Review – Public ICS Disclosures – Week of 12-9-23 – Part 2

For Part 2 we have nine additional vendor disclosures for products from Phoenix Contact (6), Schneider (2), and VMware. There are 18 vendor updates from Mitsubishi, Schneider, Siemens (15), and Sierra Wireless. We also have seven researcher reports for vulnerabilities in products from EisBaer, Finally, we have two exploits for products from Atos and Splunk.

Advisories

Phoenix Contact Advisory #1 - Phoenix Contact published an advisory that describes an incorrect permissions assignment for a critical resource vulnerability in their MULTIPROG Engineering tool and ProConOS eCLR SDK.

Phoenix Contact Advisory #2 - Phoenix Contact published an advisory that describes an incorrect permissions assignment for a critical resource vulnerability in their Automation Worx Software Suite and classic line industrial controllers.

Phoenix Contact Advisory #3 - Phoenix Contact published an advisory that describes an incorrect permissions assignment for a critical resource vulnerability in their PLCnext Control.

Phoenix Contact Advisory #4 - Phoenix Contact published an advisory that describes a download of code without integrity check vulnerability in their MULTIPROG Engineering tool and ProConOS eCLR SDK.

Phoenix Contact Advisory #5 - Phoenix Contact published an advisory that describes a download of code without integrity check vulnerability in their Automation Worx Software Suite and classic line industrial controllers.

Phoenix Contact Advisory #6 - Phoenix Contact published an advisory that describes a download of code without integrity check vulnerability in their PLCnext Control.

Schneider Advisory #1 - Schneider published an advisory that discusses a missing authorization vulnerability (that is listed in CISA’s Known Exploited Vulnerabilities Catalog) in their Plant iT/Brewmaxx product.

Schneider Advisory #2 - Schneider published an advisory that describes two vulnerabilities in their Trio License-Free Radio products.

VMware Advisory - VMware published an advisory that describes a privilege escalation vulnerability in their Workspace ONE Launcher.

Updates

Mitsubishi Update - Mitsubishi published an update for their FA Engineering Software advisory that was originally published on November 24^th, 2022 and most recently updated on June 29^th, 2023.

Schneider Update - Schneider published an update for their PowerLogic advisory that was originally published on November 14^th, 2023.

Siemens Update #1 - Siemens published an update for their TIA Portal advisory that was originally published on June 13^th, 2023.

Siemens Update #2 - Siemens published an update for their LOGO! Soft Comfort advisory that was originally published on April 13^th, 2023.

Siemens Update #3 - Siemens published an update for their LOGO! 8 BM Devices advisory that was originally published on October 11^th, 2023.

Siemens Update #4 - Siemens published an update for their SIMATIC S7-1500 TM MFP V1.0 advisory that was originally published on June 13^th, 2023 and most recently updated on November 14^th, 2023.

Siemens Update #5 - Siemens published an update for their SIMATIC S7-1500 TM MFP V1.0 advisory that was originally published on June 13^th, 2023 and most recently updated on November 14^th, 2023.

Siemens Update #6 - Siemens published an update for their LOGO! 8 BM advisory that was originally published on March 9^th, 2021.

Siemens Update #7 - Siemens published an update for their OPC UA Implementations of SIMATIC Products advisory that was originally published on September 12^th, 2023 and most recently updated on October 10^th, 2023.

Siemens Update #8 - Siemens published an update for their n SCALANCE XB-200 advisory that was originally published on November 14^th, 2023.

Siemens Update #9 - Siemens published an update for their Boot Loader of RUGGEDCOM ROS Devices advisory that was originally published on December 10^th, 2019 and most recently updated on September 13^th, 2022.

Siemens Update #10 - Siemens published an update for their S7-1500 CPU devices advisory that was originally published on January 10^th, 2023 and most recently updated on March 14^th, 2023.

Siemens Update #11 - Siemens published an update for their GNU/Linux subsystem of the SIMATIC S7-1500 advisory that was originally published on November 27^th, 2018, and most recently updated on November 14^th, 2023.

Siemens Update #12 - Siemens published an update for their OpenSSL X.400 Address Processing in SIMATIC Products advisory that was originally published on August 8^th, 2023 and most recently updated on September 12^th, 2023.

Siemens Update #13 - Siemens published an update for their OpenSSL RSA Decryption in SIMATIC Products that was originally published on August 8^th, 2023 and most recently updated on November 14^th, 2023.

Siemens Update #14 - Siemens published an update for their RUGGEDCOM ROS advisory that was originally published on March 8^th, 2022 and most recently updated on April 11^th, 2023.

Siemens Update #15 - Siemens published an update for their WIBU Vulnerability in Industrial Products advisory that was originally published on September 12^th, 2023 and most recently updated on October 10^th, 2023.

Sierra Wireless Update - Sierra Wireless published an update to their ALEOS Security Advisory that was originally published on November 28^th, 2023 and most recently updated on December 7^th, 2023.

Researcher Reports

EisBaer Researcher Report - Claroty Team88 published seven reports on individual vulnerabilities in the EisBaer Scada.

Exploits

Atos Exploit - Armin Weihbold published an exploit for an argument injection vulnerability in the Atos Unify OpenScape Session Border Controller.

Splunk Exploit - Valentin Lobstein published a Metasploit module for an XML injection vulnerability in the Splunk Enterprise product.

 

For more details about these disclosures, including a brief description of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-5a1 - subscription required.