Review – Public ICS Disclosures – Week of 6-3-23

This week we have 10 vendor disclosures from Broadcom, Fuji Electric, GE Gas Power, Johnson Controls, Moxa, Philips, VMware, WolfSSL, and Zyxel (2). We also have a vendor update from HPE. There are 17 researcher reports for products from Suprema (4), Control ID (5), and Connected IO (8). Finally, we have 2 exploits for products from Zyxel and Delta Electronics.

Advisories

Broadcom Advisory - Broadcom published an advisory that discusses an SQL injection vulnerability in multiple products.

Fuji Advisory - JP-CERT published an advisory that describes the eight vulnerabilities in multiple Fuji server products.

GE Advisory - GE published an advisory that discusses four vulnerabilities in their Control Server Virtual HMIs and ThickClient HMIs.

Moxa Advisory - Moxa published an advisory that describes a weak cryptographic algorithm vulnerability in the CN2600 Series terminal servers

Philips Advisory - Philips published an advisory that discusses the MoveIT SQL injection vulnerability.

VMware Advisory - VMware published an advisory that describes three vulnerabilities in their VMware Aria Operations for Networks product.

WolfSSL Advisory - WolfSSL published a change log for a new version of their SSL product that reports two vulnerabilities in the previous version that are being fixed in the new release.

Zyxel Advisory #1 - Zyxel published an advisory that describes a buffer overflow vulnerability in their 4G LTE and 5G NR outdoor routers.

Zyxel Advisory #2 - Zyxel published an advisory that describes a privilege escalation vulnerability in their GS1900 series switches.

Updates

HPE Update - HPE published an update for their Aruba OpenSSL advisory that was originally published on February 15^th, 2023 and most recently updated on May 22^nd, 2023.

Researcher Reports

Suprmema Reports - Claroty published four reports about individual vulnerabilities in the Suprema BioStar security platform.

Control ID Reports - Claroty published five reports about individual vulnerabilities in the Control ID iDSecure product.

Connected IO Reports #1-4 - Claroty published four reports about individual vulnerabilities in the Control IO ER2000 edge router.

Connected IO Reports #5-8 - Claroty published four reports about individual vulnerabilities in the Control IO IDSecure product.

Exploits

Zyxel Exploit - Sf published a Metasploit module for a command injection vulnerability in the Zyxel firewalls.

Delta Exploit - Shelby Pace published a Metasploit module for a deserialization of untrusted data vulnerability in the Delta InfraSuite Device Master.

 

For more details about these disclosures, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-f21 - subscription required.