Review – Public ICS Disclosures – Week of 11-11-23 – Part 2

For Part 2 we have eight additional vendor disclosures from Schneider (3), Siemens (2), VMware, and Wireshark (2). There are 21 updates from Broadcom, Cisco, Mitsubishi, and Siemens (18). There are four researcher reports for products from Ashlar-Vellum.

Advisories

Schneider Advisory #1 - Schneider published an advisory that describes two vulnerabilities in their s PowerLogic ION8650 and ION8800 products.

Schneider Advisory #2 - Schneider published an advisory that describes two vulnerabilities in their s EcoStruxure™ Power products.

Schneider Advisory #3 - Schneider published an advisory that describes a path traversal vulnerability in their Galaxy VS and VL.

Siemens Advisory #1 - Siemens published an advisory that describes two vulnerabilities in their Simcenter Femap product.

Siemens Advisory #2 - Siemens published an advisory that describes seven vulnerabilities in their Tecnomatix Plant Simulation product.

VMware Advisory - VMware published an advisory that describes an authentication bypass vulnerability in their Cloud Director Appliance.

Wireshark Advisory #1 - Wireshark published an advisory that describes an SSH dissector crash vulnerability.

Wireshark Advisory #2 - Wireshark published an advisory that describes an SSH dissector crash vulnerability.

Updates

Broadcom Update - Broadcom published an update for their GNU Coreutils advisory that was originally published on November 14^th, 2023 and most recently updated on November 10^th, 2023.

Cisco Update - Cisco published an update for their HTTP/2 Rapid Reset Attack advisory that was originally published on October 16^th, 2023 and most recently updated on November 9^th, 2023.

Mitsubishi Update - Mitsubishi published an update for their GENESIS64 advisory that was originally published on December 13^th, 2022 and most recently updated on August 3^rd, 2023.

Siemens Update #1 - Siemens published an update for their SIMATIC IPCs advisory that was originally published on September 12^th, 2023.

Siemens Update #2 - Siemens published an update for their Open Design Alliance Drawings SDK advisory that was originally published on June 13^th, 2023.

Siemens Update #3 - Siemens published an update for their RUGGEDCOM ROS devices advisory that was originally published on August 8^th, 2023.

Siemens Update #4 - Siemens published an update for their RUGGEDCOM ROS advisory that was originally published on July 12^th, 2022 and most recently updated on April 11^th, 2023.

Siemens Update #5 - Siemens published an update for their SIMATIC S7-1500 TM MFP V1.0 advisory that was originally published on June 13^th, 2023 and most recently updated on September 12^th, 2023.

Siemens Update #6 - Siemens published an update for their SIMATIC S7-1500 TM MFP V1.0 advisory that was originally published on June 13^th, 2203 and most recently update on September 12^th, 2023.

Siemens Update #7 - Siemens published an update for their RUGGEDCOM ROS devices advisory that was originally published on November 8^th, 2022 and most recently updated on September 12^th, 2023.

Siemens Update #8 - Siemens published an update for their RUGGEDCOM ROS Devices advisory that was originally published on August 8^th, 2023.

Siemens Update #9 - Siemens published an update for their RUGGEDCOM ROS Devices advisory that was originally published on March 8^th, 2022 and most recently updated on March 14^th, 2023.

Siemens Update #10 - Siemens published an update for their OPC UA Implementations of SIMATIC Products advisory that was originally published on September 12^th, 2023 and most recently updated on October 10^th, 2023.

Siemens Update #11 - Siemens published an update for their OPC Foundation advisory that was originally published on April 11^th, 2023 and most recently updated on August 8^th, 2023.

Siemens Update #12 - Siemens published an update for their RUGGEDCOM APE1808 devices advisory that was originally published on October 10^th, 2023.

Siemens Update #13 - Siemens published an update for their SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP advisory that was originally published on November 27^th, 2018 and most recently updated on October 10th, 2023.

Siemens Update #14 - Siemens published an update for their Parasolid and Teamcenter Visualization advisory that was originally published on August 8^th, 2023.

Siemens Update #15 - Siemens published an update for their SIMATIC WinCC Kiosk Mode advisory that was originally published on May 10^th, 2022 and most recently updated on October 10^th, 2023.

Siemens Update #16 - Siemens published an update for their Industrial Products using Intel CPUs advisory that was originally published on August 10^th, 2021 and most recently updated on May 9^th, 2023.

Siemens Update #17 - Siemens published an update for their Insyde BIOS Vulnerabilities advisory that was originally published on February 22^nd, 2022 and most recently updated on August 8^th, 2023.

Research Reports

Ashlar-Vellum Reports - The Zero Day Initiative published four reports about vulnerabilities in the Ashlar-Vellum Lithium products.

 

For more details about these disclosures, including summaries of changes made in updates and links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-66a - subscription required.