Review – Public ICS Disclosures – Week of 4-8-23 – Part 2

For Part 2 we have 30 additional vendor disclosures from FortiGuard (22), Luxion, Schneider (6), and Siemens.

Advisories

FortiGuard Advisory #1 - FortiGuard published an advisory that discusses the DirtyPipe vulnerability in thier FortiProxy & FortiSIEM products.

FortiGuard Advisory #2 - FortiGuard published an advisory that describes an OS command injection vulnerability in their FortiADC & FortiDDoS & FortiDDoS-F products.

FortiGuard Advisory #3 - FortiGuard published an advisory that describes a cross-site scripting vulnerability in their FortiADC product.

FortiGuard Advisory #4 - FortiGuard published an advisory that describes an improper certificate validation vulnerability in their FortiAnalyzer & FortiManager products.

FortiGuard Advisory #5 - FortiGuard published an advisory that describes an improper input validation vulnerability in their FortiAnalyzer products.

FortiGuard Advisory #6 - FortiGuard published an advisory that describes a reflected cross-site scripting vulnerability in their FortiAuthenticator product.

FortiGuard Advisory #7 - FortiGuard published an advisory that describes a privilege escalation vulnerability in their FortiClient (Mac).

FortiGuard Advisory #8 - FortiGuard published an advisory that describes an arbitrary file creation vulnerability in their FortiClient (Windows).

FortiGuard Advisory #9 - FortiGuard published an advisory that describes an improper write access vulnerability in their FortiClient (Windows).

FortiGuard Advisory #10 - FortiGuard published an advisory that describes an arbitrary file creation vulnerability in their FortiClientWindows.

FortiGuard Advisory #11 - FortiGuard published an advisory that describes an improper access control vulnerability in their FortiGate product.

FortiGuard Advisory #12 - FortiGuard published an advisory that describes an information disclosure vulnerability in their FortiNAC product.

FortiGuard Advisory #13 - FortiGuard published an advisory that describes an improper access control vulnerability in their FortiOS & FortiProxy products.

FortiGuard Advisory #14 - FortiGuard published an advisory that describes a cross-site scripting vulnerability in their FortiOS & FortiProxy products.

FortiGuard Advisory #15 - FortiGuard published an advisory that describes an open-redirect vulnerability in their FortiOS & FortiProxy products.

FortiGuard Advisory #16 - FortiGuard published an advisory that describes an improper access control vulnerability in their FortiPresence.

FortiGuard Advisory #17 - FortiGuard published an advisory that describes an improper access control vulnerability in their FortiPresence.

FortiGuard Advisory #18 - FortiGuard published an advisory that describes a server-side template injection vulnerability in their FortiSOAR product.

FortiGuard Advisory #19 - FortiGuard published an advisory that describes an SQL injection vulnerability in their FortiSandbox product.

FortiGuard Advisory #20 - FortiGuard published an advisory that describes an execute unauthorized code or commands vulnerability in their FortiSandbox & FortiDeceptor products.

FortiGuard Advisory #21 - FortiGuard published an advisory that describes an OS command injection vulnerability in their FortiWeb & FortiADC products.

FortiGuard Advisory #22 - FortiGuard published an advisory that describes a cross-site scripting vulnerability in their FortiWeb product.

Luxion Advisory - Luxion published an advisory that discusses an out-of-bounds write vulnerability in their KeyShot product.

Schneider Advisory #1 - Schneider published an advisory that discusses three vulnerabilities in a number of CODESYS based Schneider products.

Schneider Advisory #2 - Schneider published an advisory that describes an improper input validation vulnerability in their Conext™ Gateway/ InsightHome and InsightFacility.

Schneider Advisory #3 - Schneider published an advisory that describes two vulnerabilities in their EcoStruxure™ Control Expert product.

Schneider Advisory #4 - Schneider published an advisory that describes three vulnerabilities in their Easy UPS Online Monitoring Software.

Schneider Advisory #5 - Schneider published an advisory that describes two improper check for unusual or exceptional conditions vulnerabilities in their Modicon PLCs and PACs.

Schneider Advisory #6 - Schneider published an advisory that describes an uncontrolled search path vulnerability in their Easergy Builder installer.

Siemens Advisory - Siemens published an advisory that discusses an improper restriction of operations within the bounds of a memory buffer vulnerability in their Solid Edge products.

 

For more details about these disclosures, including links to researcher reports, 3^rd party advisories an exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-fcb - subscription required.