Review – Public ICS Disclosures – Week of 9-3-22

This week we have twelve vendor disclosures from Aruba Networks, Helmholz (2), Hitachi, Hitachi Energy (3), HP, MB Connect (2), QNAP and Wireshark. We also have ten vendor updates from HPE (2), MB Connect, and Schneider (7). Finally, we have four researcher reports for products from mySCADA, Berghof, Honeywell, and Tesla.

Aruba Advisory - Aruba published an advisory that describes fourteen vulnerabilities in their ClearPass Policy Manager.

Helmholz Advisory #1 - CERT-VDE published an advisory that describes an observable response discrepancy vulnerability in the Helmholz myREX24 and myREX24.virtual servers.

Helmholz Advisory #2 - CERT-VDE published an advisory that discusses twenty vulnerabilities in the Helmholz myREX24 and myREX24.virtual servers.

Hitachi Advisory - Hitachi published an advisory that discusses 39 vulnerabilities in their Disk Array Systems.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that describes five vulnerabilities in their MicroSCADA Pro/X SYS600 Products.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that discusses two vulnerabilities in their MicroSCADA Pro/X SYS600 Products.

Hitachi Energy Advisory #3 - Hitachi Energy published an advisory that discusses a classic buffer overflow vulnerability in their AFS660/AFS665 series switches.

HP Advisory - HP published an advisory that describes a DLL hijacking vulnerability in their Support Assistant product.

MB Connect Advisory #1- MB Connect published an advisory that describes a user enumeration vulnerability in their mbCONNECT24/mymbCONNECT24 products.

MB Connect Advisory #2 - MB Connect published an advisory that describes an information disclosure vulnerability in their mbCONNECT24/mymbCONNECT24 products.

Wireshark Advisory - Wireshark published an advisory that describes an infinite loop vulnerability in their F5 Ethernet Trailer dissector.

QNAP Advisory - QNAP published an advisory that describes an externally controlled reference to a resource in another sphere vulnerability in their NAS running Photo Station.

HPE Update #1 - HPE published an update for their HPE Superdome Flex advisory that was originally published on June 7^th, 2022 and most recently updated on July 7^th, 2022.

HPE Update #2 - HPE published an update for their Integrated Lights-Out advisory that was originally published on July 28^th, 2022 and most recently updated on August 17^th, 2022.

MB Connect Update #1 - CERT-VDE published an update for their mbCONNECT24 advisory that was originally published on February 16^th, 2021.

MB Connect Update #2 - CERT-VDE published an update for their mbCONNECT24 advisory that was originally published on August 2^nd, 2022.

Schneider Update #1 - Schneider published an update for their FTP Server advisory that was originally published on March 22^nd, 2018 and most recently updated on August 9^th, 2022.

Schneider Update #2 - Schneider published an update for their Modicon Controllers advisory that was originally published on September 26^th, 2019 and most recently updated on August 9^th, 2022.

Schneider Update #3 - Schneider published an update for their EcoStruxure Control Expert advisory that was originally published on July 13^th, 2021 and most recently updated on August 9^th, 2022.

Schneider Update #4 - Schneider published an update for their EcoStruxure Control Expert advisory that was originally published on August 9^th, 2022.

Schneider Update #5 - Schneider published an update for their Modicon PAC Controllers advisory that was originally published on August 9^th, 2022.

Schneider Update #6 - Schneider published an update for their Modicon PAC Controllers advisory that was originally published on August 9^th, 2022.

Schneider Update #7 - Schneider published an update for their Modicon PAC Controllers advisory that originally published on August 10^th, 2021 and most recently updated on August 9^th, 2022.

MySCADA Report - AWESEC published a report with proof-of-concept code on a command injection vulnerability in the mySCADA myPRO HMI/SCADA systems.

Berghof Report - OTORIO published a report discussing a recent hack of Berghoff PLC’s by “a hacktivist group ‘GhostSec’”.

Honeywell Report - SCADAfence published a report describing four vulnerabilities in the Honeywell Alerton Ascent Control Module.

Tesla Report - The Zero Day Initiative published a report about an arbitrary code execution vulnerability in affected Tesla vehicles.

 

For more details about these disclosures, including links to researcher reports and 3rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-5a0 - subscription required.