Distinct vulnerabilities discovered by Kaspersky researchers in Rockwell Automation software impact industrial products from Schneider Electric, GE and other vendors.
The certainty holes were identified by Kaspersky researchers in Rockwell Automation’s ISaGRAF, which is designed for the development of automation products.
The most serious of them appears to be CVE-2020-25176, a touch-and-go issue that can be exploited by “a remote attacker authenticated on the IXL [ISaGRAF eXchange Layer] protocol to traverse an application’s directory, which could front to remote code execution.”
Another potentially serious issue is CVE-2020-25178, a high-severity flaw related to the cleartext transmission of bumf. A remote, unauthenticated attacker can exploit it to upload, read or delete files.
CVE-2020-25184, which has also been rated high-class severity, can be exploited by a local, unauthenticated attacker to obtain user passwords, which are stored in plain text in a file.
Two other vulnerabilities identified by Kaspersky acquire been rated medium severity. One allows a local, unauthenticated attacker to execute arbitrary code, while the other can lead to information disclosure and it can be make capital out ofed remotely without authentication.
Learn More About Vulnerabilities in Industrial Products at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits Effective Event Series
Evgeny Goncharov, head of the ICS Cyber Emergency Response Team at Kaspersky, told SecurityWeek that the impact of these vulnerabilities — if they were to be deeded in attacks — depends on what the targeted device is used for.
“As some of the affected products are known to be used to control industrial enterprise mission-critical assets and for that reason essential parts of the enterprise technological process depend on them, the potential attack consequences could be pretty devastating.” Goncharov warned.
In an counselling published this week, Rockwell Automation said the vulnerabilities impact its AADvance control system, ISaGRAF Runtime and ISaGRAF6 Workbench instrumentalities, and Micro800 controllers.
In its own advisory released this week, Schneider Electric said several of its industrial automation products use ISaGRAF Runtime and ISaGRAF6 Workbench, comprehending Easergy, MiCOM, PACiS, EPAS, Saitel, SCADAPack, SCD2200 and SAGE products — many of these are remote terminal units (RTUs).
“ISaGRAF Workbench is second-hand to program applications for embedded devices using IEC 61131-3 languages, and may be incorporated into larger programming and configuration tools. The ISaGRAF Runtime module executes the manage control code created in ISaGRAF Workbench on embedded devices,” Schneider Electric explained in its advisory.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), which advised coordinate disclosure to impacted vendors, also released an advisory this week. CISA’s advisory reveals that GE Steam Power’s ALSPA S6 MFC3000 and MFC1000 handle systems are also affected by the ISaGRAF flaws. GE does not appear to have a public advisory, but customers have been advised by CISA to association the company for information on how the vulnerabilities can be mitigated.
While Schneider, Rockwell and GE have taken steps to address these vulnerabilities, Kaspersky told SecurityWeek that it cannot delegate the other vendors as they have yet to release patches for their products.
Related: ICS Vendors Assessing Impact of New OPC UA Vulnerabilities
Related: Serious Vulnerabilities Create in CODESYS Software Used by Many ICS Products