Review – Public ICS Disclosures – Week of 3-23-24 – Part 2

For Part 2 we have eight additional vendor disclosures from SEL, SonicDICOM, Splunk (4), Watchguard, and Wireshark. There are also five vendor updates from ELECOM, Hitachi Energy (3), and HP. We also have three researcher reports for vulnerabilities in products from Hikvision, Kunbus, and Uniview. Finally, we have two exploits for products from Dell and Watchguard.

Advisories

SEL Advisory - SEL published a notification of a new version of their SEL-5813 Backup and Recovery Tool (BaRT) which includes a cybersecurity enhancement.

SonicDICOM Advisory - JP Cert published an advisory that discusses a use after free vulnerability in the SonicDICOM Media Viewer.

Splunk Advisory #1 - Splunk published an advisory that describes an insertion of sensitive information into log files vulnerability in the Debug Log in their Enterprise product.

Splunk Advisory #2 - Splunk published an advisory that describes an improper input validation vulnerability in the Dashboard Examples Hub of their Enterprise product.

Splunk Advisory #3 - Splunk published an advisory that discusses four vulnerabilities in their Enterprise product.

Splunk Advisory #4 - Splunk published an advisory that discusses two vulnerabilities in their Universal Forwarder product.

Watchguard Advisory - Watchguard published an advisory that describes a code injection vulnerability in their AuthPoint Password Manager extension for MacOS Safari.

Wireshark Advisory - Wireshark published an advisory that describes a mismatched memory management routines vulnerability in their T.38 dissector.

Updates

ELECOM Update - ELECOM published an update for their Wireless LAN routers advisory that was originally published on February 20^th, 2024.

Hitachi Energy Update #1 - Hitachi Energy published an update for their RTU500 series products advisory that was originally published on December 19^th, 2023 and most recently updated on February 27^th, 2024.

Hitachi Energy Update #2 - Hitachi Energy published an update for their RTU500 series products advisory that was originally published on November 28^th, 2023 and most recently updated on February 27^th, 2024.

Hitachi Energy Update #3 - Hitachi Energy published an update for their RTU500 series products advisory that was originally published on April 25^th, 2023 and most recently updated on February 27^th, 2024.

HP Update - HP published an update for their HP Trusted Platform Module advisory that was originally published on June 8^th, 2018.

Researcher Reports

Hikvision Report - IOActive published a report for a classic buffer overflow vulnerability in the Hikvision DS-7732NI-I4(B) network video recorder.

Kunbus Report - IOActive published a report of an off-by-one error vulnerability {that is listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog} in the Kunbus Revolution PI industrial PC.

Uniview Report - SSD-Disclosure published a report for an authentication bypass vulnerability in selected Uniview IP Cameras.

Exploits

Dell Exploit - Amirhossein Bahramizadeh published an exploit for an improper access control vulnerability in the Dell Security Management Server.

WatchGuard Exploit - Charles FOL published a Metasploit module for a buffer overflow vulnerability (that is on CISA’s KEV catalog) in the WatchGuard Firebox and XTM appliances.

 

For more information on these disclosures, including links to 3rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-ede - subscription required.