WindRiver VxWorks IPNet Vulnerabilities, impact on ABB Power Grids - Grid Automation products
2019-025-PGGA-VxWorks IPNET
Release date: July 30, 2019
Update date: Jul 31, 2019
Notice
The information in this document is subject to change without notice, and should not be construed as a commitment by ABB.
ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages.
This document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.
All rights to registrations and trademarks reside with their respective owners.
Copyright © 2019 ABB. All rights reserved.
Vulnerability ID ABB ID: 2019-025-PGGA-VxWorks IPNet
Summary
On the 29th of July 2019, a series of vulnerabilities from Wind River affecting the VxWorks operating system were made public. That announcement can be found at the following address: https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
ABB Grid Automation is preparing to provide patches or fixes to address these vulnerabilities in the VxWorks software to the active ABB Grid Automation products that utilize VxWorks. We are currently analyzing and planning the maintenance releases for a future date.
The Wind River vulnerability CVE numbers and titles are listed in the table below:
CVE | Title | CVSSv3 Score |
CVE-2019-12255 | TCP Urgent Pointer = 0 leads to integer underflow | 9.8 |
CVE-2019-12256 | Stack overflow in the parsing of IPv4 packets’ IP options | 9.8 |
CVE-2019-12257 | Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc | 8.8 |
CVE-2019-12258 | DoS of TCP connection via malformed TCP options | 7.5 |
CVE-2019-12259 | DoS via NULL dereference in IGMP parsing | 6.3 |
CVE-2019-12260 | TCP Urgent Pointer state confusion caused by malformed TCP AO option | 9.8 |
CVE-2019-12261 | TCP Urgent Pointer state confusion during connect() to a remote host | 8.8 |
CVE-2019-12262 | Handling of unsolicited Reverse ARP replies (Logical Flaw) | 7.1 |
CVE-2019-12263 | TCP Urgent Pointer state confusion due to race condition | 8.1 |
CVE-2019-12264 | Logical flaw in IPv4 assignment by the ipdhcpc DHCP client | 7.1 |
CVE-2019-12265 | IGMP Information leak via IGMPv3 specific membership report | 5.4 |
Affected Products
ABB PGGA is still investigating the potentially affected products, and to date ABB has identified the following products which are affected by the vulnerabilities in VxWorks. This document provides additional information specific for those products:
|
Products and Affected Versions |
|
RTU500 series CMU firmware Release 11.0.x – 11.5.x |
|
Relion 670 series version 2.2.0.9 through version 2.2.0.12 Relion 670 series version 2.2.3.0 and version 2.2.3.1 Relion SAM600-IO version 2.2.1.0 through version 2.2.1.4 GMS600 through version 1.3 |
|
REB500 version 8.10.00 |
|
AFS66X-S version 07.0.07 and lower |
|
FOX615 IEC 61850 interface version TEGO1 R1B02 and lower |
|
ETL600, LAN module R1LB version 1.07 and lower |
|
NSD570 Line interface G3LE version 3.41 and lower |
Mitigation Factors
Recommended security practices and firewall configurations can help protect an industrial control net-work from attacks that originate from outside the network. Such practices include that protection, control & automation systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Protection, control & automation systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Block all non-trusted IP communications.
The impact of the vulnerabilities above can be greatly reduced by implementing a firewall to restrict external network connectivity to the affected devices.
Support
For additional information and support please contact your ABB service organization. Please contact cybersecurity@ch.abb.com for further information. Information about ABB’s cyber security program and capabilities can be found at www.abb.com/cybersecurity.
|
STATUS |
SECURITY LEVEL |
DOCUMENT ID. |
REV. |
LANG. |
|
|
Approved |
Public |
9AKK107492A6692 |
B |
EN |
|
|
© Copyright 2019 ABB. All rights reserved. |
|||||
