The CISA NCCIC-ICS published three control system security
advisories for products from MB connect line, Rockwell Automation and Hitachi ABB
Power Grids.

MB Connect Advisory

This advisory
describes 18 vulnerabilities in the MB connect line mymbCONNECT24 and
mbCONNECT24 remote access products. The vulnerabilities were
reported
by OTORIO. MB connect has a new version that mitigates most of the
vulnerabilities, the remaining vulnerabilities will be fixed in a future
release. There is no indication that the researchers have been provided an
opportunity to verify the efficacy of the fix.

The 18 reported vulnerabilities are:

• Improper privilege management (4)
– CVE-2020-12527, CVE-2020-12528, CVE-2020-35557, and CVE-2020-10384,

• Server-side request forgery (3) –
CVE-2020-12529, CVE-2020-35558, and CVE-2020-35561,

• Cross-site scripting (4) – CVE-2020-12530,
CVE-2020-35563, CVE-2020-35564, and CVE-2020-35569,

• Uncontrolled resource consumption
– CVE-2020-35559,

• Open redirect – CVE-2020-35560,

• Insecure default initialization
of resource – CVE-2020-35565,

• PHP remote file inclusion – CVE-2020-35566,

• Use of hard-coded credentials – CVE-2020-35567,

• Exposure of sensitive information
to an unauthorized actor – CVE-2020-35568, and

• Files or directories accessible
to external parties – CVE-2020-35570

NCCIC-ICS reports that a relatively low-skilled attacker could
remotely exploit the vulnerabilities to allow a remote attacker to gain
unauthorized access to arbitrary information or allow remote code execution.
The OTORIO report lists that same general potential effects with much more
vivid language.

NOTE: The OTORIO report refers to ‘more than 20 critical
security flaws’, but does not provide a list of the vulnerabilities.

Rockwell Advisory

This advisory
describes an improper input validation vulnerability in the Rockwell  CompactLogix and ControlLogix controllers. The
vulnerability was reported by Yeop Chang. Rockwell has newer firmware that
mitigates the vulnerability. There is no indication that the researcher has
been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to allow an attacker to send specially
crafted CIP packet requests to a controller, which may cause denial-of-service
conditions in communications with other products.

Hitachi ABB Advisory

This advisory
describes two vulnerabilities in the Hitachi ABB Ellipse Enterprise Asset
Management products. The vulnerabilities are self-reported. Hitachi ABB has a
new version that mitigates the vulnerabilities.

NOTE: The Hitachi ABB advisory
reports that the vulnerability was reported to them by a private individual via
a responsible disclosure. There is no indication that the individual was
provided an opportunity to verify the efficacy of the fix.

The two reported vulnerabilities are:

• Cross-site scripting – CVE-2021-27416,
and

• User interface misrepresentation
of critical information – CVE-2021-27414

NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit these vulnerabilities to allow an attacker to steal
sensitive information, hijack a user’s session, or compromise authentication
credentials.

Go to Source of this post
Author Of this post: PJCoyle

By admin