March 6, 2021

SpywareNews.com

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

3 Advisories Published – 2-23-21

Today CISA’s NCCIC-ICS published three control system
security advisory for products from Advantech (2) and Rockwell Automation.

Spectre RT Advisory

This advisory
describes nine vulnerabilities in the Advantech Spectre RT Industrial Routers.
The vulnerabilities were reported by Ilya Karpov and Evgeniy Druzhinin of
Rostelecom-Solar and Vlad Komarov of ScadaX. Advantech has a newer version that
mitigates the vulnerabilities. There is no indication that the researchers have
been provided an opportunity to verify the efficacy of the fix.

The nine reported vulnerabilities are:

• Improper neutralization of input
during web page generation – CVE-2019-18233,

• Cleartext transmission of
sensitive information – CVE-2019-18231,

• Improper restriction of excessive
authentication attempts – CVE-2019-18235,

• Use of broken or risky
cryptographic algorithm (3) – CVE-2018-20679, CVE-2016-6301, and CVE-2015-9261 {3rd
party vulnerabilities (BusyBox)}, and

• Use of platform-dependent
third-party components (3) – CVE-2016-2842, CVE-2016-0799, CVE-2016-6304 {3rd
party vulnerabilities (OpenSSL)}.

NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerabilities to allow information disclosure,
deletion of files, and remote code execution. A number of the NIST CVE reports
contain links to publicly available exploits for selected vulnerabilities.

NOTE: I briefly
discussed
these vulnerabilities back in January.

BB-ESWGP Advisory

This advisory
describes a use of hard-coded credentials vulnerability in the Advantech BB-ESWGP506-2SFP-T
industrial ethernet switches. The vulnerability was reported by an anonymous
researcher via the Zero Day Initiative. Advantech no longer supports this
product.

NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to allow an attacker to gain
unauthorized access to sensitive information and execute arbitrary code.

Rockwell Advisory

This advisory
describes a use of password hash with insufficient computational effort
vulnerability in the Rockwell FactoryTalk Services Platform. The vulnerability
is self-reported. Rockwell has a new version that mitigates the vulnerability.

NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to allow a remote, unauthenticated
attacker to create new users in the FactoryTalk Services Platform
administration console. These new users could allow an attacker to modify or
delete configuration and application data in other FactoryTalk software
connected to the FactoryTalk Services Platform.

NOTE: I briefly
discussed
this vulnerability in August of last year.