Review – Public ICS Disclosures – Week of 3-23-24 – Part 1

This week we have 14 vendor disclosures from Aruba Networks, Dell, ELECOM (2), Hitachi (2), Hitachi Energy (3), HP, HPE (2), and Keyence (2).

Advisories

Aruba Advisory - Aruba published an advisory that describes a denial-of-service vulnerability in their wired switching products.

Dell Advisory - Dell published an advisory that discusses nine vulnerabilities (including one on CISA’s Known Exploited Vulnerabilities Catalog) in their Cyber Sense security product.

ELECOM Advisory #1 - JP-CERT published an advisory that describes three vulnerabilities in the ELECOM WRC-X3200GST3-B and WRC-G01-W wireless routers.

ELECOM Advisory #2 - JP-CERT published an advisory that describes two vulnerabilities in multiple ELECOM wireless routers.

Hitachi Advisories #1 - Hitachi published an advisory that discusses 39 vulnerabilities in their Disk Array Systems.

Hitachi Advisory #2 - Hitachi published an advisory that describes an insertion of sensitive information in log files vulnerability in their Disk Array Systems.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that describes two vulnerabilities in their MACH SCM product.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that describes two unrestricted upload of file with dangerous type vulnerabilities in their RTU500 series products.

Hitachi Energy Advisory #3 - Hitachi Energy published an advisory that describes an improper authentication vulnerability in their Asset Suite 9 product.

HP Advisory - HPE published an advisory that describes an arbitrary code execution vulnerability in multiple Desk Jet Printers.

HPE Advisory #1 - HPE published an advisory that describes a denial of service vulnerability in their IceWall products.

HPE Advisory #2 - HPE published an advisory that discusses a privilege escalation vulnerability in their StoreEasy Servers.

Keyence Advisory #1 - Keyence published an advisory that describes two vulnerabilities in their R REPLAY KV and STUDIO KV products.

Keyence Advisory #2 - Keyence published an advisory that describes a DLL search path vulnerability in their VT STUDIO product.

 

For more information on these advisories, including links to 3rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-2c5 - subscription required.