Review - Public ICS Disclosures – Week of 9-18-21

This week we have seven vendor disclosures from ABB, Pilz, Hitachi, Johnson and Johnson, Philips, SonicWall, and VMware.

ABB Advisory - ABB published an advisory describing an integrity check bypass vulnerability in their free@home System Access Point products.

Pilz Advisory - VDE CERT published an advisory discussing the  INFRA:HALT vulnerabilities in Pilz products.

Hitachi Advisory - Hitachi published an advisory describing an authentication bypass vulnerability in their Disk Array Systems.

Johnson and Johnson Advisory - Johnson and Johnson published an advisory discussing the BadAlloc vulnerabilities in their products.

Philips Advisory - Philips published an advisory discussing two recently reported Apple® vulnerabilities.

SonicWall Advisory - SonicWall published an advisory describing an improper limitation of a file path to a restricted directory vulnerability in their SMA 100 Series Appliances.

VMware Advisory - VMware published an advisory describing 19 vulnerabilities in their vCenter Server and Cloud Foundation products.

For more details about the advisories, including listing of VMware multiple vulnerabilities and links to researcher advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-7bc - subscription required.