Review - Public ICS Disclosures – Week of 6-19-21

This week we have 16 vendor disclosures from ABB, Aveva, Weidmueller, Draeger, Phoenix Contact (7), QNAP, Sick, SonicWall, and VMware (2). There are exploit reports for products from VMWare and HPE.

Miscellaneous Advisories

ABB Advisory - ABB published an advisory discussing CodeMeter vulnerabilities in their Automation Builder, Drive Application Builder and Virtual Drive products.

Aveva Advisory - Aveva published an advisory describing five vulnerabilities in the AutoBuild service of their System Platform.

Weidmueller Advisory - CERT-VDE published an advisory describing twelve vulnerabilities in the Weidmueller Industrial WLAN devices.

Draeger Advisory - Draeger published an advisory describing an integer overflow or wraparound vulnerability in their Clinical Assistance Package.

QNAP Advisory - QNAP published an advisory describing a command injection vulnerability in their NAS running legacy versions of QTS.

Sick Advisory - Sick published an advisory describing an inadequate SSH configuration vulnerability in their Visionary-S CX product.

SonicWall Advisory - SonicWall published an advisory describing a buffer overflow vulnerability in their SonicOS.

Phoenix Contact Advisories

Phoenix Contact published an advisory describing an undocumented access vulnerability in their AXL F BK and IL BK products.

Phoenix Contact published an advisory describing a denial of service vulnerability in their ILC1x1 Industrial controllers.

Phoenix Contact published an advisory describing a file parsing memory corruption vulnerability in their Automation Worx Software Suite.

Phoenix Contact published an advisory describing a race condition vulnerability in their r PLCNext, SMARTRTU AXC, CHARX control modular and EEM-SB37x products.

Phoenix Contact published an advisory describing two vulnerabilities in their PLCNext, ILC 2050 BI, FL MGUARD DM UNLIMITED, TC ROUTER und CLOUD CLIENT products.

Phoenix Contact published an advisory describing three vulnerabilities in their FL SWITCH SMCS series.

VMware Advisories

VMware published an advisory describing a local privilege escalation vulnerability in their VMware Tools, VMRC and VMware App Volumes products.

VMware published an advisory describing an authentication bypass vulnerability in their Carbon Black App Control product.

Exploits

CHackA0101 published an exploit for an improper privilege management vulnerability in the VMware vCenter Server.

Jeremy Brown published an exploit for a denial of service vulnerability in the HPE Remote Device Access product.

For more detailed information on the advisories see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-73d  (subscription required)