Review – Public ICS Disclosures – Week of 3-4-23

This week we have 26 vendor disclosures from ABB, Apache, DrayTek, FortiGuard Labs (15), GE Grid Solutions, Hitachi, HPE (2), Insyde, Mitsubishi, Moxa, and Phoenix Contact. And we have two exploits for products from Real Time Automation and AgileBio.

Advisories

ABB Advisory - ABB published an advisory that discusses an improper input validation vulnerability in their Substation management unit COM600.

Apache Advisory - Apache announced a memory exhaustion vulnerability in unsupported versions of Apache Log4j.

DrayTek Advisory - DrayTek published an advisory that describes a cross-site scripting vulnerability in their Vigor routers.

FortiGuard Advisory #1 - FortiGuard published an advisory that describes an incomplete filtering of one or more instances of special elements vulnerability in their FortiWeb and FortiRecorder.

FortiGuard Advisory #2 - FortiGuard published an advisory that describes an OS command injection vulnerability in their FortiWeb products.

FortiGuard Advisory #3 - FortiGuard published an advisory that describes an access control vulnerability in their FortiSOAR's playbook.

FortiGuard Advisory #4 - FortiGuard published an advisory that describes an uncontrolled resource consumption vulnerability in their FortiRecorder products.

FortiGuard Advisory #5 - FortiGuard published an advisory that describes an exposure of sensitive information to unauthorized actor vulnerability in their FortiOS and FortiProxy products.

FortiGuard Advisory #6 - FortiGuard published an advisory that describes a path traversal vulnerability in their FortiOS and FortiProxy products.

FortiGuard Advisory #7 - FortiGuard published an advisory that describes a buffer underwrite vulnerability in their FortiOS and FortiProxy products.

FortiGuard Advisory #8 - FortiGuard published an advisory that describes a path traversal vulnerability in their FortiOS products.

FortiGuard Advisory #9 - FortiGuard published an advisory that describes an access of an unitialized pointer vulnerability in their FortiOS and FortiProxy products.

FortiGuard Advisory #10 - FortiGuard published an advisory that describes an improper privilege management vulnerability in their FortiNAC products.

FortiGuard Advisory #11 - FortiGuard published an advisory that describes a reflected cross-site scripting vulnerability in their FortiNAC products.

FortiGuard Advisory #12 - FortiGuard published an advisory that describes an exposure of sensitive information to unauthorized actor vulnerability in their FortiManager, FortiAnalyzer, FortiPortal and FortiSwitch products.

FortiGuard Advisory #13 - FortiGuard published an advisory that describes an improper restriction of excessive authorization attempts vulnerability in their FortiAuthenticator, FortiDeceptor and FortiMail products.

FortiGuard Advisory #14 - FortiGuard published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their FortiAnalyzer products.

FortiGuard Advisory #15 - FortiGuard published an advisory that describes an improper neutralization of formula elements vulnerability in their FortiAnalyzer products.

GE Advisory - GE Grid Solutions published an advisory for their Reason S20 products.

Hitachi Advisory - Hitachi published an advisory that discusses 36 vulnerabilities in their Disk Array Systems. These are third-party (Microsoft) vulnerabilities.

HPE Advisory #1 - HPE published an advisory that describes a host head injection vulnerability in their FlexFabric 5700 Switches.

HPE Advisory #2 - HPE published an advisory that describes an information disclosure vulnerability in their Superdome Flex and Superdome Flex 280 Servers.

Insyde Advisory - Insyde published an advisory that describes a stack-based buffer overflow vulnerability in multiple products.

Mitsubishi Advisory - Mitsubishi published an advisory that discusses two classic buffer overflow vulnerabilities in their GENESIS64 product.

Moxa Advisory - Moxa published an advisory [added link - 5-25-23 1330 EDT] that describes two vulnerabilities in their MXsecurity series.

Phoenix Contact Advisory - Phoenix Contact published an advisory that discusses two vulnerabilities in their TC ROUTER and CLOUD CLIENT.

Exploits

Real Time Automation Exploit - Yehia Eighaly published an exploit for a cross-site scripting vulnerability in the Real Time Automation 460MCBS - Modbus TCP to BACnet/IP Gateway.

AgileBio Exploit – Anthony Cole published an exploit for a remote code execution vulnerability in the AbileBio LabCollector LIMS system.

For more details on these disclosures, including links to third-party advisories and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-07f - subscription required.