Review – Public ICS Disclosures – Week of 2-11-23 – Part 1

While the Saturday after the 2^nd Tuesday is typically a heavy day for reporting control system security advisories, this particular Saturday is the worst that I have seen. To be able to get through all of the reporting I am going to have to resort to bulk listing of advisories for some vendors instead of my normal digest. I hope this will still be helpful.

This week we have 125 vendor disclosures from B&R (2), FortiGuard (40), Fujitsu, GE Gas Power, Hitachi Energy (12), HP (2), HPE (50), Insyde (12), Moxa, Phoenix Contact, Splunk (2), and WAGO.

In Part 2 I will look at this week’s Schneider and Siemens advisories that were published on Tuesday as well as two exploits that were published this week.

Vendor Advisories

B&R Advisory #1 - B&R published an advisory that describes a cross-site scripting vulnerability in their Automation Runtime product.

B&R Advisory #2 - B&R published an advisory that discusses 22 vulnerabilities in their APC, PPC, and MPC product lines.

FortiGuard Advisories - FortiGuard published 40 advisories for multiple vulnerabilities in multiple products.

Fujitsu Advisory - Fujitsu published an advisory that discusses 12 vulnerabilities in multiple Fujitsu products.

GE Advisory - GE Gas Power published an advisory that discusses an out-of-bounds write vulnerability in their NetworkST4 and M&D Lockbox products.

Hitachi Advisory #1 - Hitachi Energy published an advisory that discusses two vulnerabilities in their Gateway Station (GWS) Product.

Hitachi Advisory #2 - Hitachi published an advisory that discusses four improper input validation vulnerabilities in their Gateway Station (GWS) product.

Hitachi Advisories #3-12 - Hitachi Energy published ten advisories that describe an IEC 61850 MMS-Server vulnerability in multiple Hitachi product lines.

HP Advisory #1 - HP published an advisory that discusses an out-of-bounds read vulnerability in multiple product lines.

HP Advisory #2 - HP published an advisory that discusses five vulnerabilities in multiple product lines.

HPE Advisories - HPE published 50 advisories for multiple vulnerabilities in multiple product lines. Most of the reported vulnerabilities are third-party vulnerabilities.

Insyde Advisories - Insyde published 12 advisories for separate vulnerabilities in various libraries and services provided by Insyde.

Moxa Advisory - Moxa published an advisory that discusses a DNS cache poisoning vulnerability in the uClibc-ng libraries.

Phoenix Contact Advisory - Phoenix Contact published an advisory that discusses 64 vulnerabilities in their PLCnext Firmware.

Splunk Advisory #1 - Splunk published an advisory that discusses the Text4Shell vulnerability.

Splunk Advisory #2 - Splunk published an advisory that discusses nine vulnerabilities in the their Enterprise Package.

WAGO Advisory - CERT VDE published an advisory that describes a hidden functionality vulnerability in the WAGO Unmanaged Switch.

 

For more details on these disclosures, including list of affected products, links to researcher reports, 3^rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-47f - subscription required.