Category Archives: Potential Risk of CVE

Potential Risk of CVE, Under our observation

2018-07-18 – Jenkins Security Advisory

Jenkins is the leading open-source automation server. Built with Java, it provides over 1000 plugins to support automation. Is it a robot?

Basically, Jenkins is commonly used for building projects, running tests to detect bugs and other issues as soon as they are introduced, static code analysis and deployment.

For instance combining Jenkins and Docker together can bring improved speed and consistency to your automation tasks.

That is you can configure Jenkins to build Docker Images based on a Dockerfile. You can use Docker within a CI/CD pipeline, using Images as a build artefact that can be promoted to different environments and finally production. Usually, the freestyle automated job can create to accomplish a specific task in the CI pipeline, it can be compile the code, run integration tests or deploy application.

Remark:

A complete CI pipeline is made up of three major parts: Integration: Build code and run unit tests.

Delivery: Deploy your application to a staging or production environment.

If Jenkins is sick (vulnerabilities) today? Any worries about that?

An official announment state the following: https://jenkins.io/security/advisory/2018-07-18/#SECURITY-390

 

Potential Risk of CVE, Under our observation

CYBER SECURITY ADVISORY – Panel Builder 800,Improper input validation vulnerability (CVE-2018-10616)

1 Comment

Retrospectively cyber attack encountered on Nuclear power facility in past. The SCADA system facilities vendor are working hard to hardening their device and provided cyber security advisory. An cyber security alert announced by ABB that a software engineering tool for configure Panel 800 has vulnerability occurs. ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used. However the vulnerabilites indicated that theattacker could create a specially crafted file and try to trick a person using the Panel Builder 800 to open this file (see below hyperlink – technical note)

http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&Action=Launch

Perhaps the techincal limitation sometimes was happened in their fundemental design. See Alert B in attached diagram. Since panel 800 is a Intel CPU base with Windows CE OS. My concern is that It is not known whether Intel XScale or Marvell Feroceon cores are affected by these issues (Meltdown and Spectre)? But no worries, tomorrow will be a better day!

 

Potential Risk of CVE

26th Jul 2018 – CVE-2018-1046 (POWERDNS)

Cyber attack wreak havoc, perhaps this is a digital world. We focus cyber attacks happens in company and personal workstation in past decade. The smartphones and IoT devices market coverage bigger than hardward devices in business world. From business point of view, it is a good oppuntunities. The telcom services providers will be more business growth. Meanwhile the cyber security attacks looks like a heavy burden in their business operations.

DNS services is the major components of internet server. Their services similar a phone book.

f you are the customer of PowerDNS, you must be stay alert! For more details, please see below reference (Hyperlink):

PDNS before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1046

Potential Risk of CVE

Security Advisory for Vulnerabilities in QNAP (Q’center) Virtual Appliance – Jul 2018

QNAP’s Network Attached Storage(NAS) is the friend from SME users. Even thought IT Dept, they are also satisfy with NAS. Since the price is affordable and provides plug and play function. It is common that NAT on firewall will be deploy with Hide NAT. As a result your QNAP’s will be receive the new patch update. At the same time it benefits to hacker once vulnerability occurs.

Please remind that you have to create firewall rule deny NAS go to internet at this moment.

It is better to do the remediation now. See below:

https://www.qnap.com/zh-tw/security-advisory/nas-201807-10

Potential Risk of CVE, Under our observation

25th JUl 2018 – Malicious Cyber Activity Targeting ERP Applications (Stay alert!)

 

A consulting firm observe that the abuse of the SAP Invoker Servlet rapidly increase (built-in functionality in SAP NetWeaver Application Server Java systems (SAP Java platforms)). The fact is that customer may not aware or encounter technical difficulties to remediate a former vulnerability. May be a new attack (former vulnerability + Zero day) let the risk happens.

Quick step of remediation in the moment:

1. Scan systems for all known vulnerabilities, such as missing security patches and dangerous system configurations.

2. Analyze systems for malicious or excessive user authorizations.

3. Monitor systems for indicators of compromise resulting from the exploitation of vulnerabilities.

4. Apply threat intelligence on new vulnerabilities to improve the security posture against advanced targeted attacks.

Should you have interest of the report. You can go to this place to download.

https://www.onapsis.com/research/reports/erp-security-threat-report

 

Potential Risk of CVE

23rd Jul 2018 – Bluetooth vulnerability

Elliptic Curve Diffie Hellman (ECDH) make man in the middle attack difficult since hacker would not be able to find out the shared secret and therefore it looks secure. The public keys are either static (and trusted, say via a certificate) or ephemeral (also known as ECDHE, where final ‘E’ stands for “ephemeral”). Ephemeral keys are temporary and not necessarily authenticated, so if authentication is desired, authenticity assurances must be obtained by other means. Authentication is necessary to avoid man-in-the-middle attacks. The truth is that similar type of setup has vulnerability occurs.Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange.

Reference: Vulnerability Note VU#304725 Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchangehttps://www.kb.cert.org/vuls/id/304725

Blockchain, Potential Risk of CVE

Ethereum carrier Solidity shield – Call abuse vulnerability (CVE-2018-14087)

An Integer Overflow is the condition that occurs when the result of an arithmetic operation, such as multiplication or addition, exceeds the maximum size of the integer type used to store it. Ethereum hits such vulnerability in frequent. The solidity programming language rescue Ethererum in the cryptocurrency world. But no prefect things in the world. A vulnerability found on Ethereum EUC token recently. The EUC token build by solidity programming language. The guru given his nick name “call abused” vulnerability. For details, please see below hyperlink for references.

Ethereum EUC Token (call abused) – CVE-2018-14087

https://github.com/rootclay/Audit-of-smart-contracts/tree/master/0x8810C63470d38639954c6B41AaC545848C46484a

Additional information – Ethereum integer overflow vulnerabilities

Ethereum aditus token (CV-2018-12959):

https://github.com/hellowuzekai/blockchains/blob/master/overflow2.md

Ethereum mkcb_token:

https://github.com/hellowuzekai/blockchains/blob/master/README.md

Ethereum singaporecoinorigin token:

https://github.com/hellowuzekai/blockchains/blob/master/overflow1.md

Ethereum stex white list token:

https://github.com/hellowuzekai/blockchains/blob/master/overflow3.md

Ethereum tracto token:

https://github.com/tracto2/Tracto-ERC20/issues/1

Ethereum virgo zodiactoken token:

https://github.com/hellowuzekai/blockchains/blob/master/transferFrom.md

Not belongs to integer overflow vulnerability:

Ethereum userwallet 0x0a7bca9fb7af-f26c6ed8029b-b6f0f5d291587c42 token:

https://github.com/hellowuzekai/blockchains/blob/master/delegatecall.md

Potential Risk of CVE, Public safety

A vulnerability has been identified in IEC 61850 system configurator – CVE-2018-4858

When a lot of cyber security Guru focusing the nuclear power and critical facilities. It looks they also requires to includes the power substation. From techincal point of view, control central will be hardening both console and network environment. But how about the configuration console for substation? Does it allow install the configuration software (IEC 61850 system configurator) on notebook for outdoor work? Siemens IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC products are affected by a security vulnerability which could allow an attacker to either exfiltrate limited data from the system or to execute code with operating system user permissions. Cyber security attack will be exploited different channels. But the major pathway is the product vulnerabilities.

Official announcement by Siemens shown as below:

https://cert-portal.siemens.com/productcert/pdf/ssa-159860.pdf

Status update: 30th Jul 2018

A vulnerability confirm by vendor that a Denial-of-Service occurs in EN100 Ethernet Communication Module and SIPROTEC 5 relays.

Official announcement by Siemens shown as below:

https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf

Potential Risk of CVE, Public safety, Under our observation, Virus & Malware

Defending the Power Grid From Hackers – Jul 2018

Cyber defense facilities today are very strong and effecive to fight against different of cyber attacks. Even though stealer deploy DNS steal technique to exfiltrate the data from a firm. Anti cyber technology have their way to quarantine and deny such activities. Perhaps you said the IoT devices attack that wreaked hovac worldwide. It is hard to avoid. But it still have resolution. Cyber security vendor deploy network discover facitiles. No matter Dot one X or non Dot one X devices they can find. So it looks perfect, no any concern any more. But why we still have cyber attack incident happens today?

The Next Cyber Battleground

Sound scary! The Next Cyber Battleground
Expert predict that digital infrastructure is the high target to receive cyber attack. That is even through smart City, manufacturing automation, geospatial data system,..etc.

Some experts believe cyber incidents go underreported in the nuclear sector. The reason is that the Nuclear Regulatory Commission only requires the reporting of incidents that affect the safety, security functions, or emergency preparedness of the plant. May be it do not want to caused a public panic.

We heard cyber attack to SCADA in frequent. Whether SCADA contains design weakness or there is other factor?

The SCADA Data Gateway (SDG) is a Windows™ application used by System Integrators and Utilities to collect data from OPC, IEC 60870-6 (TASE.2/ICCP), IEC 61850, IEC 60870-5, DNP3, or Modbus Server/Slave devices and then supplies this data to other control systems supporting OPC, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, and/or Modbus Client/Master communication protocols.

The core component supporting SCADA infrastructure build by Microsoft products in common. And therefore the attack surface will be divided in several ways. We understand that Nuclear facilties do not provided any public web portal. So direct attacks looks not possible. However Microsoft office products has full market coverage in the world. It is rare that people not using MS-Word for word processing work, right? As a matter of fact, hacker now transform MS office product become a cyber attack media. They re-use former MS office vulnerabilities. It has possibilities execute the Infiltration. From technical point of view, even though attacker send out the RTF format of file. It is also workable.

Remark: RTF is a text file format used by Microsoft products, such as Word and Office. RTF, or Rich Text Format, files were developed by Microsoft in 1987 for use in their products and for cross-platform document interchange. RTF is readable by most word processors.

Quote:

Hackers are using Microsoft Word documents (or more specifically, RTF files listed with a “.doc” extension) to trick people into opening the files.

On this discussion objective, I am not going to drill into any technical details. But our aim would like to provides hints see whether it can enrich the security awareness.
Below details common bad mailicious MS-word documents checklist for reference.

722154A36F32BA10E98020A8AD758A7A MD5 FILENAME:CV Controls Engineer.docx
243511A51088D57E6DF08D5EF52D5499 MD5 FILENAME:CV Control Engeneer.docx
277256F905D7CB07CDCD096CECC27E76 MD5 FILENAME:CV Jon Patrick.docx
4909DB36F71106379832C8CA57BA5BE8 MD5 FILENAME:Controls Engineer.docx
4E4E9AAC289F1C55E50227E2DE66463B MD5 FILENAME:Controls Engineer.docx
5C6A887A91B18289A70BDD29CC86EBDB MD5 FILENAME:High R-Value Energy.docx
6C3C58F168E883AF1294BBCEA33B03E6 MD5 FILENAME:CV_Jon_Patrick.docx
78E90308FF107CE38089DFF16A929431 MD5 FILENAME:CV Jon Patrick.docx
90514DEE65CAF923E829F1E0094D2585 MD5 FILENAME:CV_Jon_Patrick.docx
C1529353E33FD3C0D2802BB558414F11 MD5 FILENAME:Build Hydroelectric Turbine.docx
CDA0B7FBDBDCEF1777657182A504283D MD5 FILENAME:Resume_Key_And_Personal.docx
DDE2A6AC540643E2428976B778C43D39 MD5 FILENAME:CV_Jon_Patrick.docx
E9A906082DF6383AA8D5DE60F6EF830E MD5 FILENAME:CV_Jon_Patrick.docx
038A97B4E2F37F34B255F0643E49FC9D MD5 FILENAME:Controls Engineer (2).docx
31008DE622CA9526F5F4A1DD3F16F4EA MD5 FILENAME:Controls Engineer (4).docx
5ACC56C93C5BA1318DD2FA9C3509D60B MD5 FILENAME:Controls Engineer (7).docx
65A1A73253F04354886F375B59550B46 MD5 FILENAME:Controls Engineer (3).docx
8341E48A6B91750D99A8295C97FD55D5 MD5 FILENAME:Controls Engineer (5).docx
99AA0D0ECEEFCE4C0856532181B449B1 MD5 FILENAME:Controls Engineer (8).docx
A6D36749EEBBBC51B552E5803ED1FD58 MD5 FILENAME:Controls Engineeer.docx
3C432A21CFD05F976AF8C47A007928F7 MD5 FILENAME:Report03-23-2017.docx
34A11F3D68FD6CDEF04B6DF17BBE8F4D MD5 FILENAME:corp_rules(2016).docx
141E78D16456A072C9697454FC6D5F58 MD5 FILENAME:corp_rules(2016).docx
BFA54CCC770DCCE8FD4929B7C1176470 MD5 FILENAME:invite.docx
848775BAB0801E5BB15B33FA4FCA573C MD5 FILENAME:Controls Engineer.docx
MD5 FILENAME:corp_rules(2016).docx
MD5 FILENAME:corp_rules(2016).docx
MD5 FILENAME:invite.docx

Happy hunting – bye!