial PCs.

Rockwell Advisory

Rockwell published an
advisory
describing five buffer overflow vulnerabilities in their 1794-AENT
Flex I/O products. The vulnerabilities were reported (here,
here
and here)
by Jared Rittle of Cisco Talos. Rockwell provides generic workarounds to
mitigate these vulnerabilities.

NOTE: The Cisco Talos reports provide proof-of-concept code
for the vulnerabilities.

Carestream Advisory

Carestream published an
advisory
[.PDF download link] describing the Microsoft Bad
Neighbor
vulnerability. Carestream is looking into the potential effects of
this vulnerability on their products.

ABB Update

ABB published an
update
of their CodeMeter advisory for their Automation Builder products
that was originally
published
on September 17th, 2020. ABB reports that CVE-2020-14517
has not been closed in the latest version of the Wibu-Systems CodeMeter (v.7.10a).
That version has been integrated into the latest version of Automation Builder.

Eaton Updates

Eaton published an
update
for their Ripple20 advisory
that was originally
published
 on June 23rd, 2020 and most
recently updated
on July 24th, 2020. The new information
includes updated mitigation information for Form 4D.

Eaton published an
update
for their Triangle MicroWorks
DNP3 Outstation Libraries
vulnerability advisory that was originally
published
on April 22nd, 2020 and most recently updated on
August 6th, 2020. Eaton has updated their affected product list and
mitigation measures.

NOTE: The NCCIC-ICS advisory was never updated to provide
links to vendors reporting these library vulnerabilities in their products.

BACnet Exploit

Zero Science Lab published an
exploit
for a remote denial of service vulnerability in the BACnet Test
Server from BACnet Interoperability Test Services, Inc. There is no report of a
coordinated disclosure or CVE # for this vulnerability so it looks like it may
be a 0-day exploit.

More to Come

Part II of this post will include Schneider and Siemens
advisories and updates.

By admin