With this being the 2nd Tuesday weekend, we will
need two parts to look at all of the ICS disclosures. For Part 1 we have 23
vendor disclosures from ABB (3), Bentley (8), CODESYS, GE Healthcare, HMS, HPE,
Palo Alto Networks (3), Phoenix Contact (3), Tanzu, and VMware. We also have
five vendor updates from GE Healthcare, Hitachi Energy (2), and Palo Alto
Networks (2). Then there are four researcher reports for products from PositiveGrid,
and Delta Controls (3). Finally, we have three exploits for products from
Franklin Fueling, Siemens, Spring.
Part 2 will look at the Schneider and Siemens disclosures
published on Tuesday.
ABB Advisory #1 - ABB published an
advisory discussing two vulnerabilities (one with known exploits) in their ARM600
M2M Gateway.
ABB Advisory #2 - ABB published an
advisory describing a security bypass vulnerability in their Arctic
Wireless Gateway.
ABB Advisory #3 - ABB published an
advisory discussing the INCONTROLLER
ICS attack tools.
Bentley Advisory #1 - Bentley published an
advisory describing two vulnerabilities in their MicroStation and
MicroStation-based applications.
Bentley Advisory #2 - Bentley published an
advisory describing four vulnerabilities in their MicroStation and
MicroStation-based applications.
Bentley Advisory #3 - Bentley published an
advisory describing five vulnerabilities in their MicroStation and
MicroStation-based applications.
Bentley Advisory #4 - Bentley published an
advisory describing two vulnerabilities in their MicroStation and
MicroStation-based applications.
Bentley Advisory #5 - Bentley published an
advisory describing eleven vulnerabilities in their MicroStation and
MicroStation-based applications.
Bentley Advisory #6 - Bentley published an
advisory describing an out-of-bounds write vulnerability in their MicroStation
and MicroStation-based applications.
Bentley Advisory #7 - Bentley published an
advisory describing three vulnerabilities in their MicroStation and
MicroStation-based applications.
Bentley Advisory #8 - Bentley published an
advisory describing two vulnerabilities in their MicroStation and
MicroStation-based applications.
CODESYS Advisory - CODESYS published an
advisory discussing the INCONTROLLER ICS attack tools.
GE Healthcare Advisory - GE Healthcare published an advisory discussing
the SpringShell
vulnerability.
HMS Advisory - HMS published an
advisory discussing the INFRA:HALT
vulnerabilities.
HPE Advisory - HPE published an
advisory describing a denial of service vulnerability in their Integrated
Lights-Out 4 (iLO 4) products.
Palo Alto Networks Advisory #1 - Palo Alto Networks
published an advisory
describing an improper handling of exceptional conditions vulnerability in their
PAN-OS product.
Palo Alto Networks Advisory #2 - Palo Alto Networks
published an
advisory describing a product disruption vulnerability in their Cortex XDR
Agent.
Palo Alto Networks Advisory #3 - Palo Alto Networks
published an
advisory describing an information exposure through log files vulnerability
in their Cortex XDR agent.
Phoenix Contact Advisory #1 - Phoenix Contact published
an
advisory discussing 56 vulnerabilities in their AXC F x152 LTS.
Phoenix Contact Advisory #2 - Phoenix Contact
published an
advisory discussing an infinite loop vulnerability in their FL MGUARD, TC
MGUARD, mGuard Device Manager and FL WLAN devices.
Phoenix Contact Advisory #3 - Phoenix Contact
published an
advisory discussing an HTTP request smuggling vulnerability in their mGuard
Device Manager.
Tanzu Advisory - Tanzu published an advisory describing
a
data binding rule vulnerability in their Spring Framework products.
NOTE: This is related to the SpringShell vulnerability.
VMware Advisory - VMware published an advisory
describing a remote code execution vulnerability in their Cloud Director
product.
GE Healthcare Update - GE Healthcare published an update discussing the
DirtyPipe vulnerability.
Hitachi Energy Update #1 - Hitachi Energy published an
update for their XMC20 advisory that was originally
published on November 23rd, 2021.
Hitachi Energy Update #2 - Hitachi Energy published an
update for their FOX61x XMC20 advisory that was originally
published on November 23rd, 2021.
Palo Alto Networks Update #1 - Palo Alto Networks
published an
update for their OpenSSL advisory that was originally
published on March 31st, 2022.
Palo Alto Networks Update #2 - Palo Alto Networks
published an
update for their Spring Shell advisory that was originally
published on March 31st, 2022.
PositiveGrid Report - Tenable published a report list
six vulnerabilities in the PositiveGrid Spark API.
Delta Controls Report - Zero Science Labs published
three reports about vulnerabilities in the Delta Controls enteliTOUCH building
controllers.
Franklin Fueling Exploit - Momen Eldawakhly published
an exploit for a local
file inclusion vulnerability in the Franklin Fueling Systems Colibri Controller
Module.
Siemens Exploit - Sec-consult published an
exploit for two vulnerabilities in the Siemens A8000 CP-8050/CP-8031 SICAM
WEB.
SpringShell Exploit - Mike Pickard published an
exploit for the SpringShell vulnerability.
For more information on these disclosures, including links
to 3rd party advisories, researcher reports and exploits, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-3c2
- subscription required.