Saturday, November 25, 2023

Review – Public ICS Disclosures – Week of 11-18-23 – Part 2

For Part 2 we have seven more vendor disclosures from Mitsubishi, Philips, Phoenix Contact, Western Digital, WAGO (2), and Zyxel. There are also three updates from Hitachi Energy, HP, HPE. Finally, we have seven researcher reports about vulnerabilities in products from Thales (7).

Advisories

Mitsubishi Advisory - Mitsubishi published an advisory that describes two improper input validation vulnerabilities in their GX Works2 product.

Philips Advisory - Philips published an advisory that discusses the F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability that is listed on the CISA Known Exploited Vulnerability Catalog.

Phoenix Contact Advisory - Phoenix Contact published an advisory that discusses two vulnerabilities in products using the WIBU CodeMeter Runtime product.

Western Digital Advisory - Western Digital published an advisory that describes multiple uncontrolled search path element vulnerabilities (single CVE) in their SanDisk Security Installer for Windows product.

WAGO Advisory #1 - CERT-VDE published an advisory that describes an improper privilege management vulnerability in multiple WAGO products.

WAGO Advisory #2 - CERT-VDE published an advisory that describes an OS command injection vulnerability in WAGO managed switches.

Zyxel Advisory - Zyxel published an advisory that describes an out-of-bounds write vulnerability in their SecuExtender SSL VPN Client software.

Updates

Hitachi Energy Update - Hitachi Energy published an update for their Apache ActiveMQ advisory that was originally published on November 14th, 2023.

HP Update - HP published an update for their PROSet/Wireless WiFi and Killer™ WiFi advisory that was originally published on August 8th, 2023, and most recently updated on September 12th, 2023.

HPE Update - HPE published an update for their IceWall products advisory that was originally published on June 20th, 2023 and most recently updated on July 24th, 2023.

Researcher Reports

Thales Reports - Kaspersky published seven reports about individual vulnerabilities in the Thales Telit Cinterion products.

 

For more information on these disclosures, including links to 3rd party advisories and brief descriptions of changes in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-cec - subscription required.

Posted by at
Labels: , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */