Review – Public ICS Disclosures – Week of 6-25-22 – Part 1

This has been a relatively busy disclosure week. For Part 1 this week we have 15 vendor disclosures from Belden, Hitachi, Hitachi Energy, Honeywell, HPE (7), Luxion, Omron (2), and Philips.

Belden Advisory - Belden published an advisory that discusses the FragAttacks WiFi vulnerabilities in their ProSoft RadioLinx RLX2.

Hitachi Advisory - Hitachi published an advisory that discusses 30 vulnerabilities in their Virtual Storage Platform products.

Hitachi Energy Advisory - Hitachi Energy published an advisory that describes a stack-based buffer overflow vulnerability in their RTU500 series Product.

Honeywell Notice - Honeywell published a notice of discontinued technical phone support for their PRO2200 Series and to the PROCVT1 communication peripheral.

HPE Advisory #1 - HPE published an advisory that describes a cross-site scripting vulnerability in their FlexNetwork and FlexFabric Switches.

HPE Advisory #2 - HPE published an advisory that describes an SQL injection vulnerability in their IceWall Products Using SSO Certd.

HPE Advisory #3 - HPE published an advisory that discusses eleven vulnerabilities in their HPE SimpliVity Servers.

HPE Advisory #4 - HPE published an advisory that discusses two vulnerabilities in their SimpliVity Servers.

HPE Advisory #5 - HPE published an advisory that discusses four incomplete cleanup vulnerabilities in their SimpliVity Servers.

HPE Advisory #6 - HPE published an advisory that discusses eleven vulnerabilities in their Moonshot/Edgeline Servers.

HPE Advisory #7 - HPE published an advisory that discusses nine vulnerabilities in their B-Series SANnav Management Portal.

Luxion Advisory - Luxion published an advisory that describes an information disclosure vulnerability in their KeyShot Network Rendering.

Omron Advisory #1 - Omron Advisories - Omron published an advisory that describes an authentication bypass by capture-replay vulnerability in their NJ/NX-series Machine Automation Controllers.

Omron Advisory #2 - Omron published an advisory that describes two vulnerabilities in their NJ/NX-series Machine Automation Controllers.

Philips Advisory - Philips published an advisory that discusses the Follina vulnerability.

 

For more details about these disclosures, including links to third-party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-d29 - subscription required.