Saturday, February 17, 2024

Review – Public ICS Disclosures – Week of 2-10-24 – Part 2

For Part 2 we have four additional vendor disclosures from Schneider (3) and WatchGuard. There are also ten vendor updates from Dell, Schnieder, and Siemens (8). Finally, we have two exploits for products from Vimesa and Splunk.

Advisories

Schneider Advisory #1 - Schneider published an advisory that describes three vulnerabilities in multiple Schneider products.

Schneider Advisory #2 - Schneider published an advisory that describes an improper authentication vulnerability in their Harmony Relay NFC products.

Schneider Advisory #3 - Schneider published an advisory that describes a use of hard-coded credentials vulnerability in their EcoStruxure IT Gateway product.

Updates

Dell Update - Dell published an update for their Wyse Management Suite advisory that was originally published on December 19th, 2022.

Schneider Update - Schneider published an update for their Modicon Controllers advisory that was originally published on May 14th, 2019 and most recently updated on March 14th, 2023.

Siemens Update #1 - Siemens published an update for their User Management Component advisory that was originally published on December 12th, 2023 and most recently updated on January 9th, 2024.

Siemens Update #2 - Siemens published an update for their Linux Kernel of the SIMATIC S7-1500 advisory that was originally published on June 13th, 2023 and most recently updated on January 9th, 2024.

Siemens Update #3 - Siemens published an update for their OPC UA Implementations advisory that was originally published on September 12th, 2023 and most recently updated on January 9th, 2024.

Siemens Update #4 - Siemens published an update for their GNU/Linux subsystem of the SIMATIC S7-1500 that was originally published on November 27th, 2018 and most recently updated on December 12th, 2023.

Siemens Update #5 - Siemens published an update for their DHCP Client of Nucleus RTOS advisory that was originally published on November 12th, 2023.

Siemens Update #6 - Siemens published an update for their GNU/Linux subsystem of the SIMATIC S7-1500 CPU advisory that was originally published on December 12th, 2023 and most recently updated on January 9th, 2024.

Siemens Update #7 - Siemens published an update for their Siemens Industrial Products advisory that was originally published on August 10th, 2021 and most recently updated on November 14th, 2023.

Siemens Update #8 - Siemens published an update for their IPv6 Stack of Nucleus RTOS advisory that was originally published on April 13th, 2021 and most recently updated on November 9th, 2021.

Exploits

Vimesa Exploit - LIQUIDWORM published an exploit for a denial of service vulnerability in the Vimsea Blue Plus VHF/FM radio transmitter.

Splunk Exploit - Parsa Rezaie Khiabanloo published an exploit for an information disclosure vulnerability in Splunk.

 

For more information about these disclosures, including a brief summary of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-d2a - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */