Tuesday, December 14, 2021

Review - Public ICS Disclosures - Log4Shell Advisories – 12-14-21

Today I am taking an out-of-band look at ICS vendor disclosures for the Log4Shell vulnerability. I have not looked at my list of medical device vendors for this post, I may look at those later this week. For this post we have 20 vendor disclosures from Aruba, Broadcom, CODESYS, Dell, GE (2), HMS (5), HPE, Hitachi Energy, Johnson Controls, QNAP, Rockwell, Ruckus, SonicWall (update), VMware and Wind River. I am using a slightly different format for this post, separating advisories into four groups; not affected, still looking, affected products list, and mitigation.

Not Affected

CODESYS published a notice that none of their products are affected.

HMS published an advisory reporting that their Argos and HMS Hub web services are not affected.

HMS published an advisory reporting that their Ixxat products are not affected.

Vendors Still Looking at the Vulnerability

GE published a generic Log4Shell advisory.

GE published an advisory.

HMS published an advisory for their Anybus product line.

HMS published an advisory for their WEBfactory product line.

Hitachi Energy published an advisory.

Meinberg published an advisory.

QNAP published an advisory.

Johnson Controls published an advisory.

Vendors With Affected Product Lists

Aruba published an advisory.

HPE published an advisory.

Ruckus published an advisory.  

SonicWall published an update for an advisory that was originally published on December 10th, 2021.

Wind River published an advisory.

Vendors With Mitigation Measures

Broadcom published an advisory.

Dell published an advisory for their Dell Wyse Management Suite.

HMS published an advisory for their EWON products.

Rockwell published an advisory.

VMware published an update for their advisory was originally published on December 10th, 2021.

For more details about these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-log4shell - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */