Review – Public ICS Disclosures – Week of 11-4-23 – Part 1

This week we have 23 vendor disclosures from Broadcom (15), Fuji Electric, GE Gas Power, GE Grid Solutions (4), and Hitachi (2).

Advisories

Broadcom Advisory #1 - Broadcom published an advisory that discusses an unquoted search path or element vulnerability in their Fabric OS.

Broadcom Advisory #2 - Broadcom published an advisory that describes a missing HTTP headers vulnerability in their Brocade ASCG products.

Broadcom Advisory #3 - Broadcom published an advisory that discusses a use after free vulnerability in their Fabric OS products.

Broadcom Advisory #4 - Broadcom published an advisory that discusses a missing authentication for critical function vulnerability in their Brocade ASG.

Broadcom Advisory #5 - Broadcom published an advisory that discusses an arbitrary code execution vulnerability in their Brocade ASCG OVA.

Broadcom Advisory #6 - Broadcom published an advisory that discusses an out-of-bounds write vulnerability in their Brocade ASGC product.

Broadcom Advisory #7 - Broadcom published an advisory that discusses an infinite loop vulnerability in their Brocade ASCG OVA product.

Broadcom Advisory #8 - Broadcom published an advisory that describes in improper input validation vulnerability in their Brocade Active Support Connectivity Gateway (ASC-G).

Broadcom Advisory #9 - Broadcom published an advisory that discusses an infinite loop vulnerability in their Brocade ASCG OVA product.

Broadcom Advisory #10 - Broadcom published an advisory that discusses four vulnerabilities in their Brocade ASCG product.

Broadcom Advisory #11 - Broadcom published an advisory that discusses an improper verification of cryptographic signature in their Brocade ASCG product.

Broadcom Advisory #12 - Broadcom published an advisory that discusses an OS command injection vulnerability in their Fabric OS product.

Broadcom Advisory #13 - Broadcom published an advisory that discusses a NULL pointer dereference vulnerability in their Brocade SANnav product.

Broadcom Advisory #14 - Broadcom published an advisory that discusses an improper input validation vulnerability in their Brocade ASCG.

Broadcom Advisory #15 - Broadcom published an advisory that discusses an integer overflow or wraparound vulnerability in their Brocade ASCG OVA product.

Fuji Advisory - JP-CERT published an advisory that describes seven vulnerabilities in the Fuji Electric TELLUS and V-Server products.

GE Gas Power Advisory - GE Gas Power published an advisory that discusses the web UI feature in Cisco IOS XE vulnerabilities.

GE Grid Solutions Advisories - GE Grid Solutions published 4 advisories for vulnerabilities in their D20MX Substation Controller, D400 Advanced Substation Gateway, G100 Advanced Substation Gateway, and G500 Advanced Substation Gateway products.

Hitachi Advisory #1 - Hitachi published an advisory that discusses 74 vulnerabilities in their Disc Array products.

Hitachi Advisory #2 - Hitachi published an advisory that discusses three Unauthorized update vulnerabilities in multiple Hitachi products.

 

For more details about these disclosures, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-517 - subscription required.