Review – Public ICS Disclosures – Week of 12-9-23 – Part 1 –

This week we have 22 vendor disclosures from ABB, Beckhoff, BD (2), Bosch (2), Cisco, FortiGuard (3), Frauscher, HPE (3), JTEKT, and Palo Alto Networks (7).

Advisories

ABB Advisory - ABB published an advisory that discusses the Apache ActiveMQ deserialization of untrusted data vulnerability that is listed on the CISA Known Exploited Vulnerabilities Catalog.

Beckhoff Advisory – CERT-VDE published an advisory that describes an open redirect vulnerability in the Beckhoff TwinCAT/BSD product.

BD Advisory #1 - BD published an advisory that discusses the Windows 7 Operating System End of Life Notice.

BD Advisory #2 - BD published an advisory that discusses an out-of-bounds write vulnerability that is listed in the CISA KEV catalog.

Bosch Advisory #1 - Bosch published an advisory that describes two improper handling of a malformed API request vulnerabilities in their BT software products

Bosch Advisory #2 - Bosch published an advisory that describes a command injection vulnerability in their Bosch IP Cameras.

Cisco Advisory - Cisco published an advisory that discusses the recent Apache Struts vulnerability.

FortiGuard Advisory #1 - FortiGuard published an advisory that describes a use of externally controlled format string vulnerability in their FortiOS, FortiProxy and FortiPAM products.

FortiGuard Advisory #2 - FortiGuard published an advisory that describes an improper access control vulnerability in their FortiOS and FortiProxy products.

FortiGuard Advisory #3 - FortiGuard published an advisory that describes a double free vulnerability in their FortiOS and FortiPAM HTTPSd daemon.

Frauscher Advisory - CERT-VDE published an advisory that describes a code injection vulnerability in the Frauscher FDS102 for FAdC/FAdCi.

HPE Advisory #1 - HPE published an advisory that discusses seven vulnerabilities in their Cray Programming Environment.

HPE Advisory #2 - HPE published an advisory that discusses six vulnerabilities in their Intelligent Management Center (iMC) product.

HPE Advisory #3 - HPE published an advisory that discusses 14 vulnerabilities in their Virtualized Telecommunication Management Information Platform (vTeMIP) application.

JTEKT Advisory - JTEKT published an advisory that describes four uncontrolled resource consumption vulnerabilities in their HMI GC-A2 series products.

Palo Alto Networks Advisory #1 - Palo Alto Networks published an advisory that describes a cross-site scripting vulnerability in their PAN-OS products.

Palo Alto Networks Advisory #2 - Palo Alto Networks published an advisory that describes a weakness introduced during design vulnerability in their PAN-OS product.

Palo Alto Networks Advisory #3 - Palo Alto Networks published an advisory that describes an unrestricted upload of file with dangerous type vulnerability in their PAN-OS product.

Palo Alto Networks Advisory #4 - Palo Alto Networks published an advisory that describes an argument injection vulnerability in their PAN-OS product.

Palo Alto Networks Advisory #5 - Palo Alto Networks published an advisory that describes an OS command injection vulnerability in their PAS-OS product.

Palo Alto Networks Advisory #6 - Palo Alto Networks published an advisory that describes an improper privilege management vulnerability in their PAN-OS product.

Palo Alto Networks Adviosry #7 - Palo Alto Networks published an advisory that describes a cross-site scripting vulnerability in their PAN-OS product.

 

For more details about these disclosures, including links to 3rd party advisories, vendor advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-9fa https://tinyurl.com/yty8yuyt- subscription required.