Review – Public ICS Disclosures – Week of 7-6-23 – Part 1

This week we have eight vendor disclosures about the Blast-Radius and RegreSSHion vulnerabilities. We have 25 additional vendor disclosures from BD, FortiGuard (3), Hitachi, Moxa, OPC Foundation, Palo Alto Networks (5), Pepperly+Fuchs (2), Philips, Schneider (4), SEL, and VMware (7).

Blast-RADIUS Advisories

Cisco published an advisory that provides a list of products currently under review as being potentially affected.

HPE published an advisory that provides a list of Aruba Networking products affected.

Palo Alto Networks published an advisory that provides a list of affected products and provides work arounds.

WatchGuard published an advisory that provides a list of products that they are investigating with regards to this vulnerability.

RegreSSHion Advisories

Cisco published an update that updated the lists of affected products, unaffected products, and products currently under review.

HMS published an advisory that provides a list of affected products and reports that: “All servers have been updated on 10/07/2024. No further actions are needed.”

Philips published an advisory that reports that none of their products are affected.

Synology published an advisory that reports that none of their products are affected.

Advisories

BD Advisory - BD published an advisory that discusses an improper privilege management vulnerability in multiple BD products.

FortiGuard Advisory #1 - FortiGuard published an advisory that describes an improper access control vulnerability in their FortiExtender authentication component.

FortiGuard Advisory #2 - FortiGuard published an advisory that describes an incorrect parsing of numbers with different radices vulnerability in their FortiOS and FortiProxy IP address validation feature.

FortiGuard Advisory #3 - FortiGuard published an advisory that describes a cross-site scripting vulnerability in their FortiOS and FortiProxy's web SSL VPN UI.

Hitachi Advisory - Hitachi published an advisory that discuses 70 vulnerabilities in their Disk Array Systems. These are third-party (Microsoft) vulnerabilities.

Moxa Advisory - Moxa published an advisory that discusses a use after free vulnerability (that is listed in CISA’s Known Exploited Vulnerabilities Catalog) in multiple Moxa products.

OPC Foundation - The OPC Foundation published an advisory that describes an allocation of resources without limits or throttling vulnerability in their UA-.NETStandard product.

Palo Alto Networks Advisory #1 - Palo Alto Networks published an advisory that describes a hard-coded password vulnerability in their Expedition VM product.

Palo Alto Networks Advisory #2 - Palo Alto Networks published an advisory that describes an improper input validation vulnerability in their PAN-OS product.

Palo Alto Networks Advisory #3 - Palo Alto Networks published an advisory that describes an improper verification of cryptographic signature vulnerability in their Cortex XDR Agent.

Palo Alto Networks Advisory #4 - Palo Alto Networks published an advisory that describes an unrestricted upload of file with dangerous type vulnerability in their PAN-OS products.

Palo Alto Networks Advisory #5 - Palo Alto Networks published an advisory that describes a missing authentication for critical function vulnerability in the Network Expedition product.

Pepperl+Fuchs Advisory #1 - CERT-VDE published an advisory that discusses a use after free vulnerability in their Smart-Ex 02 and Smart-Ex 03 products.

Pepperl+Fuchs Advisory #2 - CERT-VDE published an advisory that describes two vulnerabilities in the Pepperl+Fuchs OIT-XXXX products.

Philips Advisory - Philips published an advisory that discusses a TeamViewer vulnerability. Philips reports that none of their products are affected.

Schneider Advisory #1 - Schneider published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Wiser Home Controller WHC-5918A.

Schneider Advisory #2 - Schneider published an advisory that describes three vulnerabilities in their Foxboro DCS Core Control Services.

Schneider Advisory #3 - Schneider published an advisory that describes a path traversal vulnerability in their EcoStruxure Foxboro SCADA FoxRTU Station.

Schneider Advisory #4 - Schneider published an advisory that describes a cross-site scripting vulnerability in their Modicon Controllers.

SEL Advisory - SEL published a new version notice for their SEL-5052 Server Software that includes descriptions of cybersecurity fixes.

VMware Advisory #1 - Broadcom published an advisory that describes an SQL injection vulnerability in the VMware Aria Automation product.

VMware Advisories #2 thru #7 - Broadcom re-published six VMware advisories in the Broadcom format.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-c55 - subscription required.