Review – Public ICS Disclosures – Week of 5-7-22 – Part 2

For Part 2 we have nine additional vendor disclosures from Philips, Phoenix Contact, ProsysOPC, Rockwell Automation, Schneider (3), and Tanzu (2). We also have eleven updates from QNAP, Rockwell (2), Schneider (3), and Siemens (5). There are also researcher two reports for products from XINJE and Rockwell. Finally, we have two exploits for products from USR IOT and Spring.

Philips Advisory - Philips published an advisory that discusses the F5 BIG IP vulnerability.

Phoenix Contact Advisory - Phoenix Contact published an advisory that discusses two vulnerabilities in their RAD-ISM-900-EN-BD devices.

ProsysOPC Advisory - ProsysOPC published an advisory that describes a resource exhaustion vulnerability in their OPC UA SDK for Java that was discovered during the PWN2OWN MIAMI 2022 competition.

Rockwell Advisory - Rockwell published an advisory that discusses an infinite loop vulnerability in their ThinMan and FactoryTalk products.

Schneider Advisory #1 - Schneider published an advisory that describes six vulnerabilities in their Wiser Smart products.

Schneider Advisory #2 - Schneider published an advisory that discusses an out-of-bounds write vulnerability in their Saitel DP RTU.

Schneider Advisory #3 - Schneider published an advisory that describes an improper input validation vulnerability in their PowerLogic ION Setup product.

Tanzu Advisory #1 - Tanzu published an advisory that describes a denial-of-service vulnerability in their Spring Framework.

Tanzu Advisory #2 - Tanzu published an advisory that describes a file download vulnerability in their Spring MVC or Spring WebFlux applications.

QNAP Update - QNAP published an update for their VS Series NVR advisory that was originally published on May 6^th, 2022.

Rockwell Update #1 - Rockwell published an update for their Logix Controllers advisory that was originally published on March 31^st, 2022.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-22-090-05) for this new information.

Rockwell Update #2 - Rockwell published an update for their Logix Designer Application advisory originally published on March 31^st, 2022.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-22-090-07) for this new information.

Schneider Update #1 - Schneider published an update for their APC Smart-UPS advisory that was originally published on March 8^th, 2022 and most recently updated on March 24^th, 2022.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-21-313-01) for this new information.

Schneider Update #2 - Schneider published an update for their Network Management Card advisory that was originally published on November 9th, 2022.

Siemens Update #1 - Siemens published an update for their OpenSSL advisory that was originally reported on July 13^th, 2021 and most recently updated on April 12^th, 2022.

Siemens Update #2 - Siemens published an update for their GNU/Linux advisory that was  originally published in 2018 and most recently updated on April 14^th, 2022.

NOTE: NCCIC-ICS did not update their advisory (icsa-22-104-13) for this information.

Siemens Update #3 - Siemens published an update for their Log4Shell advisory that was was originally published on December 13^th, 2021 and most recently updated on April 12^th, 2022.

Siemens Update #4 - Siemens published an update for their Mbed TLS of LOGO! advisory that was originally published on September 14^th, 2021.

NOTE: NCCIC-ICS did not update their advisory (ICSA-21-257-20) for this new information.

Siemens published an update for their SIMATIC WinCC advisory that was originally published on November 11^th, 2021 and most recently updated on April 14^th, 2022.

NOTE: NCCIC-ICS did not update their advisory (ICSA-21-315-03) for this new information.

XINJE Report - Claroty published a report about two vulnerabilities in the XINJE PLC programming tool.

Rockwell Report - ZDI published a report about a sensitive information disclosure vulnerability in the Rockwell ISaGRAF.

USR IOT Exploit - LiquidWorm published an exploit for a hard-coded credentials vulnerability in the USR IOT 4G LTE Industrial Cellular VPN Router.

Spring4Shell Exploit - Vleminator published a Metasploit module for the SpringShell vulnerabilities.

 

For more details about these disclosures, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-34b - subscription required.