Review – Public ICS Disclosures – Week of 4-20-24 – Part 1

This week for Part 1 we have 16 vendor disclosures from Belden, Broadcom (7), Hitachi (2), HP, HPE, Meinberg, Moxa, Omron (2), and Palo Alto Networks.

NVD.NIST.gov updated their ‘Program Announcement’ page this week. This page is designed to keep folks up-to-date on the problems that NIST is having with keeping up with the analysis of CVE’s. No real new information has been added.

Advisories

Belden Advisory - Belden published an advisory that describes an improper authentication vulnerability in their Hirchsmann HiEOS devices.

Broadcom Advisory #1 - Broadcom published an advisory that describes an insertion of sensitive data into log file vulnerability in their Brocade SANnav products.

Broadcom Advisory #2 - Broadcom published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Brocade SANnav products.

Broadcom Advisory #3 - Broadcom published an advisory that describes an insecure HTTPS configuration vulnerability in their Brocade Fabric OS and Brocade SANnav products.

Broadcom Advisory #4 - Broadcom published an advisory that describes a clear-text transmission of sensitive information vulnerability in their Brocade Fabric OS and Brocade SANnav products.

Broadcom Advisory #5 - Broadcom published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Brocade Fabric OS and Brocade SANnav products.

Broadcom Advisory #6 - Broadcom published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Brocade SANnav product.

Broadcom Advisory #7 - Broadcom published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Brocade SANnav product.

Hitachi Advisory #1 - Hitachi published an advisory that describes an insertion of sensitive information into log file vulnerability in their Ops Center Administrator product.

Hitachi Advisory #2 - Hitachi published an advisory that describes a sensitive cookie in HTTPS session without ‘secure’ attribute vulnerability in their Ops Center Analyzer product.

HP Advisory - HP published an advisory that describes an escalation of privilege vulnerability in their Software Packages (SoftPaqs).

HPE Advisory - HPE published an advisory that discusses six vulnerabilities in their SAN Switches.

Meinberg Advisory - Meinberg published an advisory that discusses eleven vulnerabilities (three with known exploits) in their Lantime product. These are third-party vulnerabilities.

Moxa Advisory - Moxa published an advisory that discusses three vulnerabilities in their AIG-301 series products.

Omron Advisory #1 - Omron published an advisory that describes a free of pointer not at start of buffer vulnerability in their CX-One and Sysmac Studio products.

Omron Advisory #2 - Omron published an advisory that describes an out-of-bounds read vulnerability in their CS-Programmer product.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that describes an endpoint protection bypass vulnerability in their Cortex XDR agent.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-534 - subscription required.