Review – Public ICS Disclosures – Week of 4-9-22 – Part 1 –

With this being the 2^nd Tuesday weekend, we will need two parts to look at all of the ICS disclosures. For Part 1 we have 23 vendor disclosures from ABB (3), Bentley (8), CODESYS, GE Healthcare, HMS, HPE, Palo Alto Networks (3), Phoenix Contact (3), Tanzu, and VMware. We also have five vendor updates from GE Healthcare, Hitachi Energy (2), and Palo Alto Networks (2). Then there are four researcher reports for products from PositiveGrid, and Delta Controls (3). Finally, we have three exploits for products from Franklin Fueling, Siemens, Spring.

Part 2 will look at the Schneider and Siemens disclosures published on Tuesday.

ABB Advisory #1 - ABB published an advisory discussing two vulnerabilities (one with known exploits) in their ARM600 M2M Gateway.

ABB Advisory #2 - ABB published an advisory describing a security bypass vulnerability in their Arctic Wireless Gateway.

ABB Advisory #3 - ABB published an advisory discussing the INCONTROLLER ICS attack tools.

Bentley Advisory #1 - Bentley published an advisory describing two vulnerabilities in their MicroStation and MicroStation-based applications.

Bentley Advisory #2 - Bentley published an advisory describing four vulnerabilities in their MicroStation and MicroStation-based applications.

Bentley Advisory #3 - Bentley published an advisory describing five vulnerabilities in their MicroStation and MicroStation-based applications.

Bentley Advisory #4 - Bentley published an advisory describing two vulnerabilities in their MicroStation and MicroStation-based applications.

Bentley Advisory #5 - Bentley published an advisory describing eleven vulnerabilities in their MicroStation and MicroStation-based applications.

Bentley Advisory #6 - Bentley published an advisory describing an out-of-bounds write vulnerability in their MicroStation and MicroStation-based applications.

Bentley Advisory #7 - Bentley published an advisory describing three vulnerabilities in their MicroStation and MicroStation-based applications.

Bentley Advisory #8 - Bentley published an advisory describing two vulnerabilities in their MicroStation and MicroStation-based applications.

CODESYS Advisory - CODESYS published an advisory discussing the INCONTROLLER ICS attack tools.

GE Healthcare Advisory - GE Healthcare published an advisory discussing the SpringShell vulnerability.

HMS Advisory - HMS published an advisory discussing the INFRA:HALT vulnerabilities.

HPE Advisory - HPE published an advisory describing a denial of service vulnerability in their Integrated Lights-Out 4 (iLO 4) products.

Palo Alto Networks Advisory #1 - Palo Alto Networks published an advisory describing an improper handling of exceptional conditions vulnerability in their PAN-OS product.

Palo Alto Networks Advisory #2 - Palo Alto Networks published an advisory describing a product disruption vulnerability in their Cortex XDR Agent.

Palo Alto Networks Advisory #3 - Palo Alto Networks published an advisory describing an information exposure through log files vulnerability in their Cortex XDR agent.

Phoenix Contact Advisory #1 - Phoenix Contact published an advisory discussing 56 vulnerabilities in their AXC F x152 LTS.

Phoenix Contact Advisory #2 - Phoenix Contact published an advisory discussing an infinite loop vulnerability in their FL MGUARD, TC MGUARD, mGuard Device Manager and FL WLAN devices.

Phoenix Contact Advisory #3 - Phoenix Contact published an advisory discussing an HTTP request smuggling vulnerability in their mGuard Device Manager.

Tanzu Advisory - Tanzu published an advisory describing a data binding rule vulnerability in their Spring Framework products.

NOTE: This is related to the SpringShell vulnerability.

VMware Advisory - VMware published an advisory describing a remote code execution vulnerability in their Cloud Director product.

GE Healthcare Update - GE Healthcare published an update discussing the DirtyPipe vulnerability.

Hitachi Energy Update #1 - Hitachi Energy published an update for their XMC20 advisory that was originally published on November 23^rd, 2021.

Hitachi Energy Update #2 - Hitachi Energy published an update for their FOX61x XMC20 advisory that was originally published on November 23^rd, 2021.

Palo Alto Networks Update #1 - Palo Alto Networks published an update for their OpenSSL advisory that was originally published on March 31^st, 2022.

Palo Alto Networks Update #2 - Palo Alto Networks published an update for their Spring Shell advisory that was originally published on March 31^st, 2022.

PositiveGrid Report - Tenable published a report list six vulnerabilities in the PositiveGrid Spark API.

Delta Controls Report - Zero Science Labs published three reports about vulnerabilities in the Delta Controls enteliTOUCH building controllers.

Franklin Fueling Exploit - Momen Eldawakhly published an exploit for a local file inclusion vulnerability in the Franklin Fueling Systems Colibri Controller Module.

Siemens Exploit - Sec-consult published an exploit for two vulnerabilities in the Siemens A8000 CP-8050/CP-8031 SICAM WEB.

SpringShell Exploit - Mike Pickard published an exploit for the SpringShell vulnerability.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-3c2 - subscription required.