Review – Public ICS Disclosure – Week of 2-18-23

This week we have 30 vendor disclosures from Aruba Networks, Cisco, GE Grid Solutions (19), Generex, GigaVUE, HP, HPE, Prosys OPC, Sick, VMware (2), and Zyxel. We have four vendor updates from HPE (3), and Software Toolbox. We also have six researcher reports for products from EIP Stack Group (3), Fortinet, Netmodule, and ODA. Finally, we have an exploit for products from Kardex.

Vendor Disclosures

Aruba Advisory - Aruba published an advisory that discusses four vulnerabilities in multiple products.

Cisco Advisory - Cisco published an advisory that describes a cross-site request forgery vulnerability in their Application Policy Infrastructure Controller and Cisco Cloud Network Controller.

GE Grid Solutions Advisories - GE published 19 advisories for vulnerabilities for various products. These advisories are only available to registered customers.

Generex Advisory - Incibe CERT published an advisory that describes seven vulnerabilities in the Generex UPS CS141 adapter.

GigaVUE Advisory - Incibe CERT published an advisory that describes a reflected cross-site scripting vulnerability in the GigaVUE-FM.

HP Advisory - HP published an advisory that describes four time-of-check to time-of use (TOCTOU) vulnerabilities in their HP BIOS.

HPE Advisory - HPE published an advisory that describes three vulnerabilities in their Serviceguard on Linux products.

OPC UA Advisory - Prosys OPC published an advisory that describes a resource exhaustion vulnerability in their Simulation Server and SDK for Java products.

Sick Advisory - Sick published an advisory that describes two missing authentication for critical function vulnerabilities in their FX0-GPNT and FX0-GENT products.

VMware Advisory #1 - VMware published an advisory that describes an injection vulnerability in their Carbon Black App Control product.

VMware Advisory #2 - VMware published an advisory that describes an XML external entity vulnerability in their vRealize Orchestrator product.

Zyxel Advisory - Zyxel published an advisory that describes a misconfiguration vulnerability in their LTE3202-M437 and LTE3316-M604. 4G LTE indoor routers.

Vendor Updates

HPE Update #1 - HPE published an update for their Synergy Servers advisory that was originally published on February 14th.

HPE Update #2 - HPE published an update for their ProLiant DX Servers advisory that was originally published on February 14th, 2023.

Software Toolbox Update - Software Toolbox published an update for their TOP Server DNP3 Client Suite Drivers advisory that was originally published on August 22^nd, 2013.

Researcher Reports

EIP Report #1 - Cisco Talos published a report that describes an out-of-bounds write vulnerability in the EIP Stack Group OpENer SetAttributeList.

EIP Report #2 - Cisco Talos published a report that describes an out-of-bounds write vulnerability in the EIP Stack Group OpENer GetAttributeList.

EIP Report #3 - Cisco Talos published a report that describes a use of unitialized pointer vulnerability in the Group OpENer Forward Open connection_management_entry.

Fortinet Report - Horizon3 published a report that describes an externally controlled reference to a resource in another sphere vulnerability in the Fortinet FortiNAC product.

Netmodule Report - Onekey published a report that describes two vulnerabilities in the Netmodule industrial routers. This is a coordinated disclosure.

ODA Report - The Zero Day initiative published a report that describes an out-of-bounds write vulnerability in the Open Design Alliance (ODA) Drawing SDK product.

Exploits

Kardex Exploit - Patrick Hener and Nico Viakowski published an exploit for a code injection vulnerability in the Kardex Mlog automated storage system.

 

For more details about these disclosures, including links to third-part advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-2-18 - subscription required.