Saturday, December 25, 2021

Review - Public ICS Disclosure – Week of 12-18-21 – Part 1

Merry Christmas. This has been another busy week for ICS disclosures. Part 1 today will be normal vulnerabilities and Part 2 (probably tomorrow) will be Log4Shell disclosures.

This week we have six vendor disclosures from ABB, IDEC Corporation, QNAP, Hitachi Energy (2), and Johnson Controls. We also have twelve researcher reports for products from Garrett (7) and Open Design Alliance (5).

ABB Advisory - ABB published an advisory describing an MMS file transfer vulnerability in their Distribution Automation products.

IDEC Advisory - JPCERT published an advisory [link added 18:40 EST 1-6-22] for four vulnerabilities in the IDEC PLCs.

QNAP Advisory - JPCERT published an advisory describing two vulnerabilities in the QNAP VioStar series NVR.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory describing four vulnerabilities in their LinkOne product.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisor discussing seven vulnerabilities in their Data Manager (SDM600) product.

Johnson Controls Advisory - Johnson Controls published an advisory describing an unspecified vulnerability in their American Dynamics VideoEdge NVR.

NOTE: It looks like this has been reported to NCCIC-ICS, so we may see an advisory from them next week

Garrett Reports - Talos published seven reports covering nine vulnerabilities in the Garrett Metal Detectors used for security screening.

ODA Reports - The Zero Day Initiative published five reports covering vulnerabilities in the ODA Drawings Explorer product.

For more details on these advisories, including links to third-party advisories, see my report at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-12 - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */