Review – Public ICS Disclosures – Week of 7-9-22 – Part 2

For part two we start with five vendor disclosures from Inductive Automation, and Schneider Electric (4). We also have thirteen vendor updates from Fanuc, HPE (2), OPC Foundation, Schneider (6), and Siemens (3). Finally, we have one researcher report on products from Festo.

Inductive Automation Advisory - Inductive Automation published a blog post on five vulnerabilities in their Ignition control server that were discovered during the Pwn-to-Own competition at the recent S4x22 conference.

Schneider Advisory #1 - Schneider published an advisory that describes seven vulnerabilities in their OPC UA and X80 Advanced RTU Modicon communications modules.

Schneider Advisory #2 - Schneider published an advisory that describes an OS command injection vulnerability in their SpaceLogic C-Bus Home Controller.

Schneider Advisory #3 - Schneider published an advisory that describes an improper privilege management vulnerability in their Acti9 PowerTag Link C product.

Schneider Advisory #4 - Schneider published an advisory that describes three vulnerabilities in their Easergy P5 product line.

Fanuc Update - Fanuc published an update for their ROBOGUIDE advisory that was originally published on April 8^th, 2022 and most recently updated on April 27^th, 2022.

HPE Update #1 - HPE published an update for their ProLiant BL/DL/ML/XL/MicroServer advisory that was originally published on June 14^th, 2022.

HPE Update #2 - HPE published an update for their ProLiant BL/DL/ML/XL/MicroServer advisory that was  originally published on May 10^th, 2022 and most recently updated on June 22^nd, 2022.

OPC Foundation Update - The OPC Foundation published an update for their OPC UA .NET Standard Stack advisory that was originally published on May 1^st, 2022.

Schneider Update #1 - Schneider published an update for their CODESYS V3 Runtime advisory that was originally published on January 11^th, 2022 and most recently updated on April 12^th, 2022.

Schneider Update #2 - Schneider published an update for their APC Smart-UPS advisory that was originally published on March 8^th, 2022 and most recently updated on June 14^th, 2022.

Schneider Update #3 - Schneider published an update for their IGSS advisory that was originally published on April 12^th, 2022

Schneider Update #4 - Schneider published an update for their ATT Labs Compressor advisory that was originally published on August 10^th, 2021 and most recently updated on April 12^th, 2022.

Schneider Update #5 - Schneider published an update for their EcoStruxure advisory that was originally published on July 13^th, 2021 and most recently updated on April 12^th, 2022.

Schneider Update #6 - Schneider published an update for their EcoStruxureTM Control Expert advisory that was originally published on September 14^th, 2021, and most recently updated on March 8^th, 2022.

Siemens Update #1 - Siemens published an update for their GNU/Linux advisory that was  originally published in 2018 and most recently updated on June 14^th, 2022.

Siemens Update #2 - Siemens published an update for their Insyde Bios advisory that was originally published on February 22^nd, 2022 and most recently updated on March 8^th, 2022.

Siemens Update #3 - Siemens published an update for their OpenSSL advisory that was originally reported on July 13^th, 2021 and most recently updated on June 14^th 2022.

Festo Report - OneKey published a report discussing four vulnerabilities in the FESTO Controller CECC-X-M1.

 

For more details on these disclosures, including brief description of update changes, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-094  - subscription required.