Review – Public ICS Disclosures – Week of 11-20-21

This week we have ten vendor disclosures from Advantech, Hitachi, Hitachi Energy (2), Moxa (2), QNAP (2), and VMware. There is also an update from Mitsubishi. Additionally, we have two researcher reports for vulnerabilities for products from PerFact and Philips. Finally, we have an exploit for a product from ModbusTools.

Advantech Advisory - Advantech published an advisory describing five sets of vulnerabilities (each set corresponding to a separate Talos report containing multiple vulnerabilities) in their R-SeeNet application.

Hitachi Advisory - Hitachi published an advisory discussing 24 vulnerabilities in their Disk Array Systems.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory describing two vulnerabilities in their XMC20 product.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory describing two vulnerabilities in their FOX61x product.

Moxa Advisory #1 - Moxa published an advisory describing eleven vulnerabilities in their ioLogik E2200 Series Controllers and I/Os.

Moxa Advisory #2 - Moxa published an advisory describing three vulnerabilities in their NPort IAW5000A-I/O Series Servers.

QNAP Advisory #1 - QNAP published an advisory describing an improper authentication vulnerability in their VS Series NVR.

QNAP Advisory #2 - QNAP published an advisory describing a command injection vulnerability in their VS Series NVR.

VMware Advisory - VMware published an advisory describing two vulnerabilities in their vCenter Server.

Mitsubishi Update - Mitsubishi published an update for their GENESIS64 and MC Works64 advisory that was originally published on October 21^st, 2021.

PerFact Report - Claroty published a report describing vulnerabilities in VPN products in use in industrial applications including a previously unpublished server-side request forgery vulnerability in products from PerFact.

Philips Report - Nozomi Networks published a report describing five vulnerabilities in patient monitoring products from Philips.

ModbusTools Exploit - Yehia Elghaly published an exploit for an improper restriction of operations within the bounds of a memory buffer vulnerabilty in the Modbus Slave tool from ModbusTools.

For more details on these advisories, updates, reports and exploits, including links to supporting third-party vulnerabilities, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-857 - subscription required.