For Part 2 we have two more vendor disclosures from WatchGuard (2). There are also 23 vendor updates from Hitachi Energy, HP (2), HPE (19), and Moxa. Finally, we have four researcher reports describing vulnerabilities in products from Emerson, Plug&Track, Siemens, and TP-Link.
Advisories
WatchGuard Advisory #1 - WatchGuard published an
advisory that describes a privilege escalation vulnerability in their
Mobile VPN product.
WatchGuard Advisory #2 - WatchGuard published an advisory that describes a buffer overflow vulnerability in their Fireware OS product.
Updates
Hitachi Energy Update - Hitachi Energy published an
update for their IEDConnectivity Packages advisory that was originally
published on November 15th, 2022.
HP Update #1 - HP published an
update for their AMD SPI Lock Bypass advisory that was originally published
on June 11th, 2024 and most recently updated on June 18th,
2024.
HP Update #2 - HP published an
update for their Plantronics Hub advisory that was originally published on
December 20th, 2023 and most recently updated on May 10th,
2024.
HPE Updates - HPE continued updating older Aruba
advisories to their HPE format, updating 19 advisories this week.
Moxa Advisory - Moxa published an update for their AWK-3131A Series that was originally published on February 24th, 2020 and most recently updated on June 3rd, 2020.
Researcher Report
Emerson Report - Claroty published a report
describing four vulnerabilities in the Emerson Rosemount 370XA gas
chromatograph.
Plug&Track Report - Nozomi Networks published a
report that describes seven vulnerabilities in products from Plug&Track.
Siemens Report - SEC Consult published a
report describing three vulnerabilities in the Siemens CP-8XXX Power
Automation Products.
TP-Link Report - Talos Intelligence published a
report that describes an active debug code in the TP-Link ER7206 Omada
Gigabit VPN Router.
For more information about these disclosures, see my article
at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-746
- subscription required.