Review – Public ICS Disclosures – Week of 2-26-24

This week we have 12 vendor disclosures from Aruba Networks, CODESYS, Dell, Festo, Hikvision, Hitachi Energy, HP, Moxa, Philips, SMA, Wiesemann & Theis, and VMware. There are four vendor updates from Hitachi Energy. There is a researcher report for a vulnerability in products from Qognify. Finally, we have three exploits for products from Automatic Systems (2), and Saflok.

Advisories

Aruba Advisory - Aruba published an advisory that describes ten vulnerabilities in their ClearPass Policy Manager product.

CODESYS Advisory - CODESYS published an advisory that describes an OS command injection vulnerability in their Control V3 on Linux and QNX operating systems product.

Dell Advisory - Dell published an advisory that discusses TPM Interposer BitLocker research.

Festo Advisory - CERT-VDE published an advisory that discusses 140 vulnerabilities in the Festo MES PCs.

Hikvision Advisory - Hikvision published an advisory that describes two improper server-side validation vulnerabilities in their HikCentral Professional product.

Hitachi Energy Advisory - Hitachi Energy published an advisory that discusses the Terrapin-Attack vulnerability.

HP Advisory - HP published an advisory that discusses 133 vulnerabilities in their ThinPro product. These are third-party vulnerabilities.

Moxa Advisory - Moxa published an advisory that describes a confused deputy vulnerability in their EDS-4000/G4000 Series products.

Philips Advisory - Philips published an advisory that discusses a use after free vulnerability in their EarlyVue VS30.

SMA Advisory - Incibe-CERT published an advisory that describes two vulnerabilities in the SMA Cluster Controller and Sunny Webbox products.

Wiesemann & Theis Advisory - CERT-VDE published an advisory that describes an unquoted search path vulnerability in multiple Wieseman & Theis products.

VMware Advisory - VMware published an advisory that describes an out-of-bounds read vulnerability in their Workstation Pro and Fusion products.

Updates

Hitachi Energy Update #1 - Hitachi Energy published an update for their RTU500 advisory that was originally published on December 19^th, 2023.

Hitachi Energy Update #2 - Hitachi Energy published an update for their RTU500 advisory that was originally published on November 28^th, 2023 and most recently updated on December 13^th, 2023.

Hitachi Energy Update #3 - Hitachi Energy published an update for their OpenSSL advisory that was originally published on April 25^th, 2023.

Hitachi Energy Update #4 - Hitachi Energy published an update for their IEC 61850 MMS-Server advisory that was originally published on February 14^th, 2023.

Researcher Reports

Qognify Report - SEC Consult published a report that describes an uncontrolled search path element in the Qognify VMS Client Viewer.

Exploits

Automatic Systems Exploit #1 - Marcin Kozlowski published an exploit for a path traversal vulnerability in the Automatic-Systems SOC FL9600 FastLine.

Automatic Systems Exploit #2 - Marcin Kozlowski published an exploit for a use of hard-coded credentials vulnerability in the Automatic-Systems SOC FL9600 FastLine product.

Saflok Exploit - A51199deefa2c2520cea24f746d899ce published an exploit for a key derivativation vulnerability in the Saflok System 6000.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-584 - subscription required.