CISA
News
OT Network security
Vendors
Vulnerabilities

CISA warns of critical security vulnerabilities in Emerson, PTC appliances in critical infrastructure

December 22, 2020
critical security vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) warned of critical security vulnerabilities requiring low skill level to exploit Emerson’s Rosemount X-STREAM Gas Analyzer equipment, and PTC’s Kepware KEPServerEX and Kepware LinkMaster hardware.

Used in the energy and chemical segments, enhanced revisions of Emerson’s Rosemount X-STREAM Gas Analyzer software in the XEGP,  XEGK, XEFD and XEXF series are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information. These newly disclosed vulnerabilities are in addition to those vulnerabilities disclosed in EMR.RMT20003 and EMR.RMT20005, according to a cybersecurity notification on Emerson’s website.

Successful exploitation of this vulnerability could allow an attacker to download files and obtain sensitive information through a specially crafted URL, CISA said.

CVE-2020-27254 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated. Security researcher and consultant Maxim Rupp reported this vulnerability to CISA.

Emerson, in St. Louis, Missouri, advised its users to update the firmware of any affected products, and move to a new release that addresses the issues impacting the affected products. Apart from that, Emerson suggests that users of affected products continue to utilize current cybersecurity industry best practices.

Three critical security vulnerabilities were also detected in the PTC Kepware KEPServerEX connectivity platform, and exploitation of these loopholes could lead to a server crashing, a denial-of-service condition, data leakage or remote code execution.

Affected products are also not protected against a stack-based buffer overflow, as opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code, CISA said in an advisory. The products are also susceptible to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data, and a ‘use after free vulnerability,’ which may allow an attacker to create and close OPC UA connections at a high rate that may cause a server to crash. Developed by the OPC Foundation, the OPC Unified Architecture (OPC UA) is a machine to machine communication protocol for industrial automation.

Uri Katz of Claroty reported these vulnerabilities to PTC. Deployed in critical manufacturing environments, PTC’s Kepware LinkMaster, a Windows application linking data between OPC servers, including version 3.0.94.0 and prior, CISA said in another advisory. Exploitation of the incorrect default permissions vulnerability could allow a local attacker to globally overwrite the service configuration to execute arbitrary code with NT SYSTEM privileges, and may grant an attacker access to reconfigure the service in any manner.

A CVE-2020-13535 has been assigned to this vulnerability, and a CVSS v3 base score of 9.3 has been calculated. Yuri Kramarz of Cisco Talos reported this vulnerability to the PTC, which has released updates, and recommends that its users upgrade to the most current supported version of its products.

These advisories come after Siemens issued six new industrial control systems (ICS) security advisories and updated 13 previous ones, following vulnerabilities in its SIMATIC, SICAM, SENTRON, SIRIUS, XHQ and LOGO! 8 products, while the updated advisories relate to the company’s LOGO, SIMATIC, SCALANCE, Profinet and UMC stack. French multinational Schneider Electric was also hit by a series of critical security vulnerabilities across their ICS.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
Radiflow helps customers achieve NIS2 compliance, spurring growth in Europe
Radiflow, Exclusive Networks partner to elevate OT cybersecurity
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape