LOYTEC Mitigates Multiple HMI Holes

Thursday, September 14, 2017 @ 03:09 PM gHale


HMI touch panel provider, LOYTEC, created a firmware update to mitigate multiple vulnerabilities in its LVIS-3ME, according to a report with ICS-CERT.

The remotely exploitable vulnerabilities, discovered by Davy Douhine of RandoriSec, include a relative path traversal, insufficient entropy, cross-site scripting, and insufficiently protected credentials.

RELATED STORIES
Philips Addresses Patient Worn Monitor Holes
mySCADA Fixes myPRO Hole
Fix for Infusion Pump Issues in Jan.
Diabetes Management Software Hole Filled

LVIS-3ME versions prior to 6.2.0 suffer from the vulnerabilities.

Successful exploitation of these vulnerabilities may result in information exposure or allow arbitrary code execution.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level would be able to leverage the vulnerabilities.

In one vulnerability, the web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code.

CVE-2017-13996 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.6.

In the insufficient entropy vulnerability, the application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.

CVE-2017-13992 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.1.

In addition, the web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link.

CVE-2017-13994 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.6.

Also, the application does not sufficiently protect sensitive information from unauthorized access.

CVE-2017-13998 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The product sees use in the critical manufacturing and energy sectors. It also sees use on a global basis.

Austria-based LOYTEC released a firmware update, V6.2.0, to address these vulnerabilities. LOYTEC recommends users update to the latest firmware which is now available.



Leave a Reply

You must be logged in to post a comment.