Review – Public ICS Disclosures – Week of 11-19-22

This week we have twenty-one vendor disclosures from ABB, Aruba Networks, Belden (3), Bosch, B&R, HPE (2), Johnson and Johnson, Miele, Mitsubishi (2), Moxa (2), Omron, PcVue, Pilz (3), Unified Automation. We have two vendor updates from Mitsubishi and Schneider. Finally, we have three researcher reports of vulnerabilities in products from Callback Technologies.

Vendor Advisories

ABB Advisory - ABB published an advisory that discusses seven vulnerabilities (two with known exploits) in their ARM600 M2M Gateway.

Aruba Advisory - Aruba published an advisory that describes thirteen vulnerabilities in their EdgeConnect Enterprise product.

Belden Advisory #1 - Belden published an advisory that describes 23 vulnerabilities in their Hirschmann BAT-C2 product.

Belden Advisory #2 - Belden published an advisory that discusses an infinite loop vulnerability (with known exploit) in their Hirschmann HiLCOS products.

Belden Advisory #3 - Belden published an advisory that describes a command injection vulnerability in their Hirschmann BAT-C2.

Bosch Advisory - Bosch published an advisory that discusses 67 vulnerabilities (some with known exploits) in their PRA-ES8P2S Ethernet-Switch.

B&R Advisory - B&R published an advisory that discusses a link following vulnerability in a variety of their products.

HPE Advisory #1 - HPE published an advisory that discusses an information disclosure vulnerability in their IceWall Products.

HPE Advisory #2 - HPE published an advisory that describes four code execution vulnerabilities in their Cloudline CL2100/CL2200 Gen10 Servers.

J&J Advisory - J&J published an advisory that discusses the PrintNightmare vulnerability in their CARTO® 3 System.

Miele Advisory - CERT-VDE published an advisory that describes an authorization bypass through user-controlled key vulnerability in the Miele.

Mitsubishi Advisory #1 - Mitsubishi published an advisory that describes ten vulnerabilities in multiple FA Engineering Software products.

Mitsubishi Advisory #2 - Mitsubishi published an advisory that describes a denial-of-service vulnerability in their GOT2000 Series.

Moxa Advisory #1 - Moxa published an advisory that describes two vulnerabilities in multiple router products.

Moxa Advisory #2 - Moxa published an advisory that describes a privilege escalation vulnerability in their TN-5916 Series routers.

Omron Advisory - JP Cert published an advisory that describes three vulnerabilities in the Omron CX-Programmer.

PcVue Advisory - PcVue published an advisory that describes a clear-text storage of sensitive information vulnerability in PcVue product.

Pilz Advisory #1 - Pilz published an advisory that describes a path traversal vulnerability in several Pilz products.

Pilz Advisory #2 - Pilz published an advisory that describes two vulnerabilities (one with known exploit) in their PASvisu HMI solution.

Pilz Advisory #3 - Pilz published an advisory that describes two path traversal vulnerabilities (one with known exploit) in several Pilz products.

Unified Automation - Unified Automation published an advisory that discusses an incorrect permission assignment for critical resource vulnerability in their OPC UA SDK.

Vendor Updates

Mitsubishi Update - Mitsubishi published an update for their Ethernet Port advisory that was originally published on November 30^th, 2021 and most recently updated on July 26^th, 2022.

NOTE: NCCIC-ICS did not update their advisory (ICSA-21-334-02) for this new information, almost certainly because of the Thanksgiving holiday. I expect we will see that update this coming week.

Schneider Update - Schneider published an update for their APC Smart UPS advisory that was originally published on March 8^th, 2022 and most recently updated on August 19^th, 2022.

Researcher Reports

Callback Report #1 - Talos published a report describing a NULL pointer dereference vulnerability in the Callback CBFS Filter.

Callback Report #2 - Talos published a report describing a NULL pointer dereference vulnerability in the Callback CBFS Filter.

Callback Report #3 - Talos published a report describing a NULL pointer dereference vulnerability in the Callback CBFS Filter.

 

For more details on these disclosures, including links to third-party reports, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-6d2 - subscription required.