Review - Public ICS Disclosures – Week of 11-13-21 – Part 1

Review - Public ICS Disclosures – Week of 11-13-21 – Part 1

This has been a very busy week for vendor disclosures, so I will be doing this as a two-part report again this week. This week we have 17 vendor disclosures from Blackberry, Braun (2), WAGO (3), Dell, Gallagher (6), and ABB (4).

Blackberry Advisory - Blackberry published an advisory describing a remote code execution vulnerability in their QNX Software Development Platform.

Braun Advisory #1 - Braun published an advisory discussing the NUCLEUS:13 vulnerabilities.

Braun Advisory #2 - Braun published an advisory discussing the INFRA:HALT vulnerabilities.

WAGO Advisory #1 - CERT-VDE published an advisory discussing six vulnerabilities in a number of WAGO PLCs.

WAGO Advisory #2 - CERT-VDE published an advisory discussing an improper handling of exceptional conditions vulnerability in a number of WAGO PLC’s.

WAGO Advisory #3 - CERT-VDE published an advisory discussing the NUCLEUS:13 vulnerabilities.

Dell Advisory - Dell published an advisory describing five vulnerabilities in their Wyse Management Suite.

Gallagher Advisory #1 - Gallagher published an advisory describing an unquoted service path vulnerability in their Controller Service.

Gallagher Advisory #2 - Gallagher published an advisory describing an improper privilege validation vulnerability in their Command Centre Server.

Gallagher Advisory #3 - Gallagher published an advisory describing an improper certificate validation vulnerability in their Command Centre Server.

Gallagher Advisory #4 - Gallagher published an advisory describing an improper validation of the cloud-certificate chain in their Mobile Connect for Android.

Gallagher Advisory #5 - Gallagher published an advisory describing an improper validation of the cloud-certificate chain in their Command Centre Mobile Client for Android.

Gallagher Advisory #6 - Gallagher published an advisory describing an incomplete comparison with missing factors vulnerability in their Gallagher Controller.

ABB Advisory #1 - ABB published an advisory discussing two vulnerabilities in their Hitachi Energy RTU500 series.

ABB Advisory #2 - ABB published an advisory discussing the BadAlloc vulnerabilities in their Hitachi Energy RTU500 series.

ABB Advisory #3 - ABB published an advisory discussing three vulnerabilities in their Hitachi Energy RTU500 Series.

ABB Advisory #4 - ABB published an advisory describing a validation error vulnerability in their Hitachi Energy RTU500 Series.

For more information on these advisories, including links to third-party advisories and exploits, see  my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-880 - subscription required.