Review – Public ICS Disclosures – Week of 11-9-24 – Part 3

A delayed completion of my review of last weeks control system cybersecurity disclosures. For Part 3 we have 28 vendor updates from Broadcom (4), FortiGuard (2), HPE (6), Palo Alto Networks, Schneider (2), and Siemens (13).

Updates

Broadcom Update #1 - Broadcom published an update for their Brocade Fabric OS advisory that was originally published on September 26^th, 2024.

Broadcom Update #2 - Broadcom published an update for their Brocade SANnav advisory that was originally published on October 14^th, 2024.

Broadcom Update #3 - Broadcom published an update for their Oracle Critical Patch advisory that was originally published on November 2^nd, 2024.

Broadcom Update #4 - Broadcom published an update for their Azul Zulu Java advisory that was originally published on November 2^nd, 2024.

FortiGuard Update #1 - FortiGuard published an advisory for their regreSSHion vulnerability advisory that was originally published on July 9^th, 2024, and most recently updated on October 16^th, 2024.

FortiGuard Update #2 - FortiGuard published an advisory for their missing authentication in fgfmsd advisory that was originally published on October 23^rd, 2024, and most recently updated on November 7^th, 2024.

HPE Update #1 - HPE published an update for their ProLiant DL/ML/XL, Alletra, Synergy, and Edgeline Servers advisory that was originally published on September 12^th, 2024.

HPE Update #2 - HPE published an update for their ProLiant DL/ML/XL, Alletra, Synergy, and Edgeline Servers advisory that was originally published on September 12^th, 2024.

HPE Update #3 - HPE published an update for their StoreEasy Servers advisory that was originally published on September 19^th, 2024.

HPE Update #4 - HPE published an update for their StoreEasy Servers advisory that was originally published on September 13^th, 2024.

HPE Update #5 - HPE published an update for their StoreEasy Servers advisory that was originally published on September 13^th, 2024.

HPE Updated #6 - HPE published an update for their ProLiant DL/ML/XL, Alletra, Edgeline, MicroServer and Synergy Servers advisory that was originally published on September 16^th, 2024, and most recently updated on September 25^th, 2024.

Palo Alto Networks Advisory - Palo Alto Networks published an update for their Management Web Interface advisory that was originally published on November 8^th, 2024, and most recently updated on November 10^th, 2024.

Schneider Update #1 - Schneider published an update for their PowerLogic PM5500 advisory that was originally published on June 8^th, 2021.

Schneider Update #2 - Schneider published an update for their BadAlloc advisory that was originally published on November 9^th, 2021, and most recently updated on September 10^th, 2024.

Siemens Update #1 - Siemens published an update for their Industrial Products advisory that was originally published on May 14^th, 2024, and most recently updated on October 8^th, 2024.

Siemens Update #2 - Siemens published an update for their n SIMATIC WinCC advisory that was originally published on July 9^th, 2024, and most recently updated on September 10^th, 2024.

Siemens Update #3 - Siemens published an update for their SIMATIC S7-1500 advisory that was originally published on October 8^th, 2024.

Siemens Update #4 - Siemens published an update for their RADIUS Protocol advisory that was originally published on July 9^th, 2024, and most recently updated on July 22^nd, 2024.

Siemens Update #5 - Siemens published an update for their Socket.IO advisory that was originally published on September 10^th, 2024.

Siemens Update #6 - Siemens published an update for their SIMATIC SCADA advisory that was originally published on September 10^th, 2024, and most recently updated on October 8^th, 2024.

Siemens Update #7 - Siemens published an update for their Profinet Devices advisory that was originally published on July 13^th, 2021, and most recently updated on June 11^th, 2024.

Siemens Update #8 - Siemens published an update for their l GNU/Linux subsystem advisory that was originally published on December 12^th, 2023, and most recently updated on October 8^th, 2024.

Siemens Update #9 - Siemens published an update for their Palo Alto Networks advisory that was originally published on July 9^th, 2024, and most recently updated on October 8^th, 2024.

Siemens Update #10 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on April 9^th, 2024, and most recently updated on July 9^th, 2024.

Siemens Update #11 - Siemens published an update for their Mendix Runtime advisory that was originally published on September 10^th, 2024, and most recently updated on October 10^th, 2024.

Siemens Update #12 - Siemens published an update for their SIMATIC S7-1500 CPUs advisory that was originally published on October 8^th, 2024.

Siemens Update #13 - Siemens published an update for their User Management Component advisory that was originally published on September 10^th, 2024, and most recently updated on October 8^th, 2024.

 

For more information on these updates, including brief description of the recent changes, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-db2 - subscription required.