Review – Public ICS Disclosures – Week of 6-22-24 – Part 2

For Part 2 we have two more vendor disclosures from WatchGuard (2). There are also 23 vendor updates from Hitachi Energy, HP (2), HPE (19), and Moxa. Finally, we have four researcher reports describing vulnerabilities in products from Emerson, Plug&Track, Siemens, and TP-Link.

Advisories

WatchGuard Advisory #1 - WatchGuard published an advisory that describes a privilege escalation vulnerability in their Mobile VPN product.

WatchGuard Advisory #2 - WatchGuard published an advisory that describes a buffer overflow vulnerability in their Fireware OS product.

Updates

Hitachi Energy Update - Hitachi Energy published an update for their IEDConnectivity Packages advisory that was originally published on November 15^th, 2022.

HP Update #1 - HP published an update for their AMD SPI Lock Bypass advisory that was originally published on June 11^th, 2024 and most recently updated on June 18^th, 2024.

HP Update #2 - HP published an update for their Plantronics Hub advisory that was originally published on December 20^th, 2023 and most recently updated on May 10^th, 2024.

HPE Updates - HPE continued updating older Aruba advisories to their HPE format, updating 19 advisories this week.

Moxa Advisory - Moxa published an update for their AWK-3131A Series that was originally published on February 24^th, 2020 and most recently updated on June 3^rd, 2020.

Researcher Report

Emerson Report - Claroty published a report describing four vulnerabilities in the Emerson Rosemount 370XA gas chromatograph.

Plug&Track Report - Nozomi Networks published a report that describes seven vulnerabilities in products from Plug&Track.

Siemens Report - SEC Consult published a report describing three vulnerabilities in the Siemens CP-8XXX Power Automation Products.

TP-Link Report - Talos Intelligence published a report that describes an active debug code in the TP-Link ER7206 Omada Gigabit VPN Router.

 

For more information about these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-746 - subscription required.