Review – Public ICS Disclosures – Week of 9-17-22

This week we have seventeen vendor disclosures from Bosch, Festo, HPE (3), Insyde (7), PcVue (2), Rockwell, Tanzu, and Western Digital. We also have an update from PcVue.

Bosch Advisory - Bosch published an advisory that describes an information disclosure vulnerability in their VIDEOJET Decoder VJD-7513.

Festo Advisory - CERT-VDE published an advisory that describes an improper privilege management vulnerability in the Festo Festo control block CPX-CEC-C1 and CPX-CMXX.

HPE Advisory #1 - HPE published an advisory that discusses an information disclosure vulnerability in their Edgeline Servers.

HPE Advisory #2 - HPE published an advisory that discusses a privilege escalation vulnerability in their Edgeline Servers.

HPE Advisory #3 - HPE published an advisory that discusses 28 vulnerabilities in their SAN switches.

Insyde Advisory #1 - Insyde published an advisory that describes an SMM arbitrary code execution vulnerability in their InsydeH2O product.

Insyde Advisory #2 - Insyde published an advisory that describes a memory leak vulnerability in their InsydeH2O product.

Insyde Advisory #3 - Insyde published an advisory that describes an arbitrary code execution vulnerability in their InsydeH2O product.

Insyde Advisory #4 - Insyde published an advisory that describes a memory corruption vulnerability in their InsydeH2O product.

Insyde Advisory #5 - Insyde published an advisory that that describes a memory corruption vulnerability in their InsydeH2O product.

Insyde Advisory #6 - Insyde published an advisory that describes a memory leak vulnerability in their InsydeH2O product.

Insyde Advisory #7 - Insyde published an advisory that describes a memory corruption vulnerability in their InsydeH2O product.

PcVue Advisory #1 - PcVue published an advisory that describes a sensitive information in log file vulnerability in their PcVue 15 product.

PcVue Advisory #2 - PcVue published an advisory that discusses an access of uninitialized pointer vulnerability in their PcVue product.

Rockwell Advisory - Rockwell published an advisory that describes a heap-based buffer overflow vulnerability in their ThinManager ThinServer software.

Tanzu Advisory - Tanzu published an advisory that describes an information disclosure vulnerability in their Spring Data REST product.

Western Digital Advisory - Western Digital published an advisory that describes a use of weak hash vulnerability in their WD Discovery products.

PcVue Update - PcVue published an update for their OAuth configuration advisory that was originally published on August 8^th, 2022.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-22-235-01) to reflect this new information.

 

For more details on these disclosures, including links to third-party advisories and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/publish/post/74741456 - subscription required.