In the second part of this week’s ‘Public ICS Disclosure’ we
have two vendor disclosures from Schneider that were missed by NCCIC-ICS. We
also have five updates from Schneider (4) and Siemens. There were two end-of-life
notices published by Honeywell. There is also a researcher report about
products from FreyrSCADA.

Schneider Advisories

Schneider published an
advisory
describing an improper input validation vulnerability in their EcoStruxure™
Operator Terminal Expert and Pro-face BLUE products. The vulnerability is
self-reported. Schneider has a new service pack that mitigates the
vulnerability.

 

Schneider published an
advisory
describing a heap-based buffer overflow in their Sepam ACE850
communications interface. This is a third-party (Treck)
vulnerability. Schneider provides generic workarounds to mitigate the
vulnerability.

NOTE: Schneider is reporting just one of the four latest
Treck vulnerabilities reported
by
NCCIC-ICS.

Schneider Updates

Schneider published an
update
for their general Ripple20 advisory
 that was originally
published
 on June 23, 2020 and most
recently updated 
on December 8th, 2020. The new
information includes adding mitigation measures for PowerLogic PM5000 Series
Power Meters.

 

Schneider published an
update
for their APC Ripple20 advisory
that was  originally
published
 on June 23, 2020 and most recently updated on
December 18th, 2020. The new information includes updating the
mitigation measures for their Uninterruptible Power Supply (UPS) using NMC3.

 

Schneider published an
update
for their EcoStruxure™ Operator Terminal Expert advisory that was originally
published
on November 10th, 2020. The new information includes
adding Pro-face BLUE and WinGP to the list of affected products.

 

Schneider published an
update
for their Modicon advisory that was originally
published
on November 10th, 2020 and most
recently updated
on December 8th, 2020. The new information
includes adding M100/M200 to the list of affected products.

NOTE: NCCIC-ICS published their report (ICSA-20-334-04)
on these vulnerabilities for the previous Schneider revision, so I suppose they
should have updated their advisory, but it is getting kind of confusing here.

Siemens Update

Siemens published an update for their CodeMeter advisory
that was that was originally
published
on September 8th, 2020 and most recently updated on November
10th, 2020. The new information includes updating mitigation
measures for PCS neo and SPPA T3000.

Honeywell End-of-Life Notices

Honeywell published an end-of-life
notice
[.PDF download link] for PRO3200 Series Access Control Boards.

Honeywell published an end-of-life
notice
[.PDF download link] for PW6000 Series Access Control Boards.

NOTE: I think that it is commendable that Honeywell takes
the time to publish end-of-life notices for their now unsupported equipment.
This means that any new vulnerabilities discovered in these products will not
be fixed. Owners of this equipment should definitely start considering
replacing them with newer products.

FreyrSCADA Report

Talos published a
report
describing a comparison of incompatible type vulnerability in the
FreyrSCADA IEC104 server simulator. It is a coordinated disclosure with
FreyrSCADA reportedly providing a patch to mitigate the vulnerability. The
Talos report includes proof-of-concept code.

By admin