Review – Public ICS Disclosures – Week of 4-23-22 – Part 2

This week for Part 2 we have two additional vendor disclosures from Dell and Johnson Controls. There are also seven vendor updates from Bayer, FANUC, HP, Palo Alto Networks, QNAP, Siemens, and Yokogawa. Finally, there are four researcher reports for products from Delta Industrial (3) and Santesoft,

Dell Advisory - Dell published an advisory discussing an infinite loop vulnerability in their Wyse ThinOS products.

Johnson Controls Advisory - Johnson Controls published an advisory discussing the SpringShell vulnerabilities.

Bayer Update - Bayer published an update for their Log4Shell and Access:7 advisory that was originally published on March 8^th, 2022.

FANUC Update - FANUC published an update for their ROBOGUIDE advisory that was originally published on April 8^th, 2022.

HP Update - HP published an update for their Expat Library advisory for their PCoIP products that was originally published on April 11^th, 2022.

Johnson Controls Update - Johnson Controls published an update for their SpringShell advisory that was originally published on April 19^th, 2022.

Palo Alto Networks Update - Palo Alto Networks published an update for their Cortex XDR Agent advisory that was originally published on April 13^th, 2022

QNAP Update - QNAP published an update for their Apache HTTP server advisory that was originally published on April 20^th, 2022.

Siemens Update - Siemens published an update for their SpringShell advisory that was originally published on April 19^th, 2022.

Yokogawa Update - Yokogawa published an update for their Centum advisory that was originally published on January 14^th, 2022 and most recently updated on March 16^th, 2022.

Delta Reports - The Zero Day Initiative published three 0-day reports about vulnerabilities from Delta Industrial.

Santesoft - ZDI published a report describing an out-of-bounds write vulnerability in the Santesoft DICOM Viewer Pro.

 

For more details about these advisories and updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-239  - subscription required.