Review – Public ICS Disclosures – Week of 2-12-22 – Part 2

So, for Part 2 we start with seven more vendor disclosures from Dell (2), Sick, Texas Instruments, VMware (2), and Western Digital. There are also seven vendor updates from Dell, Eaton, HPE (3), VMware (2). We also have researcher two reports of vulnerabilities in products from KiCad. Finally, we have an exploit report for products from Emerson.

Dell Advisory #1 - Dell published an advisory describing three vulnerabilities in their Dell Wyse Device Agent.

Dell Advisory #2 - Dell published an advisory describing two vulnerabilities in their Dell Wyse Management Suite.

Sick Advisory - Sick published an advisory discussing the  Wibu Systems CodeMeter vulnerabilities in their FieldEcho product.

TI Advisory - TI published an advisory describing an information disclosure vulnerability in their SimpleLink™ CC32xx/CC31xx product line.

VMware Advisory #1 - VMware published an advisory describing five vulnerabilities in their VMware ESXi, Workstation, and Fusion products.

VMware Advisory #2 - VMware published an advisory describing a CLI shell injection vulnerability in their NSX Data Center for vSphere product.

Western Digital Advisory - Western Digital published an advisory describing eight vulnerabilities in their My Cloud OS 5 firmware.

Dell Update - Dell published an update for their Log4Shell advisory.

Eaton Update - Eaton published an update for their Log4Shell advisory.

HPE Update #1 - HPE published an update for their HPE ProLiant, Apollo, and Synergy Servers advisory that was originally published on February 8^th, 2022.

HPE Update #2 - HPE published an update for their HPE ProLiant, Apollo, Edgeline, and Synergy Servers that was originally published on February 8^th, 2022.

HPE Update #3 - HPE published an update for their HPE ProLiant, Apollo, and Synergy Servers that was originally published on February 8^th, 2022.

VMware Update #1 - VMware published an update for their VMware Workstation, Fusion and ESXi that was originally published on January 4^th, 2022 and most recently updated on January 27^th, 2022.

VMware Update #2 - VMware published an update for their Cloud Foundation advisory that was originally published on January 31^st, 2022.

Emerson Exploit - Luis Martínez published an exploit for an unquoted search path vulnerability in the Emerson PAC Machine.

 

For more details about these disclosures, including links to 3^rd party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-d6a - subscription required.