Network Time Protocol Vulnerabilities (Supplement)

OVERVIEW

This advisory supplement is to accompany the NCCIC/ICS-CERT advisory titled ICSA-14-353-01 Network Time Protocol Vulnerabilities that was published December 19, 2014, on the ICS‑CERT web site.

Please refer to the original advisory for all the details of the vulnerabilities. The purpose of this advisory supplement is to document which products are affected by these vulnerabilities and suggest how users of these products may mitigate the effects of these vulnerabilities. This document will be updated as needed.

ICS-CERT thanks the following companies for responding to our inquiry on the affected products (listed vendors may have answered yes or no):

Arbiter, Catapult Software, Codesys, Ecava IntegraXor, Festo, Innominate, KEP (Kessler-Ellis Products), Meinberg, Microsys, spol. s r.o., Nordex Energy GmbH, Pepperl+Fuchs GmbH, Progea, Red Lion, Roche Diagnostics GmbH, SELINC, Sielcosistemi, Siemens, Sierra Wireless, SUBNET, Trihedral Engineering Limited, and Wind River Systems.

ICS-CERT encourages any asset owners/operators, developers, or vendors to coordinate known implementations of the affected products directly with ICS-CERT.

AFFECTED PRODUCTS

Arbiter Systems products:

• Clock products using the network card. Arbiter has deployed a new firmware based on NTP Version 4.2.8

Innomoninate products:

• mGuard Firmware Version 7.0 should be upgraded to Version 7.6.7
• mGuard Firmware Version 8.0 should be upgraded to Version 8.1.5

Meinberg products:

• Please see Meinberg’s public notification and mitigation strategies at:

• Meinberg Security Advisory: [MBGSA-1405] Multiple NTP Vuln - https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1405-multiple-ntp-vulnerabilities.htm

• NTP Download information - https://www.meinbergglobal.com/english/sw/ntp.htm

Siemens products:

• Please see Siemens’s public notification and mitigation strategies at SSA-671683 NTP Vulnerabilities in Ruggedcom ROX-based Devices (Published January 19, 2015), located at www.siemens.com/cert/advisories. This Security notification will be updated soon to include new firmware updates.

Wind River System products:

• Please see Wind River Support Network (http://www.windriver.com/feeds/vxworks_networking_security_notice.xml) Wind River VxWorks 20150108 Security Advisory for NTP, for public notification and mitigation strategies.
• News updates for Wind River Linux:

• https://knowledge.windriver.com/Content_Lookup?id=044944

• News updates for Wind River VxWorks:

• http://www.windriver.com/feeds/wrsn.xml.

There are patches for WR Linux for the other (related) CVEs (2014-9293 - 9286) available at  https://knowledge.windriver.com/?title=Content_Lookup&id=044772:

• VxWorks 7
• VxWorks 6.9
• WR Linux 4.3.0.X
• WR Linux 5.0.1.x
• WR Linux 6.0.0.x
• WR Linux 7.0.0.x