Review – Public ICS Disclosures – Week of 3-11-23 – Part 1

This week we have nine vendor disclosures from Aruba Networks, Carrier, Contec, Hitachi Energy, HPE (2), InHand Networks, Moxa, and Phoenix Contact. There are five vendor updates from HPE (4) and Moxa. Finally, we have three exploits for products from Eaton, Riello, and Fortinet.

In Part 2 this week I will look at disclosures from Schneider and Siemens.

Advisories

Aruba Advisory - Aruba published an advisory that describes eight vulnerabilities in their ClearPass Policy Manager program.

Carrier Advisory - Carrier published an advisory that discusses a server side request forgery vulnerability in their g LenelS2 supported platform.

Contec Advisory - Contec published an advisory that describes three vulnerabilities in their CONPROSYS M2M Gateway Series, M2M Controller Series products.

Hitachi Energy Advisory - Hitachi published an advisory that discusses a permissions, privileges, and access control vulnerability in their MicroSCADA Pro/X SYS600 Products.

HPE Advisory #1 - HPE published an advisory that discusses eight vulnerabilities in their NonStop servers.

HPE Advisory #2 - HPE published an advisory that describes a cross-site scripting vulnerability in their Integrated Lights-Out products.

InHand Advisory - InHand published an advisory that describes five vulnerabilities in their InRouter615-S industrial routers.

Moxa Advisory - Moxa published an advisory that describes two improper certificate validation vulnerabilities in their NPort 6000 Series and Windows Driver Manager products.

Phoenix Contact Advisory - Phoenix Contact published an advisory that discusses five vulnerabilities in their ENERGY AXC PU product.

Updates

HPE Update #1 - HPE published an update for their FlexNetwork and FlexFabric Switches advisory that was originally published on July 30^th, 2022.

HPE Update #2 - HPE published an update for their OneView for VMware vCenter advisory that was originally published on February 17^th, 2023.

HPE Update #3 - HPE published an update for their ProLiant Moonshot Servers advisory that was originally published on November 8^th, 2022.

HPE Update #4 - HPE published an update for their ProLiant BL/DL/ML Servers advisory that was originally published on November 8^th, 2022.

Moxa Update - Moxa published an update for their UC Series advisory that was originally published on November 29^th, 2022 and most recently updated on February 9^th, 2023.

Exploits

Eaton Exploit - Yehia Elghaly published an exploit for a denial-of-service vulnerability in the Eaton Webpower UPS.

Reillo Exploit - Ricardo Jose Ruiz Fernandez published an exploit for shell bypass vulnerability in the Riello UPS system.

Fortinet Exploit - Jheysel-r7, Zach Hanley, and Gwendal Guegniaud published a Metasploit module for an externally controlled reference to a resource in another sphere vulnerability in the FortiNAC.

 

For more details about these disclosures, including links to third-party advisories, researcher reports and summary of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-d50  - subscription required.