Review – Public ICS Disclosures – Week of 9-10-22 – Part 1

This is the weekend after the 2^nd Tuesday disclosures so this will be a two-part report. For Part 1 we have 39 vendor disclosures from Broadcom (25), Dell, Hitachi Energy, Honeywell, HPE (2), Palo Alto Networks (4), Schneider, Red Lion, TI, and VISAM.

Broadcom Advisories - Broadcom published 25 advisories for vulnerabilities in Brocade Fabric OS.

Dell Advisory - Dell published an advisory that describes a regular expression vulnerability in the their Wyse ThinOS.

Hitachi Energy Advisory - Hitachi Energy published an advisory that discusses 48 vulnerabilities in their Disk Array products.

Honeywell Advisory - Honeywell published an advisory that announces the end-of-life status of certain OmniProx™ Clamshell Prox Card SKUs.

HPE Advisory #1 - HPE published an advisory that describes four vulnerabilities in their Integrated Lights-Out 5 products.

HPE Advisory #2 - HPE published an advisory that discusses an infinite loop vulnerability in their Integrated Lights-Out 5 (iLO 5), and Integrated Lights-out 4 products.

Palo Alto Networks Advisory #1 - Palo Alto Networks published an advisory that describes a link following vulnerability in their Cortex XDR Agent.

Palo Alto Networks Advisory #2 - Palo Alto Networks published an advisory that discusses a Windows® registry vulnerability in their Cortex XDR Agent.

Palo Alto Networks Advisory #3 - Palo Alto Networks published an advisory that discusses an improper input validation vulnerability in the NVIDIA Dataplane Development Kit.

Palo Alto Networks Advisory #4 - Palo Alto Networks published an advisory that discusses a file access vulnerability in their Cortex XDR Agent.

Schneider Advisory - Schneider published an advisory that describes a deserialization of untrusted data vulnerability in their EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio products.

Red Lion Advisory - Red Lion published an advisory that describes a path traversal vulnerability in their Crimson software.

TI Advisory - TI published an advisory that describes a flash memory vulnerability in their SimpleLink MSP432EXX SDK.

VISAM Advisory - Incibe-CERT published an advisory describing a credential disclosure vulnerability in the VISAM VBASE.

 

For more details about these disclosures, including links to third-party vulnerabilities and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-8df - subscription required.