Review – Public ICS Disclosures – Week of 4-6-24 – Part 2

For part two we have three additional vendor disclosures from B&R, Schneider and Welotec. We also have 13 vendor updates from HP (2) and Siemens (11). Finally, there are four researcher reports for vulnerabilities in products from TP-Link.

Advisories

B&R Advisory - B&R published an advisory that discusses four vulnerabilities (one with known exploit) in their APC4100, APC910, and PPC900 products.

Schneider Advisory - Schneider published an advisory that discusses an improper privilege management vulnerability in their Easergy Studio product.

Welotec Advisory - CERT-VDE published an advisory that describes two vulnerabilities in the Welotec TK500v1 router series.

Updates

HP Update #1 - HP published an update for their PC Bios advisory that was originally published on March 12^th, 2024.

HP Update #2 - HP published an update for their March 2024 BIOS security advisory that was originally published on March 13^th, 2024.

Siemens Update #1 - Siemens published an update for their FortiGate NGFW advisory that was originally published on March 12^th, 2024.

Siemens Update #2 - Siemens published an update for their SIMATIC S7-1500 BIOS advisory that was originally published on June 16^th, 2023 and most recently updated on December 12^th, 2023.

Siemens Update #3 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on June 13^th, 2023 and most recently updated on February 13^th, 2024.

Siemens Update #4 - Siemens published an update for their SIMATIC WinCC advisory that was originally published on February 13^th, 2024.

Siemens Update #5 - Siemens published an update for their Scalance W1750D advisory that was originally published on February 13^th, 2024.

Siemens Update #6 - Siemens published an update for their OpenSSL advisory that was originally published on June 14^th, 2022 and most recently updated on January 9^th, 2024.

Siemens Update #7 - Siemens published an update for their OPC UA Implementation advisory was originally published on September 12^th, 2023 and most recently updated on February 13^th, 2024.

Siemens Update #8 – Siemens published an update for their OPC Foundation advisory that was originally published on April 11th, 2023 and most recently updated on November 14^th, 2023.

Siemens Update # 9 - Siemens published an update for their SCALANCE W700 advisory that was originally published on November 14^th, 2023.

Siemens Update #10 - Siemens published an update for their SIMATIC S7-1500 advisory that was or published on December 12th, 2023 and most recently updated on March 12^th, 2024.

Siemens Update #11 - Siemens published an update for their OpenSSL Vulnerabilities advisory that was originally published on March 14^th, 2023 and most recently updated on October 10^th, 2023.

Researcher Reports

TP-Link Reports - Talos published four reports describing twelve vulnerabilities in the TP-Link AC1350 Wireless MU-MIMO Gigabit Access Point.

 

For more information on these disclosures, including links to third parties advisories and summaries of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-fd8 - subscription required.