Review – Public ICS Disclosures – Week of 7-29-23 – Part 2

For Part 2 we have eight vendor updates for products from Broadcom (2), Fujitsu, Mitsubishi (2), Moxa (2), and Omron. Finally, we have 24 researcher reports for vulnerabilities in products from Inductive Automation (4), Triangle MicroWorks (12), and ZKTeco (8).

Updates

Broadcom Update #1 - Broadcom published an update for their Apache httpd advisory that was originally published on September 13^th, 2022.

Broadcom Update #2 - Broadcom published an update for their follow-redirects advisory that was originally published on September 13^th, 2023.

Fujitsu Update - JP-CERT published an update for their Si-R series advisory that was originally published on July 26^th, 2023.

Mitsubishi Update #1 - Mitsubishi published an update for their Genisis64 advisory that was originally published on July 19^th, 2023 and most recently updated on February 9^th, 2023.

Mitsubishi Update #2 - Mitsubishi published an update for their Genisis64 advisory that was originally published on December 13^th, 2022 and most recently updated on February 9^th, 2023.

Moxa Update #1 - Moxa published an update for their NPort 5110 Series advisory that was originally published on June 10^th, 2022 and most recently updated on July 28^th, 2023.

Moxa Update #2 - Moxa published an update for their multiple switch series advisory that was originally published on June 14^th, 2023 and most recently updated on July 7^th, 2023.

Omron Update - Omron published an update for their CX-Drive advisory that was originally published on April 24^th, 2023.

Researcher Reports

Inductive Automaton Reports - The Zero Day Initiative published four reports of individual vulnerabilities in the Inductive Automation Ignition product.

Triangle MicroWorks Reports - The Zero Day Initiative published 12 reports of individual vulnerabilities in the Triangle MicroWorks SCADA Gateway product.

ZKTeco Reports #1-4 - Claroty published four reports for individual vulnerabilities in the ZKTeco BioAccess product.

ZKTeco Reports #5-8 - Claroty published four reports for individual vulnerabilities in the ZKTeco BioTime product.

 

For more details about these disclosures, including summary of changes in advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-bf5 - subscription required.