Review – Public ICS Disclosures – Week of 3-25-23

This week we have 18 vendor disclosures from ABB (2), Altenergy, Aruba Networks, Contec, GE Gas Power, Hitachi Energy, HP, HPE, JTEKT, Philips, QNAP (6), and VARTA. There are two updates from Broadcom and HPE. There are also six researcher reports for vulnerabilities from Phoenix Contact and Bentley (5). Finally, we have an exploit for products from Fortinet.

Advisories

ABB Advisory #1- ABB published an advisory that describes the use of a default password vulnerability in their RCCMD product.

ABB Advisory #2 - ABB published an advisory that describes an exposure of sensitive information to unauthorized actor vulnerability in their Flow-X product.

Altenergy Advisory - Incibe Cert published an advisory that describes an OS command injection vulnerability in the Altenergy Power System control software.

Aruba Advisory - Aruba published an advisory that discusses the Framing Frames vulnerability.

Contec Advisory - Contec published an advisory that describes an SQL injection vulnerability in their CONPROSYS HMI System.

GE Advisory - GE published an advisory that discusses the Microsoft DCOM policies hardening implemented by the recent Microsoft update and its potential effect on DCS communications.

Hitachi Energy - Hitachi published an advisory that describes five vulnerabilities in their MicroSCADA System Data Manager SDM600 Product.

HP Advisory - HP published an advisory that describes an information disclosure vulnerability in their DesignJet and PageWide XL TAA compliant printers.

HPE Advisory - HPE published an advisory that describes an out-of-bounds write vulnerability in their Intel 700 and E810 Series Ethernet Controllers.

JTEKT Advisory - JP-CERT published an advisory that describes an improper restriction of operations within the bounds of a memory buffer vulnerability in the JTEKT Screen Creator Advance 2.

Philips Advisory - Philips published an advisory that discusses a Protected Extensible Authentication Protocol (PEAP) vulnerability.

QNAP Advisory #1 - QNAP published an advisory that discusses four vulnerabilities in their QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR, QES products.

QNAP Advisory #2 - QNAP published an advisory that discusses an improper privilege management vulnerability in their QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) products.

QNAP Advisory #3 - QNAP published an advisory that describes an OS command injection vulnerability in their QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR products.

QNAP Advisory #4 – QNAP published an advisory that describes two out-of-bounds read vulnerabilities in their QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) products.

QNAP Advisory #5 - QNAP published an advisory that discusses a buffer overflow vulnerability in their QTS, QVP (QVR Pro appliances) products.

QNAP Advisory #6 - QNAP published an advisory that discusses two vulnerabilities in their QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR products.

VARTA Advisory - CERT VDE published an advisory that describes a use of hard-coded credentials vulnerability in the VARTA energy storage systems.

Updates

Broadcom Update - Broadcom published an update for their Java SE advisory that was originally published on August 25^th, 2017 and most recently updated on September 8^th, 2017.

HPE Update - HPE published an update for their NonStop advisory that was originally published on July 18^th, 2022 and most recently updated on January 13^th, 2023.

Researcher Reports

Phoenix Contact Report - Onekey published a report describing two vulnerabilities in the Phoenix Contact routers. The report includes proof-of-concept code.

Bentley Reports - The Zero Day Initiative published five reports about vulnerabilities in the Bentley View product.

Exploits

Fortinet Exploit - Felipe Alcantara published an exploit for an authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager products.

 

For more details about these disclosures, including links to 3rd party advisories, researcher reports and exploits, as well as brief summaries for changes in the updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-2b3 - subscription required.