Review – Public ICS Disclosures – Week of 6-17-23

This week we have twelve vendor disclosures from FortiGuard (2), GE Gas Power, HP, HPE, Sick, Schweitzer Engineering Labs (2), Sierra Wireless, VMware, Western Digital, and Zyxel. There is also an update from GE Gas Power. We also have three researcher reports for products from Dell and an update of the OT:ICEFALL report. Finally, we have an exploit for the HiSECOS from Belden.

Advisories

FortiGuard Advisory #1 - FortiGuard published an advisory that describes a deserialization of untrusted data vulnerability in their FortiNAC.

FortiGuard Advisory #2 - FortiGuard published an advisory that describes a command injection vulnerability in their FortiNAC product

GE Gas Power Advisory - GE published an advisory that discusses five vulnerabilities in their Proficy Historian product.

HP Advisory - HP published an advisory that discusses a Time-of-Check to Time-of-Use (TOCTOU) vulnerability in their PC products using AMI UEFI Firmware.

HPE Advisory - HPE published an advisory that discusses a remote code execution vulnerability in their IceWall product modules.

Sick Advisory - Sick published an advisory that describes vulnerabilities in their SICK EventCam App.

SEL Advisory #1 - SEL announced that a new version of their SEL-5037 SEL Grid Configurator is available that mitigates undescribed cybersecurity vulnerabilities.

SEL Advisory #2 - SEL announced that a new version of their SEL-5030 acSELerator QuickSet Software is available that mitigates undescribed cybersecurity vulnerabilities.

Sierra Wireless Advisory - Sierra Wireless published an advisory that provides additional guidance on a previously disclosed improper authentication vulnerability for their routers using the AirLink Management Service (ALMS).

VMware Advisory - VMware published an advisory that describes five vulnerabilities in their vCenter Server and Cloud Foundation products.

Western Digital Advisory - Western Digital published an advisory that describes two command injection vulnerabilities in their My Cloud OS 5 Firmware.

Zyxel Advisory - Zyxel published an advisory that describes a command injection vulnerability in the NAS products. This vulnerability is listed in the CISA Known Exploited Vulnerabilities Catalog.

Updates

GE Gas Power Update - GE published an update for their Proficy Historian that was originally published on February 3^rd, 2023.

Researcher Reports

Dell Reports - Binarly published three reports describing individual vulnerabilities in the Dell Edge Gateway BIOS.

OT:ICEFALL Report - Forescout published an update of their OT:ICEFALL report.

Exploits

Belden Exploit - Dreizehnutters published an exploit for a privilege escalation vulnerability in Belden’s HiSecOS Web Server.

 

For more details on these disclosures, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-7c8 - subscription required.