Review – Public ICS Disclosures – Week of 9-9-23 – Part 2

For Part 2 we have four vendor disclosures from Schneider and Siemens (3). We also have fourteen updates from Siemens. Finally, we have four exploits for products from Ivanti, OpenPLC, Splunk, and VMware.

Advisories

Schneider Advisory - Schneider published an advisory that describes a missing authentication for critical function vulnerability in their Update Service for the IGSS (Interactive Graphical SCADA System) product.

Siemens Advisory #1 - Siemens published an advisory that describes seven vulnerabilities in their Teamcenter Visualization and JT2Go products.

Siemens Advisory #2 - Siemens published an advisory that describes an insertion of sensitive information in an externally-accessible file or directory in their SIMATIC PCS neo Administration Console.

Siemens Advisory #3 - Siemens published an advisory that describes an incorrect permission assignment for critical resource vulnerability in their Spectrum Power 7 product.

Updates

Siemens Update #1 - Siemens published an update for their SIMATIC S7-1500 TM MFP advisory that was originally published on June 13^th, 2023.

Siemens Update #2 - Siemens published an update for their SIMATIC S7-1500 TM MFP Linux kernel advisory that was originally published on June 13^th, 2023 and most recently updated on August 8^th, 2023.

Siemens Update #3 - Siemens published an update for their n RUGGEDCOM ROS advisory that was originally published on November 8^th, 2022 and most recently updated on April 11^th, 2023.

Siemens Update #4 - Siemens published an update for their Tecnomatix Plant Simulation advisory that was originally published on July 11^th, 2023 and most recently updated on August 8^th, 2023.

Siemens Update #5 - Siemens published an update for their OpenSSL component advisory that was originally published on June 14^th, 2022, and most recently updated on July 11^th, 2023.

Siemens Update #6 - Siemens published an update for their QMS Automotive advisory that was originally published on November 8^th, 2022.

Siemens Update #7 - Siemens published an update for their SIPROTEC 5 Devices advisory that was originally published on December 13^th, 2022 and most recently updated on May 9^th, 2023.

Siemens Update #8 - Siemens published an update for their e Web Server Login Page of Industrial Controllers advisory that was originally published on November 8^th, 2022 and most recently updated on August 8^th, 2023.

Siemens Update #9 - Siemens published an update for their RUGGEDCOM APE1808 advisory that was originally published on February 14^th, 2023.

Siemens Update #10 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on November 27^th, 2018 and most recently updated on August 8^th, 2023.

Siemens Update #11 - Siemens published an update for their Denial of Service Vulnerabilities in Industrial Products advisory that was originally published on December 13^th, 2022 and most recently updated on July 11^th, 2023.

Siemens Update #12 - Siemens published an update for their SIPROTEC 5 Devices advisory that was originally published on April 11^th, 2023 and most recently updated on May 9^th, 2023.

Siemens Update #13 - Siemens published an update for their OpenSSL X.400 advisory that was originally published on August 8^th, 2023.

Siemens Update #14 - Siemens published an update for their OpenSSL RSA Decryption in SIMATIC Products advisory that was originally published on August 8^th, 2023.

Exploits

Ivanti Exploit - Jheysel-r7, James Horseman, and Zach Hanley published a Metasploit module for an incorrect authorization vulnerability in the Ivanti Sentry product.

OpenPLC Exploit - Kai Feng published an exploit for a buffer overflow vulnerability in the OpenPLC webserver.

Splunk Exploit - RedWay Security and Santiago Lopez published an exploit for a privilege escalation vulnerability in the Splunk Enterprise product.

VMware Exploit - Ege Balci published an exploit for three vulnerabilities in the VMware vRealize Log.

 

For more details about these disclosures, including a summary of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-934 - subscription required.