ICS Advisory (ICSA-20-224-04) Siemens SCALANCE, RUGGEDCOM

SCADAfence Research - Siemens SCALANCE and RUGGEDCOM switches, as well as security network segmentation devices are exposed to a Remote Code Execution vulnerability. A successful exploitation can significantly lower the security of the target organization's network by allowing attackers to access OT networks that are supposed to be protected by those devices.

Additionally, Siemens Desigo CC Windows Application, which is designed for controlling and programming Building Management Systems (BMS) is vulnerable to a Remote Code Execution vulnerability. A successful exploitation may result in the attackers controlling or sabotaging the BMS system.

Bugs in HDL Automation Expose IoT Devices to Remote Hijacking

SCADAfence Research - New vulnerabilities were discovered in an automation system for smart homes and buildings that allowed taking over accounts belonging to other users and control associated devices. The vulnerabilities found in those devices might allow attackers to take control of the building's air conditioning system, lightning and more. For more on BMS security, click here.

Vulnerable Perimeter Devices: A Huge Attack Surface

SCADAfence Research - JSOF, a local team of cybersecurity researchers, released the second whitepaper on their DNS client exploitation vulnerability (CVE-2020-11901) that got CVSS score of 9.1. This was the vulnerability that was demonstrated in their video. They show this vulnerability to be really severe but in my opinion it is less severe than they market it. The vulnerability is the DNS client of target devices. Because most of the affected devices don't use DNS at all (i.e,PLCs / OT devices / Medical devices) generally use direct IP addresses to communicate - not DNS hostnames, thus it is not possible to attack them. Also, if some of them do send DNS queries, you have to be in some sort of MITM to see them and send them a response with an exploit.

The latest vulnerabilities in various gateway servers possess a threat to organizations who didn't patch. Research shows the various gateways exposed to the internet - F5 Big-IP (1M devices), Citrix NetScalar Gateway (80K devices), Palo Alto Global Protect (60K devices), Microsoft Remote Desktop Gateway (40K devices), amongst others. For more on IoT security, click here.

ICS Advisory (ICSA-20-212-02) Mitsubishi Electric Multiple Factory Automation Engineering Software Products

SCADAfence Research - Numerous Mitsubishi Engineering Software Products are vulnerable to remote code execution and denial of service vulnerabilities - A total of 3 vulnerabilities were discovered. Among the software impacted are Mitsubishi's PLC programming software GX Works2 and GX Works3. Also other network configuration software are impacted. Successful exploitation of this vulnerability may allow threat actors to take over engineering workstations. For more vulnerabilities that we found in Mitsubishi Electric products, click here.

ICS Advisory (ICSA-20-210-02) Softing Industrial Automation OPC

SCADAfence Research - A buffer overflow allowing Remote Code Execution influencing all Softing Industrial Automation OPC products (OPC servers for PLCs & networks) was discovered. OPC is a way of communication in OT networks, thus, successful exploitation may result in controlling the OPC servers. Attackers leveraging this can cause sabotage to industrial processes.

The OT & IoT Cybersecurity Feed