Saturday, June 28, 2025

Review – Public ICS Disclosures – Week of 6-21-25 – Part 1

This is a moderately busy disclosure week. For Part 1 we have 12 vendor disclosures from Elecom, FortiGuard, GE Vernova, Helmholz (2), Hitachi Energy (4), HP, Lenze, and Siemens.

Advisories

Elecom Advisory - JP-CERT published an advisory that describes five vulnerabilities in multiple Elecom wireless LAN routers.

FortiGuard Advisory - FortiGuard published an advisory that describes a stack-based buffer overflow vulnerability in multiple FortiGuard products.

GE Vernova Advisory - GE published an advisory that discusses an authentication bypass using an alternate path or channel vulnerability in their Control Server OTArmor.

Helmholz Advisory #1 - CERT-VDE published an advisory that describes a missing authentication for critical function vulnerability in the Helmholz myREX-24 products.

Helmholz Advisory #2 - CERT-VDE published an advisory that describes two vulnerabilities in the myREX-24 products.

Hitachi Energy Advisory # 1 - Hitachi Energy published an advisory that describes an allocation of resources without limits or throttling in their Relion 670/650 and SAM600-IO series products.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that describes five vulnerabilities in their MicroSCADA X SYS600 product.

Hitachi Energy Advisory #3 - Hitachi Energy published an advisory that discusses a cross-site scripting vulnerability (with publicly available exploit) in their MSM product.

Hitachi Energy Advisory #4 - Hitachi Energy published an advisory that describes an improper check for unusual or exceptional conditions vulnerability in their Relion 670/650 and SAM600-IO series products.

HP Advisory - HP published an advisory that discusses an out-of-bounds write vulnerability in their Poly Trio & CCX Devices.

Lenze Advisory - CERT-VDE published an advisory that describes a clear-text storage of sensitive information vulnerability in the Lenze PLC Designer V4.

Siemens Advisory - Siemens published an advisory that describes a problem (not a vulnerability) with how their SIMATIC PCS 7 and SIMATIC PCS neo products react with Microsoft Defender Antivirus.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-85b - subscription required.

Posted by at
Labels: , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */