Review – Public ICS Disclosures – Week of 8-17-24

This week we have eleven vendor disclosures from Bosch, Dassault Systèmes (3), HPE, Palo Alto Networks, Moxa, Panasonic, Rockwell, SonicWall, and Welotec. There are also three vendor updates from Cisco and HPE.

Advisories

Bosch Advisory - Boach published an advisory that describes a missing authentication vulnerability in their CPP13 and CPP14 IP cameras.

Dassault Systèmes Advisory #1 – Dassault Systèmes published an advisory that describes an open redirect vulnerability in their 3DSwymer product.

Dassault Systèmes Advisory #2 – Dassault Systèmes published an advisory that describes a reflected cross-site scripting vulnerability in their ENOVIA Collaborative Industry Innovator product.

Dassault Systèmes Advisory #3 – Dassault Systèmes published an advisory that describes an open redirect vulnerability in their 3DSwymer product.

HPE Advisory - HPE published an advisory that discusses nine vulnerabilities in their HPE SimpliVity AMD Servers.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that discusses OpenSSL’s exposure of sensitive information to an unauthorized actor vulnerability.

Moxa Advisory - Moxa published an advisory that discusses the regreSSHion vulnerability. Moxa provides a list of the affected products.

Panasonic Advisory - Panasonic acknowledges a stack-based buffer overflow vulnerability in their Control FPWIN Pro product.

Rockwell Advisory - Rockwell published an advisory that describes three vulnerabilities in their ThinManager ThinServer product.

SonicWall Advisory - SonicWall published an advisory that describes an improper access control vulnerability in their SonicOS product.

Welotec Advisory - CERT-VDE published an advisory that discusses the regreSSHion vulnerability.

UPDATES

Cisco Update #1 - Cisco published an update for their regreSSHion advisory that was originally published on July 2^nd, 2024 and most recently updated on August 2^nd, 2024.

Cisco Update #2 - Cisco published an update for their Blast-Radius advisory that was originally published on July 10^th, 2024, and most recently updated on August 9^th, 2024.

HPE Update - HPE published an update for their ProLiant DL/ML/XL, Synergy, MicroServer, and Edgeline Servers that was originally published on August 13^th, 2024.

 

For more information on these disclosures, including links to 3^rd party advisories and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-e17 - subscription required.