Review – Public ICS Disclosures – Week of 11-18-23 – Part 1

This week we have 20 vendor disclosures from Eaton, FortiGuard (3), Hikvision (3), HP (9), HPE (3), and Meinberg.

Advisories

Eaton Advisories - Eaton published an advisory that describes an improper access control vulnerability in multiple Eaton products.

FortiGuard Advisory #1 - FortiGuard published an advisory that discusses two vulnerabilities in their FortiGate products.

FortiGuard Advisory #2 - FortiGuard published an advisory that describes an improper validation of integrity check value vulnerability in their FortiOS and FortiProxy products.

FortiGuard Advisory #3 - FortiGuard published an advisory that describes a numeric truncation error in their FortiOS and FortiProxy SSL VPN.

Hikvision Advisory #1 - Hikvision published an advisory that describes a buffer overflow vulnerability in their NVR/DVR Devices.

Hikvision Advisory #2 - Hikvision published an advisory that describes two vulnerabilities in their LocalServiceComponents application.

Hikvision Advisory #3 - Hikvision published an advisory that describes an authentication bypass vulnerability in multiple Hikvision products.

HP Advisory #1 - HP published an advisory that discusses an incorrect permission assignment for critical resource vulnerability in multiple HP computers.

HP Advisory #2 - HP published an advisory that discusses an uncontrolled search path element vulnerability in multiple HP computers.

HP Advisory #3 - HP published an advisory that discusses five vulnerabilities in multiple HP computers.

HP Advisory #4 - HP published an advisory that discusses an improper access control vulnerability in multiple HP workstations.

HP Advisory #5 - HP published an advisory that discusses seven vulnerabilities in multiple HP computers.

HP Advisory #6 - HP published an advisory that discusses an improper access control vulnerability in multiple HP computers.

HP Advisory #7 - HP published an advisory that discusses an uncontrolled search path element vulnerability in multiple HP computers.

HP Advisory #8 - HP published an advisory that discusses two improper input validation vulnerabilities in multiple HP computers.

HP Advisory #9 - HP published an advisory that discusses four vulnerabilities in multiple HP computers.

HPE Advisory #1 - HPE published an advisory that discuss an improper or unexpected behavior of the INVD instruction vulnerability in their ProLiant DL/DX/XL servers.

HPE Advisory #2 - HPE published an advisory that discusses sequence of processor instructions leads to unexpected behavior vulnerability in their Edgeline Servers.

HPE Advisory #3 - HPE published an advisory that discusses an improper certificate validation vulnerability in their UX OpenSSL product.

Meinberg Advisory - Meinberg published an advisory that discusses seven vulnerabilities in their Lantime product.

 

For more details about these disclosures, including links to third-party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-dda - subscription required.