Review – Public ICS Disclosures – Week of 6-22-24 – Part 1

This week we have 18 vendor disclosures from ABB, Hitachi (3), Hitachi Energy, Honeywell, HP (5), HPE, Moxa, Rockwell, and VMware (3).

Advisories

ABB Advisory - ABB published an advisory that discusses an untrusted search path vulnerability in their PCM600 Installer product.

Hitachi Advisory #1 - Hitachi published an advisory that discusses two vulnerabilities in their Storage Provider for VMware vCenter product.

Hitachi Advisory #2 - Hitachi published an advisory that describes an incorrect default permissions vulnerability in their Storage Provider for VMware vCenter.

Hitachi Advisory #3 - Hitachi published an advisory that discusses 36 vulnerabilities in their Disk Array products.

Hitachi Energy Advisory - Hitachi Energy published an advisory that discusses four vulnerabilities in their AFS/AFR series products.

Honeywell Advisory - Honeywell published an advisory that discusses an uncontrolled search path vulnerability in their MAXPRO NVR Computer.

HP Advisory #1 - HP published an advisory that discusses the Zenbleed vulnerability in their AMD Client UEFI.

HP Advisory #2 - HP published an advisory that describes a TOCTOU vulnerability in their PC Bios products.

HP Advisory #3 - HP published an advisory that describes three vulnerabilities in multiple HP PC products.

HP Advisory #4 - HP published an advisory that discusses the LogoFAIL vulnerabilities in multiple PC Bios products.

HP Advisory #5 - HP published an advisory that discusses an uncontrolled search path element vulnerability in multiple HP PC products.

HPE Advisory #1 - HPE published an advisory that discusses ten vulnerabilities in their ProLiant DL/XL Servers and Cray Supercomputer products.

HPE Advisory #2 - HPE published an advisory that describes a code injection vulnerability in their Athonet Mobile Core.

Moxa Advisory - Moxa published an advisory that describes three vulnerabilities in their EDS-405A/408A Series products.

Rockwell Advisory - Rockwell published an advisory that describes three improper input validation vulnerabilities in their ThinManager ThinServer product.

VMware Advisory #1 - Broadcom published an advisory that describes three vulnerabilities in their ESXi and vCenter Server products.

VMware Advisory #2 - Broadcom published an advisory that describes an improper privilege management vulnerability in their Cloud Director product.

VMware Advisory #3 - Broadcom published an advisory that describes an insertion of sensitive information vulnerability in their Cloud Director Object Storage Extension.

 

For more information on these disclosures, including 3rd party reports, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-601 - subscription required.