Today the DHS ICS-CERT updated an advisory previously
published for a control system vulnerability in the Westermo industrial switch
and published a new advisory for Moxa’s OnCell products. The Westermo advisory
was originally
published in January, 2016.
Moxa Advisory
This advisory
describes two vulnerabilities in the Moxa OnCell product. The vulnerabilities
were reported by Maxim Rupp. Moxa has produced new firmware to mitigate these
vulnerabilities, but there is no indication that Rupp was provided an
opportunity to verify the efficacy of the fix.
The reported vulnerabilities are:
• Improper restriction of excess
authentication attempts - CVE-2016-5799; and
• Plain-text storage of passwords - CVE-2016-5812
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit these vulnerabilities to bypass authentication to log in as a
valid user.
Rhetorical Question: Has Maxim Rupp selected Moxa to
be his personal research project?
NOTE: According to a TWEET from Maxim Rupp the advisory does not list all of the affected devices. Sounds like a case where the vendor does not acknowledge all of the affected devices. ICS-CERT certainly does not test them. Added 08-24-16 0630 EDT.
NOTE: According to a TWEET from Maxim Rupp the advisory does not list all of the affected devices. Sounds like a case where the vendor does not acknowledge all of the affected devices. ICS-CERT certainly does not test them. Added 08-24-16 0630 EDT.
Westermo Update
This update
explains that Westermo has now produced a patch that that allows changing
default certificates to custom certificates instead of requiring the
certificates to be changed manually.
NOTE: ICS-CERT announced this
update on TWITTER® today. Without that notification it would be very difficult
to know that the advisory had been updated.
Posts
No comments:
Post a Comment