Saturday, December 24, 2022

Review – Public ICS Disclosures – Week of 12-17-22

This week we have an OpenSSL 3.0 disclosure from Palo Alto Networks. There are nine vendor disclosures from Dahua, Dell, DIGI, Hikvision, HPE, Microchip, Motorola Solutions, TandD, and Western Digital. Finally, there is a vendor update from Siemens.

OpenSSL. 3.0

Palo Alto Networks published an advisory discussing the OpenSSL 3.0 vulnerabilities.

Vendor Disclosures

Dahua Advisory - Dahua published an advisory that describes twelve vulnerabilities in a variety of Dahua products.

Dell Advisory - Dell published an advisory that describes nine vulnerabilities (includes 3 third-party vulnerabilities) in their Wyse Management Suite. 

DIGI Advisory - DIGI published an advisory that discusses the FragAttack vulnerabilities.

Hikvision Advisory - Hikvision published an advisory that describes an access control vulnerability in their wireless bridge products.

HPE Advisory #1 - HPE published an advisory that directory traversal vulnerability in their OfficeConnect 1820, and 1850 Switch Series.

HPE Advisory #2 - HPE published an advisory that describes a data injection vulnerability in their Superdome Flex and Superdome Flex 280 Servers.

Microchip Advisory - Microchip published an advisory that discusses the Blue's Clues vulnerabilities.

NOTE: Watch Blue’s Clues (sorry, I could not help myself), cute name and everything. It looks like this will be a major issue for Bluetooth enabled devices, particularly medical devices.

Motorola Advisory - Motorola published an advisory discussing the Fortinet buffer overflow vulnerability.

TandD Advisory - TandD published an end of support notice for products operating on Windows 7 and Windows 8 platforms.

Western Digital Advisory - Western Digital published an advisory describing an information disclosure vulnerability in their My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices.

Vendor Updates

Siemens Update - Siemens published an update for their SIPROTEC 5 Devices advisory that was originally published on December 13th, 2022.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-22-349-14) for the new information.

 

For more details about these disclosures, including links to third-party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-f5b - subscription required.

Posted by at
Labels: , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */