Review – Public ICS Disclosures – Week of 3-26-22 – Part 2

In Part 2 we have ten additional vendor disclosures from Beckman Coulter, PulseSecure, QNAP (2), Rockwell Automation, Tanzu (3), VMware and Western Digital. There are also vendor updates from Dell and Siemens. Finally, we have two researcher reports about vulnerabilities in products from Siemens.

Beckman Coulter Advisory - Beckman published an advisory discussing the PrintNightmare vulnerability.

PulseSecure Advisory - PulseSecure published an advisory discussing an infinite loop vulnerability in multiple products.

QNAP Advisory #1 - QNAP published an advisory discussing the DirtyPipe vulnerability.

QNAP Advisory #2 - QNAP published an advisory discussing an infinite loop vulnerability in their QNAP NAS products.

Rockwell Advisory - Rockwell published an advisory describing an XML external entity vulnerability in their Workbench products.

Tanzu Advisory #1 - Tanzu published an advisory discussing a denial-of-service vulnerability in their Spring Framework products.

Tanzu Advisory #2 - Tanzu published an advisory describing a command injection vulnerability in their Spring Cloud Function.

Tanzu Advisory #3 - Tanzu published an advisory discussing the SpringShell vulnerability.

VMware Advisory - VMware published an advisory describing an information disclosure vulnerability in their vCenter Server.

Western Digital Advisory - Western Digital published an advisory describing a DLL hijacking vulnerability in their G-RAID 4/8 Software Utility.

Dell Update - Dell published an update for their Log4Shell advisory.

Siemens Update - Siemens published an update for their SegmentSmack advisory that was originally published on April 14^th, 2020 and most recently updated on March 11^th, 2022.

Siemens Reports - The Zero Day Initiative published two reports (here and here) about vulnerabilities in the Siemens Simcenter Femap simulation application.

 

For more details about these disclosures, including links to researcher reports and third-party vendor advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-008 - subscription required.