The Cybersecurity and Infrastructure Security Agency (CISA) warned of critical security vulnerabilities requiring low skill level to exploit Emerson’s Rosemount X-STREAM Gas Analyzer equipment, and PTC’s Kepware KEPServerEX and Kepware LinkMaster hardware.
Used in the energy and chemical segments, enhanced revisions of Emerson’s Rosemount X-STREAM Gas Analyzer software in the XEGP, XEGK, XEFD and XEXF series are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information. These newly disclosed vulnerabilities are in addition to those vulnerabilities disclosed in EMR.RMT20003 and EMR.RMT20005, according to a cybersecurity notification on Emerson’s website.
Successful exploitation of this vulnerability could allow an attacker to download files and obtain sensitive information through a specially crafted URL, CISA said.
CVE-2020-27254 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated. Security researcher and consultant Maxim Rupp reported this vulnerability to CISA.
Emerson, in St. Louis, Missouri, advised its users to update the firmware of any affected products, and move to a new release that addresses the issues impacting the affected products. Apart from that, Emerson suggests that users of affected products continue to utilize current cybersecurity industry best practices.
Three critical security vulnerabilities were also detected in the PTC Kepware KEPServerEX connectivity platform, and exploitation of these loopholes could lead to a server crashing, a denial-of-service condition, data leakage or remote code execution.
Affected products are also not protected against a stack-based buffer overflow, as opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code, CISA said in an advisory. The products are also susceptible to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data, and a ‘use after free vulnerability,’ which may allow an attacker to create and close OPC UA connections at a high rate that may cause a server to crash. Developed by the OPC Foundation, the OPC Unified Architecture (OPC UA) is a machine to machine communication protocol for industrial automation.
Uri Katz of Claroty reported these vulnerabilities to PTC. Deployed in critical manufacturing environments, PTC’s Kepware LinkMaster, a Windows application linking data between OPC servers, including version 188.8.131.52 and prior, CISA said in another advisory. Exploitation of the incorrect default permissions vulnerability could allow a local attacker to globally overwrite the service configuration to execute arbitrary code with NT SYSTEM privileges, and may grant an attacker access to reconfigure the service in any manner.
A CVE-2020-13535 has been assigned to this vulnerability, and a CVSS v3 base score of 9.3 has been calculated. Yuri Kramarz of Cisco Talos reported this vulnerability to the PTC, which has released updates, and recommends that its users upgrade to the most current supported version of its products.
These advisories come after Siemens issued six new industrial control systems (ICS) security advisories and updated 13 previous ones, following vulnerabilities in its SIMATIC, SICAM, SENTRON, SIRIUS, XHQ and LOGO! 8 products, while the updated advisories relate to the company’s LOGO, SIMATIC, SCALANCE, Profinet and UMC stack. French multinational Schneider Electric was also hit by a series of critical security vulnerabilities across their ICS.