Redcon

Redcon REDCON is short for Readiness Condition, a term associated with a military unit’s readiness to respond to and engage in combat operations.

Please be aware of vulnerabilities related to multiple Yokogawa products according to CISA.Affected Model: Exaopc (R1.01...
07/10/2019

Please be aware of vulnerabilities related to multiple Yokogawa products according to CISA.
Affected Model: Exaopc (R1.01.00 - R3.77.00), Exaplog (R1.10.00 - R3.40.00), Exaquantum (R1.10.00 - R3.02.00), Exaquantum/Batch (R1.01.00 - R2.50.40), Exasmoc (All Revisions), Exarqe (All Revisions), GA10 (R1.01.01 - R3.05.01), InsightSuiteAE (R1.01.00 - R1.06.00)

Applicability: Used in multiple industrial control and automation systems

Protocols: NIL

Vulnerability:

Successful exploitation of this vulnerability could allow an attacker to execute malicious files. The exploitation is a low skill level and requires the attacker to have authentication credentials and successfully authenticate on the system. This vulnerability cannot be exploited remotely.
Yokogawa has provided countermeasures on the affected products.

Common Vulnerabilities & Exploits (CVE) code: CVE-2019-6008

Criticality: CVSS score of 8.4, HIGH [CVSS vector string: https://www.first.org/cvss/calculator/3.0 :3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H]

Researchers: Vendor Self-Declared

Sources:
- https://www.us-cert.gov/ics/advisories/icsa-19-274-02
- https://isssource.com/yokogawa-countermeasures-for-vulnerability/
- https://www.cybersecurity-help.cz/vdb/SB2019100204?affChecked=1
- https://web-material3.yokogawa.com/1/28032/files/YSAR-19-0003-E.pdf?_ga=2.240459584.213272689.1570352483-1565894553.1567324952
It is advised for IACS End-Users to check with the Yokogawa for further updates. It is advised for IACS End-Users to perform proper impact analysis and risk assessment prior to deploying defensive measures.

For an archived list of published threat advisory, please visit http://www.redconsa.sg/TA/index.html.

Hover over metric group names, metric names and metric values for a summary of the information in the official CVSS v3.0 Specification Document. The Specification is available in the list of links on the left, along with a User Guide providing additional scoring guidance, an Examples document of sco...

This is an update to IACS - 20190724-1 - Critical Vulnerabilities in the Latest Generation of the Siemens Proprietary Cr...
13/09/2019

This is an update to IACS - 20190724-1 - Critical Vulnerabilities in the Latest Generation of the Siemens Proprietary Cryptographic Protocol in the S7.

Affected Model: SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions >= V4.0), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions) [UPDATE-20190912]

Applicability: Used in multiple industrial control and automation systems

Protocols: Latest proprietary cryptographic protocol in the S7

Vulnerability:

Vulnerabilities in the Siemens S7 Simatic architecture allows spoofed TIA engineering station to manipulate operations of the affected PLC by remotely starting and stopping the PLC , including downloading of rogue command logic to the S7 PLC. The rogue logic is obfuscated in the PLC, and would only show legitimate PLC source code even if checked by a process engineer. Therefore the malicious code will continue to run in the background and issuing rogue commands to the PLC.

Siemens advises enabling the "access protection" feature in its Simatic

S7-1200 and S7-1500 to prevent "unauthorized modifications" of the devices.

It is explained by researchers from Tel Aviv University that Siemens S7 PLCs share same crypto key-pair.

Common Vulnerabilities & Exploits (CVE) code: CVE-2019-10929 [UPDATE-20190912]

Criticality: CVSS score of 5.9, MEDIUM [UPDATE-20190912]

Researchers: Tel Aviv University

Sources:
- https://www.darkreading.com/vulnerabilities---threats/siemens-s7-plcs-share-same-crypto-key-pair-researchers-find-/d/d-id/1335452 [UPDATE-20190912]
-https://i.blackhat.com/USA-19/Thursday/us-19-Bitan-Rogue7-Rogue-Engineering-Station-Attacks-On-S7-Simatic-PLCs-wp.pdf [UPDATE-20190912]
-https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf [UPDATE-20190912]
- https://nvd.nist.gov/vuln/detail/CVE-2019-10929 [UPDATE-20190912]
It is advised for IACS End-Users to check with the Siemens ProductCERT to for further updates, and if their similar products are affected by the same vulnerabilities.

For an archived list of published threat advisory, please visit http://www.redconsa.sg/TA/index.html.

To subscribe, please send email to [email protected] with Subject: Subscribe Me

Researchers at Black Hat USA reveal how security authentication weaknesses in popular Siemens ICS family let them control a PLC.

Please be aware of 2 critical vulnerabilities related to Microsoft Operating System which was recently disclosed by zero...
13/09/2019

Please be aware of 2 critical vulnerabilities related to Microsoft Operating System which was recently disclosed by zerodayinitiative.

Microsoft OS is widely adopted by many OT manufacturers in their products. It is widely proliferated across multiple industries such as aerospace and defense, medical devices, industrial equipment, robotics, energy, transportation, network infrastructure, automotive, and consumer electronics.

Affected OS: Windows 7 to Windows Server 2019
Applicability: Broad spectrum
Protocols: Nil
Vulnerability:
An authenticated cyber attacker with low privilege can exploit both Winsock (ws2ifsl.sys) and CLFS vulnerabilities and escalates from User level to Administrator level access, leading to system compromise and takeover.
Both vulnerabilities are currently known to be exploited, likely already weaponised.
Common Vulnerabilities & Exploits (CVE) code:
CVE-2019-1215
CVE-2019-1214
Criticality: Under analysis by NIST
Researchers: zerodayinitiative
Sources:
- https://www.zerodayinitiative.com/blog/2019/9/10/the-september-2019-security-update-review
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1215
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214

It is advised for both IT and OT End-Users plan patch rollout as soon as possible. It is advisable to perform proper impact analysis and risk assessment prior to deploying defensive measures.

For an archived list of published threat advisory, please visit http://www.redconsa.sg/TA/index.html.

To subscribe, please send email to [email protected] with Subject: Subscribe Me

September is upon us and with it brings the latest security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.   Adobe Patches for September 2019 Adobe had a small release for

Happy 54th Birthday Singapore!
09/08/2019

Happy 54th Birthday Singapore!

Address

71 Bukit Batok Crescent #06-11 Prestige Centre
Singapore
658071

Telephone

+65 6265 0012

Website

Alerts

Be the first to know and let us send you an email when Redcon posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Redcon:

Shortcuts

Share

Category