Category Archives: Public safety

Vulnerabilities – Waiting for vendor response – 23rd May 2018

The cyber attacks are wreak havoc today. In order to protect the power facility, water supply, Gas supply and petroleum industry daily operations. The SCADA control system vendor implemented security control in their system infrastructure. However when vulnerabilities encounter on their products. The remediation step of the vendor response sometimes not in effecient. For instance, Advantech one of the key player of SCADA WebAccess. But it lack of motivation to drive the remedation solution on their products. There is no official announcement how to do the remedation on their products so far. Vulnerabilities are shown as below:

CVE-2018-7499 – buffer overflow vulnerabilities which may allow an attacker to execute arbitrary code
CVE-2018-7503 – a path transversal vulnerability which may allow an attacker to disclose sensitive
CVE-2018-7505 – information on the target TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.
CVE-2018-10591 – allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users.
CVE-2018-10590 – exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.
CVE-2018-10589 – WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.
CVE-2018-7497 – several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
CVE-2018-8845 – a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.
CVE-2018-7495 – an external control of file name or path vulnerability has been identified, which may
CVE-2018-8841- allow an attacker to delete files.
an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.
CVE-2018-7501 – several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host.

Siemens – (CVE-2018-4832): Siemens Security Advisory by Siemens Product 18th Apr 2018

The Gas and Petroleum industries requires automation to enhance their overall operation in last decade. And therefore the automation system setup requires Supervisory control and data acquisition (SCADA). We noticed that hackers targeted SCADA system installed in nuclear power facilities. We are living in digital age and therefore electricity power supply similar air and water. So system automation hardware vendor has responsibility to hardening their system design. Siemens found vulnerability in their Automation Technology Process control systems (PCS 7) on April last month. For more details, please refer below url for reference.

Vulnerability details

https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdf

My Speculation:

1. A denial of service vulnerability exists in the remote procedure call (RPC) facility due to a failure in communicating with the NTLM security provider when performing authentication of RPC requests. An anonymous attacker could exploit the vulnerability by sending a specially crafted RPC authentication request to a computer over the network. An attacker who successfully exploited this vulnerability could cause the computer to stop responding and automatically restart.

2. GetMachineName ( ) copies machine name to a fixed 32 byte buffer causes problem occurs.

Attention: Stay Alert – Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution

Preface:

PHP is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.

Security concern by security experts

The security issues are typically exposed when PHP code makes use of system-level calls.

Found critical security problem today! – Original release date: April 27, 2018

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review MS-ISAC Advisory 2018-046 and the PHP Downloads page and apply the necessary updates.

See whether any short term remediation can take before upgrade?

1.Restrict PHP Information Leakage

expose_php=Off

2.Disable Remote Code Execution

Allow_url_fopen=Off

allow_url_include=Off

3.Not show errors to the visitors

(/etc/php.d/security.ini file)

log_errors=On

error_log=/var/log/httpd/php_scripts_error.log

4.Disable Dangerous PHP Functions (php.ini)

disable_functions =exec,passthru,

shell_exec,system,proc_open,popen,curl_exec,

curl_multi_exec,parse_ini_file,show_source

5.Upload Files (/etc/php.d/ directory)

file_uploads=Off

6.Control File System Access

always keep the open_basedir directive set to the /var/www/html directory.

open_basedir=”/var/www/html/”

7.Control the POST Size (/etc/php.d/security.ini)

post_max_size=1k

— End —

Nuclear headache – It is better stores the older warheads (old plutonium) on moon or other planet.

As a world justice leader it is hard to avoid to enhance the military setup. From the cold war till today, international atmosphere not significant change the protection definition. This circumstances match the logic since that man kind will be protect himself and his belongs. However a problem encountered was that how to despose or handle the big power killer weapons especially outdate nuclear bomb. Headline news (REUTERS) yesterday said that America’s has nuclear headache. For more details, please refer below url for reference.

https://www.reuters.com/article/us-usa-nukes-plutonium-specialreport/americas-nuclear-headache-old-plutonium-with-nowhere-to-go-idUSKBN1HR1KC

Remark: Send that radioactive stuffs to moon and other planet looks a possible solution. However it is hard to avoid incident occurs during transportation. A reminder is that Plutonium has a radioactive half-life of 24,000 years. So where can they go?