Review – Public ICS Disclosures – Week of 10-12-24 – Part 2

For Part 2 we have 18 additional vendor disclosures from Moxa, SEL (2), Splunk (13), TAI Smart Factory, and VMware. There are also four vendor updates from FortiGuard (2), Mitsubishi Electric, and Palo Alto Networks. There are also two researcher reports for vulnerabilities in products from ABB and Rittal. Finally, we have an exploit for products from WatchGuard.

Advisories

Moxa Advisory - Moxa published an advisory that describes two vulnerabilities in their Cellular Routers, Secure Routers, and Network Security Appliances.

SEL Advisory #1 - SEL published a new version notice that describes cybersecurity enhancements for their SEL-5703 Synchrowave Monitoring product.

SEL Advisory #2 - SEL published a new versions notice that describes cybersecurity enhancements for their SEL-5702 Synchrowave Operations product.

Splunk Advisory #1 - Splunk published an advisory that describes an arbitrary file write vulnerability in their Enterprise for Windows product.

Splunk Advisory #2 - Splunk published an advisory that describes a missing authorization vulnerability in their SplunkDeploymentServerConfig app.

Splunk Advisory #3 - Splunk published an advisory that describes a deserialization of untrusted data vulnerability in their Enterprise on Windows product.

Splunk Advisory #4 - Splunk published an advisory that describes an improper access control vulnerability in their Classic Dashboard product.

Splunk Advisory #5 - Splunk published an advisory that describes an improper access control vulnerability in their Secure Gateway App.

Splunk Advisory #6 - Splunk published an advisory that describes an uncontrolled resource consumption vulnerability in their Daemon product.

Splunk Advisory #7 - Splunk published an advisory that describes a cross-site request forgery vulnerability in their Enterprise and Cloud Platform products.

Splunk Advisory #8 - Splunk published an advisory that describes an insertion of sensitive information into a log file vulnerability in their Enterprise product.

Splunk Advisory #9 - Splunk published an advisory that describes an insertion of sensitive information into a log file vulnerability in their Enterprise product.

Splunk Advisory #10 - Splunk published an advisory that describes a cross-site scripting vulnerability in their Enterprise product.

Splunk Advisory #11 - Splunk published an advisory that describes a cross-site scripting vulnerability in their Enterprise product.

Splunk Advisory #12 - Splunk published an advisory that discusses 68 vulnerabilities in their Enterprise product.

Splunk Advisory #13 - Splunk published an advisory that discusses four vulnerabilities (one with publicly available exploit) in their Add-on for Office 365 product.

TAI Advisory - Incibe-CERT published an advisory that describes an SQL injection vulnerability in the TAI Smart Factory's QPLANT plant data management product.

VMware Advisory - Broadcom published an advisory that describes an SQL injection vulnerability in their HCX product.

UPDATES

FortiGuard Update #1 - FortiGuard published an update for their regreSSHion  advisory that was originally published on July 9^th, 2024, and most recently updated on September 11^th, 2024.

FortiGuard Update #2 - FortiGuard published an update for their Format String Bug that was originally published on February 8^th, 2024, and most recently updated on October 11^th, 2024.

Mitsubishi Update - Mitsubishi published an update for their GENESIS64 advisory that was originally published on June 27^th, 2024.

Palo Alto Networks Update - Palo Alto Networks published an update for their Firewall Denial of Service advisory that was originally published on October 9^th, 2024.

Researcher Reports

ABB Reports - Zero Science published five reports about individual vulnerabilities (with publicly available exploits) in the ABB Cylon Aspect building management product.

Rittal Report - SEC Consult published a report that describes three vulnerabilities in the Rittal IoT Interface & CMC III Processing Unit.

Exploits

WatchGuard Exploit - Indoushka published an exploit for a buffer overflow vulnerability in the WatchGuard XTM Firebox.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-7cf - subscription required.