Review – Public ICS Disclosures – Week of 12-21-24

This week we have three vendor disclosures from Hitachi, Palo Alto Networks, and Philips. We also have six researcher reports for vulnerabilities in products from ABB (5) and HMS.

Advisories

Hitachi Advisory - Hitachi published an advisory that discusses 29 vulnerabilities in their Disk Array Systems.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that describes an improper check for unusual or exceptional conditions vulnerability in multiple Palo Alto Networks products.

Philips Advisory - Philips published an advisory that discusses the Apache Struts unrestricted upload of file with dangerous type vulnerability.

Researcher Reports

ABB Reports - Zero Science published five reports about vulnerabilities (all with publicly available exploits) in the ABB Cylon Aspect building energy management product.

HMS Report - CyberDanube published a report that describes a code injection vulnerability (with publicly available exploit) in the HMS Ewon Flexy 205.

 

For more information on these vulnerabilities, including links to exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-136 - subscription required.