Review – Public ICS Disclosures – Week of 6-25-22 – Part 2

For Part 2 we have ten vendor updates for CODESYS (6), Dell, HP (3), and HPE. We have six researcher reports for products from Robustel (4), ExpressLRS, and Carel.

CODESYS Update #1 - CODESYS published an update for their Control V3 configuration file advisory that was that was originally published on March 24th, 2022, and most recently updated on June 10^th, 2022.

CODESYS Update #2 - CODESYS published an update for their CODESYS communication protocol advisory that was originally published on March 24^th, 2022 and most recently updated on April 6^th, 2022

CODESYS Update #3 - CODESYS published an update for their Control V3 online user management advisory that was originally published on March 24^th, 2022 and most recently updated on April 6^th, 2022.

CODESYS Update #4 - CODESYS published an update for their V3 products containing a CODESYS communication server that was originally published on March 24^th, 2022 and most recently updated on April 6^th, 2022.

CODESYS Update #5 - CODESYS published an update for their V3 web server advisory that was originally published on March 24^th, 2022 and most recently updated on April 6^th, 2022.

CODESYS Update #6 - CODESYS published an update for their V3 products containing a CODESYS communication server advisory that was originally published on May 19^th, 2022 and most recently updated on May 30^th, 2022.

Dell Update - Dell published an update for their Wyse ThinOS advisory that was originally published on July 21^st, 2021.

HP Update #1 - HP published an update for their Intel® Boot Guard and Intel® TXT Security advisory that was originally published on May 10^th, 2022.

HP Update #2 - HP published an update for their Intel 2022.1 IPU BIOS advisory that was originally published on July 21^st, 2021.

HP Update #3 - HP published an update for their AMD Client UEFI Firmware advisory that was originally published on July 21^st, 2021.

HPE Update - HPE published an update for their HP-UX Using OpenSSL advisory that was originally published on May 19^th, 2022.

Robustel Reports – Cisco Talos published four reports for ten vulnerabilities in the Robustel R1510 web server.

ExpressLRS Report - NCC Group published a report describing a discoverable binding phrase for radio linkages in the ExpressLRS radio control link.

Carel Report - Zero Science published a report describing a directory traversal vulnerability in the Carel pCOWeb HVAC BACnet Gateway.

 

For more details on these updates and reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-2ec  - subscription required.