Review – Public ICS Disclosures – Week of 8-3-24

This week we have 18 vendor disclosures from Bosch, Broadcom, B&R, Carrier, Hitachi (11), HPE (2), and SEL. There are also seven vendor updates from Broadcom (3), Cisco (2), HPE, and VMware. Finally, we have four researcher reports about vulnerabilities in products from Johnson Controls, Korenix, PLANET Technology, and Unitronics.

Advisories

Bosch Advisory - Bosch published an advisory that discusses four vulnerabilities (all with available exploits) in their DIVAR IP all-in-one Devices.

Broadcom Advisory - Broadcom published an advisory that discusses 22 vulnerabilities (11 with publicly available exploits) in their Brocade ASCG.

B&R Advisory - B&R published an advisory that discusses six vulnerabilities in their Automation Runtime product.

Carrier Advisory - Carrier published an advisory that discusses a supply chain attack that affected their LenelS2 NetBox products.

Hitachi Advisory #1 - Hitachi published an advisory that discusses an HTTP request/response smuggling vulnerability in their Cosminexus product.

Hitachi Advisory #2 - Hitachi published an advisory that discusses an incomplete cleanup vulnerability in their Automation Director, Infrastructure Analytics Advisor and Ops Center products.

Hitachi Advisory #3 - Hitachi published an advisory that describes an unquoted search path vulnerability in their Device Manager.

Hitachi Advisory #4 - Hitachi published an advisory that discusses six vulnerabilities (including three with publicly available exploits) in their Ops Center Analyzer viewpoint and Ops Center Viewpoint products.

Hitachi Advisory #5 - Hitachi published an advisory that discusses two vulnerabilities (one with publicly available exploits) in their Configuration Manager and Ops Center API Configuration Manager products.

Hitachi Advisory #6 - Hitachi published an advisory that discusses an XMM register corruption vulnerability in their Configuration Manager and Ops Center API Configuration Manager products.

Hitachi Advisory #7 - Hitachi published an advisory that discusses the Terrapin Attack vulnerability.

Hitachi Advisory #8 - Hitachi published an advisory that describes an EL injection vulnerability in their Tuning Manager product.

Hitachi Advisory #9 - Hitachi published an advisory that discusses six vulnerabilities in their Cosminexus Developer's Kit for Java and Hitachi Developer's Kit for Java products.

Hitachi Advisory #10 - Hitachi published an advisory that discusses six vulnerabilities in multiple products.

Hitachi Advisory #11 - Hitachi published an advisory that discusses 71 vulnerabilities in their Disk Array Systems.

HPE Advisory #1 - HPE published an advisory that describes a SMM lock bypass vulnerability in their ProLiant AMD Servers.

HPE Advisory #2 - HPE published an advisory that discusses the regreSSHion vulnerability. HPE reports that their Athonet products are affected.

SEL Advisory - SEL published a version update notice for their Compass product that reports that the new version includes cybersecurity enhancements.

Updates

Broadcom Update #1 - Broadcom published an update for their Privilege escalation using switch commands advisory that was originally published on September 13^th, 2022 and most recently updated on September 20^th, 2022.

Broadcom Update #2 - Broadcom published an update for their libxml2 advisory that was originally published on July 30^th, 2024.

Cisco Update #1 - Cisco published an update for their Blast-Radius advisory that was originally published on July 10^th, 2024 and most recently updated on August 2^nd, 2024.

Cisco Update #2 - Cisco published an update for their regreSSHion advisory that was originally published on July 2^nd, 2024 and most recently updated on July 26^th, 2024.

HPE Update - HPE published an update for their Fiber Channel and SAN Switches advisory that was originally published on August 1^st, 2024.

VMware Update - Broadcom published an update for their VMware Workspace ONE advisory that was originally published on April 6^th, 2024.

Researcher Reports

Johnson Controls Report - Nozomi Networks published a report describing five vulnerabilities in the Johnson Controls’ exacqVision Web Service.

Korenix Report - CyberDanube published a report that describes three vulnerabilities in the Korenix JetPort ethernet switch. An exploit was also published for the three vulnerabilities.

Planet Technology Report - IOActive published a report that describes three vulnerabilities in the PLANET IGS-4215-16T2S switch.

Unitronics Report - Claroty published a report that describes two vulnerabilities in Unitronics PLCs/HMI that have been exploited in the wild.

 

For more details about these disclosures, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis – https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-bbf - subscription  required.