Review – Public ICS Disclosures – Week of 6-29-24 – Part 2

For Part 2 we have 22 additional vendor disclosures from SEL (4), Splunk (17), and VMware. There are also five updates from CODESYS, HPE (2), and Mitsubishi (2). Finally, we have three exploits for products from Deep Sea Electronics, Siemens, and Zyxel.

Advisories

SEL Advisory #1 - SEL published a version update notice for their SEL-5030 acSELerator QuickSet Software that reported that the new version included a cybersecurity enhancement from updating third-party components to ensure continuity of support.

SEL Advisory #2 - SEL published a version update notice for their SEL-5037 SEL Grid Configurator that reported that the new version included a cybersecurity enhancement from updating third-party components to ensure continuity of support.

SEL Advisory #3 - SEL published a version update notice for their SEL-5056 Software-Defined Network Flow Controller that reported that the new version included a cybersecurity improvement from Updated OpenFlow communication processing

SEL Advisory #4 - SEL published a version update notice for their Blueframe Flow Controller that reported that the new version included a cybersecurity improvement from Updated OpenFlow communication processing.

Splunk Advisory #1 - Splunk published an advisory that discusses a remote code execution vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #2 - Splunk published an advisory that describes a NULL pointer dereference vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #3 - Splunk published an advisory that describes a command injection vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #4 - Splunk published an advisory that describes a deserialization of untrusted data vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #5 - Splunk published an advisory that describes a function call with incorrectly specified argument values vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #6 - Splunk published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #7 - Splunk published an advisory that describes an unrestricted upload of file with dangerous type vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #8 - Splunk published an advisory that describes an incorrectly compiled crypto library vulnerability in some of their Splunk Enterprise and Universal Forwarder products.

Splunk Advisory #9 - Splunk published an advisory that describes an infinite loop vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #10 - Splunk published an advisory that describes a path traversal vulnerability in their Enterprise products.

Splunk Advisory #11 - Splunk published an advisory that describes a cross-site scripting vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #12 - Splunk published an advisory that describes a cross-site scripting vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #13 - Splunk published an advisory that describes a cross-site scripting vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #14 - Splunk published an advisory that describes a missing authorization vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #15 - Splunk published an advisory that describes an observable response discrepancy vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #16 - Splunk published an advisory that describes a cross-site scripting vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #17 - Splunk published an advisory that discusses 23 vulnerabilities (11 with exploit code available) in their Enterprise product.

Splunk Advisory #18 - Splunk published an advisory that describes an improper access control vulnerability in their Web Bulletin Messages product.

VMware Advisory - Broadcom published an advisory that describes an HTML injection vulnerability in their VMware Cloud Director product.

Updates

CODESYS Update - CODESYS published an update for their OPC UA Stack advisory that was originally published on May 22, 2024 and most recently updated on June 5^th, 2024.

HPE Update #1 - HPE published an update for their HPE Cray Servers advisory that was originally published on November 27^th, 2023.

HPE Update #2 - HPE published an update for their Compute Scale-up Server 3200 advisory that was originally published on April 15^th, 2024 and most recently updated on June 20^th, 2024.

Mitsubishi Update #1 - Mitsubishi published an update for their MELSEC iQ-R, iQ-L Series advisory that was originally published on December 22^nd, 2022 and most recently updated on May 30^th, 2024.

Mitsubishi Update #2 - Mitsubishi published an update for their FA Engineering Software advisory that was originally published on September 19^th, 2023.

Exploits

Deep Sea Electronics Exploit - LiquidWorm published an exploit for missing authentication for critical function vulnerability in the Deep Sea Electronics DSE855 controller.

Siemens Exploit - SEC Consult Vulnerability Lab published an exploit for three vulnerabilities in the Siemens CP-8XXX products.

Zyxel Exploit - SSD Secure Disclosure published a Metasploit module for an OS command injection vulnerability in multiple Zyxel devices.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-f8e - subscription required.