Review – Public ICS Disclosures – Week of 7-28-25 – Part 1

This week we have 11 vendor disclosures from ABB, Contec, Delta Electronics, Endress+Hauser, HP (2), HPE, ifm, and Pilz (3).

Advisories

ABB Advisory - ABB published an advisory that describes four vulnerabilities in their web UI REST Interface.

Contec Advisory - Contec published an advisory that describes two vulnerabilities in their CONPROSYS HMI System.

Delta Advisory - Delta published an advisory that describes two deserialization of untrusted data vulnerabilities in their DTM Soft products.

Endress+Hauser Advisory - CERT-VDE published an advisory that discusses 19 vulnerabilities in the Endress+Hauser MEAC300-FNADE4.

HP Advisory #1 - HP published an advisory that describes a stack-based buffer overflow vulnerability in their Universal Print Driver.

HP Advisory #2 - HP published an advisory that discusses 46 vulnerabilities in their Device Manager.

HPE Advisory - HPE published an advisory that discusses a server-side request forgery vulnerability in their Telco Service Orchestrator software.

Ifm Advisory - CERT-VDE published an advisory that describes a missing authentication for critical function vulnerability in the ifm Smart PLC AC4xxS.

Pilz Advisory #1 - CERT-VDE published an advisory that describes an incorrect type conversion or cast vulnerability in the Pilz IndustrialPI 4 with IndustrialPI webstatus.

Pilz Advisory #2 - CERT-VDE published an advisory that describes a missing authentication for critical function vulnerability in the Pilz IndustrialPI 4 with Firmware Bullseye.

Pilz Advisory #3 - CERT-VDE published an advisory that discusses an authentication bypass by primary weakness vulnerability in the Pilz Software PiCtory.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-cff - subscription required.

Review – One Advisory and One Update Published – 2-25-25

Today CISA’s NCCIC-ICS published a control system security advisory for products from Rockwell Automation. They also updated a medical device security advisory for products from Contec.

Advisories

Rockwell Advisory - This advisory describes a cleartext transmission of sensitive information vulnerability in the Rockwell PowerFlex 755 drives.

Updates

Contec Update - This update provides additional information on the Contec Health CMS8000 Patient Monitor advisory that was originally published on January 30^th, 2025.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/one-advisory-and-one-update-published-053 - subscription required.

Review – 6 Advisories and 2 Updates Published – 1-30-25

Today CISA’s NCCIC-ICS published five control system security advisories for products from Rockwell Automation (2), Schneider Electric, New Rock Technologies, and Hitachi Energy. They also published a medical device security advisory and an update for products from Contec Health. They also published a control system update for products from Mitsubishi.

Advisories

Rockwell Advisory #1 - This advisory describes three vulnerabilities in the Rockwell FactoryTalk AssetCentre.

Rockwell Advisory #2 - This advisory discusses an uncontrolled resource consumption vulnerability in the Rockwell KEPServerEX.

Schneider Advisory - This advisory describes an exposure of sensitive information to an unauthorized actor vulnerability in the Schneider Harmony Industrial PC and Pro-face Industrial PC.

New Rock Advisory - This advisory describes two vulnerabilities in the New Rock Cloud Connected Devices.

Hitachi Energy Advisory - This advisory describes eight vulnerabilities in the Hitachi Energy UNEM product.

Contec Advisory - This advisory describes three vulnerabilities in the Contec CMS8000 Patient Monitor.

NOTE: CISA published a stand-alone fact sheet on the backdoor vulnerability described in this advisory. The FDA published a Safety Communication about the reported vulnerabilities.

Updates

Contec Update - This update provides additional information on the CMS8000 Patient Monitor advisory that was originally published on September 1^st, 2022.

Mitsubishi Update - This update provides additional information on the FA Engineering Software Products advisory that was originally published on May 14^th, 2024, and most recently updated on October 31^st, 2024.

 

For more information on these advisories, including a down-the-rabbit-hole look at the KEPServerEX vulnerability, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-2-updates-published-56f - subscription required.

Review – Public ICS Disclosures – Week of 4-13-24

This week we have nine vendor disclosures from Hitachi, HPE (4), Peplink, Philips, and Rockwell (2). There are also five vendor updates from B&R (2), Contec, HPE, and Palo Alto Networks. We also have eleven researcher reports about vulnerabilities in products from Elber (10) and Silicon Labs. Finally, we have two exploits for products from Palo Alto Networks.

NOTE: HP reports that they have an update for their NVIDIA GPU Display Driver advisory that was originally published on March 12^th, 2024, but the link currently goes to a blank page.

Advisories

Hitachi Advisory - Hitachi published an advisory that discusses an allocation of resources without limit or throttling vulnerability in their JP1 product.

HPE Advisory #1 - HPE published an advisory that discusses an out-of-bounds write vulnerability in their Superdome Flex, Superdome Flex 280 and Compute Scale-up Server 3200 Servers.

HPE Advisory #2 - HPE published an advisory that discusses an improper restriction of operations within the bounds of a memory buffer vulnerability in their Compute Scale-up Server 3200 server.

HPE Advisory #3 - HPE published an advisory that discusses five vulnerabilities (three with exploits available) in their Telco IP Mediation E-Media product.

HPE Advisory #4 - HPE published an advisory that describes an insertion of sensitive information into a logfile vulnerability in their Compute Scale-up Server 3200 Server.

Peplink Advisory - Peplink published an advisory that describes five vulnerabilities in their Smart Reader access control product.

Philips Advisory - Philips published an advisory that discusses a CISA report of a compromise of Sisense Customer Data.

Rockwell Advisory #1 - Rockwell published an advisory that describes an improper input validation vulnerability in their 5015-AENFTXT product.

Rockwell Advisory #2 - Rockwell published an advisory that discusses a deserialization of untrusted data vulnerability {listed in CISA’s Known Exploited Vulnerabilities (KEV) Catalog} in their FactoryTalk Production Centre product.

Updates

B&R Update #1 - B&R published an update for their Docker Engine advisory that was originally published on April 10^th, 2024.

B&R Update #2 - B&R published an update for their LOGO Fail advisory that was originally published on April 11^th, 2024.

Contec Update - JP-CERT published an update for their SolarView Compact advisory that was originally published on June 9^th, 2022 and most recently updated on February 10^th, 2023.

HPE Update - HPE published an update for their Superdome Flex advisory that was originally published on January 23^rd, 2024 and most recently updated on March 8^th, 2024.

Palo Alto Networks Update - Palo Alto Networks published an update for their PAN OS command injection advisory that was originally published on March 12^th, 2024.

Researcher Reports

Elber Report #1 - Zero Science published two reports of vulnerabilities in the Elber Signum DVB-S/S2 controller for satellite equipment.

Elber Report #2 - Zero Science published two reports of vulnerabilities in the Elber Cleber/3 Broadcast Multi-Purpose Platform.

Elber Report #3 - Zero Science published two reports of vulnerabilities in the Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link.

Elber Report #4 - Zero Science published two reports of vulnerabilities in the Elber DVB-S/S2 Satellite Receiver. Microwave Link.

Elber Report #5 - Zero Science published two reports of vulnerabilities in the Elber Wayber Analog/Digital Audio STL.

Silicon Labs Report - Talos published a report about a NULL pointer dereference vulnerability in the Silicon Labs Gecko Platform software design kit.

Exploits

Palo Alto Networks Exploit #1 - H4x0r-dz published an exploit for a command injection vulnerability in the Palo Alto Networks PAN-OS.

Palo Alto Networks Exploit #2 - W01fh4cker published an exploit for a command injection vulnerability in the Palo Alto Networks PAN-OS.

 

For more details about these disclosures, including links to researcher report, 3^rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-ac1 - subscription required.

Review – Public ICS Disclosure – Week of 5-27-23

This week we have 31 vendor disclosures from BD, Bosch, B&R, Contec, Eaton, Fuji Electric, Hitachi Energy (2), HPE (3), Mitsubishi, Splunk (15), VMware, and Zyxel (3). There are also four vendor updates from HPE (2) and Moxa (2). We also have 40 researcher reports for vulnerabilities for products from Delta Electronics (22), Fatek Automation (11), Mitsubishi, and Unified Automation (6). Finally, we have an exploit for products from Seagate.

Advisories

BD Advisory - BD published an advisory that discusses a buffer underflow vulnerability in some of their Kiestra products.

Bosch Advisory - Bosch published an advisory that describes a chip damaging vulnerability in their CPP13 and CPP14 cameras.

B&R Advisory - B&R published an advisory that discusses an abuse of service location protocol vulnerability in their ARPOL product.

Contec Advisory - Contec published an advisory that describes seven vulnerabilities in their CONPROSYS HMI System.

Eaton Advisory - Eaton published an advisory that describes a group access authorization logic vulnerability in their SecureConnect portal.

Fuji Electric - JP CERT published an advisory that describes three vulnerabilities in the Fuji Electric FRENIC RHC Loader.

Hitachi Energy Advisory #1 - Hitachi published an advisory that describes an improper output neutralization for logs vulnerability in their UNEM product.

Hitachi Energy Advisory #2 - Hitachi published an advisory that that describes an improper output neutralization for logs vulnerability in their FOXMAN-UN product.

HPE Advisory #1 - HPE published an advisory that describes an arbitrary code execution vulnerability in their Smart Storage Administrator (SSA) Offline product.

HPE Advisory #2 - HPE published an advisory that discusses four vulnerabilities in their HP-UX BIND product.

HPE Advisory #3 - HPE published an advisory that describes a denial of service vulnerability in their HP-UX IPv6 Stack.

Mitsubishi Advisory - Mitsubishi published an advisory that describes four vulnerabilities in their MELSEC iQ-R Series/iQ-F Series EtherNet/IP modules and EtherNet/IP configuration tools.

Splunk Advisories 1-3 - Splunk published three advisories for product updates for third party vulnerabilities.

Splunk Advisories 4-15 - Splunk published 12 advisories for individual vulnerabilities in multiple products.

VMware Advisory - VMware published an advisory that describes an insecure redirect vulnerability in their Workspace ONE Access and Identity Manager products.

Zyxel Advisory #1 - Zyxel published an advisory that describes two classic buffer overflow vulnerabilities in their firewalls.

Zyxel Adviosry #2 - Zyxel published an advisory that describes an OS command injection vulnerability in some of their NAS versions.

Zyxel Advisory #3 - Zyxel published an advisory that discusses recent attacks on their ZyWALL devices.

Updates

HPE Update #1 - HPE published an update for their StoreEasy Servers advisory that was originally published on February 14^th, 2023 and most recently updated on March 23^rd, 2023.

HPE Update #2 - HPE published an update for their OneView advisory that was originally published on February 6^th, 2023.

Moxa Update #1 - Moxa published an update for their MXsecurity advisory that was originally published on March 8^th, 2023 and most recently updated on May 23^rd, 2023.

Moxa Update #2 - Moxa published an update for their Arm-based Computer advisory that was originally published on November 22^nd, 2022.

Researcher Reports

Delta Electronics Reports - ZDI published 22 reports about individual vulnerabilities in the Delta CNCSoft-B product.

Fatek Reports - ZDI published eleven reports about individual vulnerabilities in the Fatek FvDesigner.

Mitsubishi Report - Talos Intelligence published a report describing a memory corruption vulnerability in the Mitsubishi MELSEC iQ-F FX5U MELSOFT.

Unified Automation Report #1 - Claroty published a report that describes an object validation vulnerability in the Unified Automation UaGateway.

Unified Automation Reports #2-6 - ZDI published five reports describing vulnerabilities in the Unified Automation UaGateway.

Exploits

Seagate Exploit - Ege Balci published an metsploit module for an OS command injection vulnerability in the Seagate Central External NAS Storage device.

For more details about these disclosures, including links to researcher reports and exploits, as well as a brief description of new information in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-5-27 - subscription required.

Review – Public ICS Disclosures – Week of 5-6-23 – Part 1 -

For Part 1 this week we have 34 vendor disclosures from Ads-Tec, Aruba, CONTEC, Fujitsu, HP (5), HPE (7), Insyde (2), Milestone (2), Palo Alto Networks (2), Rockwell (2), Tanzu (7), Texas Instruments, VMware, and WatchGuard.

Advisories

Ads-Tec Advisory - CERT-VDE published an advisory that discusses 18 vulnerabilities in the ads-tec IRF1000, IRF2000, and IRF3000 firewalls and routers.

Aruba Advisory - Aruba published an advisory that describes 13 vulnerabilities in their Access Points product.

CONTEC Advisory - JP-CERT published an advisory that describes five vulnerabilities in the CONTEC SolarView Compact product.

Fujitsu Advisory - Fujitsu published an advisory that discusses two vulnerabilities addressed in the 2023.2 INTEL Platform Update.

HP Advisory #1 - HP published an advisory that discusses 18 vulnerabilities in their products utilizing the AMD Client UEFI Firmware.

HP Advisory #2 - HP published an advisory that discusses four vulnerabilities in their products utilizing the Intel Virtual RAID on CPU.

HP Advisory #3 - HP published an advisory that discusses two vulnerabilities in their products utilizing the Intel 2023.2 IPU – BIOS.

HP Advisory #4 - HP published an advisory that discusses two vulnerabilities in their PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware.

HPE Advisory #1 - HPE published an advisory that discusses an exposure of information to wrong sphere vulnerability in their Proliant DX Servers.

HPE Advisory #2 - HPE published an advisory that discusses an exposure of information to wrong sphere vulnerability in their Apollo, XL Servers.

HPE Advisory #3 - HPE published an advisory that discusses an exposure of information to wrong sphere vulnerability in their Synergy Servers.

HPE Advisory #4 - HPE published an advisory that discusses an exposure of information to wrong sphere vulnerability in their StoreEasy Servers.

HPE Advisory #5 - HPE published an advisory that discusses 15 vulnerabilities in their ProLiant Gen10 and Gen10 Plus Servers.

HPE Advisory #6 - HPE published an advisory that discusses two vulnerabilities in their ProLiant DL/ML Servers.

HPE Advisory #7 - HPE published an advisory that discusses an exposure of information to wrong sphere vulnerability in their Superdome Flex Servers.

Insyde Advisory #1 - Insyde published an advisory that discusses an unchecked return value vulnerability in their BIOS PNG decoder libs.

Insyde Advisory #2 - Insyde published an advisory that describes an insufficient input validation vulnerability in various Intel Mobile Platforms.

Milestone Advisory #1 - Milestone published an advisory that describes a remote code execution vulnerability in their Management Server.

Milestone Advisory #2 - Milestone published an advisory that describes a remote code execution vulnerability in their Event Server.

Palo Alto Networks Advisory #1 - Palo Alto Networks published an advisory that describes a file disclosure vulnerability in their PAN-OS. The vulnerability was reported by Alex Hordijk.

Palo Alto Network Advisory #2 - Palo Alto Networks published an advisory that describes a cross-site scripting vulnerability in their PAN-OS software on Panorama appliances.

Rockwell Advisory #1 - Rockwell published an advisory that describes nine cross-site scripting vulnerabilities in their ArmorStart® ST 281E, and 284EE products.

Rockwell Advisory #2 - Rockwell published an advisory that describes a cross-site request forgery vulnerability in their FactoryTalk Vantagepoint product.

Tanzu Advisory #1 - Tanzu published an advisory that discusses an out-of-bounds write vulnerability in multiple Tanzu products.

Tanzu Advisory #2 - Tanzu published an advisory that discusses an off-by-one error vulnerability in multiple Tanzu products.

Tanzu Advisory #3 - Tanzu published an advisory that discusses an off-by-one error vulnerability in multiple Tanzu products.

Tanzu Advisory #4 - Tanzu published an advisory that discusses four vulnerabilities in multiple Tanzu products.

Tanzu Advisory #5 - Tanzu published an advisory that discusses a use of cryptographically weak PRNG vulnerability in multiple Tanzu products.

Tanzu Advisory #6 - Tanzu published an advisory that discusses six vulnerabilities in multiple Tanzu products.

Tanzu Advisory #7 - Tanzu published an advisory that discusses two vulnerabilities in multiple Tanzu products.

Texas Instruments Advisory - Texas Instruments published an advisory that describes a missing logic check vulnerability in their Wi-SUN® Stack.

VMware Advisory - VMware published an advisory that describes four vulnerabilities in their Aria Operations product.

WatchGuard Advisory - WatchGuard published an advisory that describes an arbitrary file read vulnerability in their Fireware OS products.

 

For more details on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-ba5 - subscription required.

Review – Public ICS Disclosures – Week of 3-11-23 – Part 1

This week we have nine vendor disclosures from Aruba Networks, Carrier, Contec, Hitachi Energy, HPE (2), InHand Networks, Moxa, and Phoenix Contact. There are five vendor updates from HPE (4) and Moxa. Finally, we have three exploits for products from Eaton, Riello, and Fortinet.

In Part 2 this week I will look at disclosures from Schneider and Siemens.

Advisories

Aruba Advisory - Aruba published an advisory that describes eight vulnerabilities in their ClearPass Policy Manager program.

Carrier Advisory - Carrier published an advisory that discusses a server side request forgery vulnerability in their g LenelS2 supported platform.

Contec Advisory - Contec published an advisory that describes three vulnerabilities in their CONPROSYS M2M Gateway Series, M2M Controller Series products.

Hitachi Energy Advisory - Hitachi published an advisory that discusses a permissions, privileges, and access control vulnerability in their MicroSCADA Pro/X SYS600 Products.

HPE Advisory #1 - HPE published an advisory that discusses eight vulnerabilities in their NonStop servers.

HPE Advisory #2 - HPE published an advisory that describes a cross-site scripting vulnerability in their Integrated Lights-Out products.

InHand Advisory - InHand published an advisory that describes five vulnerabilities in their InRouter615-S industrial routers.

Moxa Advisory - Moxa published an advisory that describes two improper certificate validation vulnerabilities in their NPort 6000 Series and Windows Driver Manager products.

Phoenix Contact Advisory - Phoenix Contact published an advisory that discusses five vulnerabilities in their ENERGY AXC PU product.

Updates

HPE Update #1 - HPE published an update for their FlexNetwork and FlexFabric Switches advisory that was originally published on July 30^th, 2022.

HPE Update #2 - HPE published an update for their OneView for VMware vCenter advisory that was originally published on February 17^th, 2023.

HPE Update #3 - HPE published an update for their ProLiant Moonshot Servers advisory that was originally published on November 8^th, 2022.

HPE Update #4 - HPE published an update for their ProLiant BL/DL/ML Servers advisory that was originally published on November 8^th, 2022.

Moxa Update - Moxa published an update for their UC Series advisory that was originally published on November 29^th, 2022 and most recently updated on February 9^th, 2023.

Exploits

Eaton Exploit - Yehia Elghaly published an exploit for a denial-of-service vulnerability in the Eaton Webpower UPS.

Reillo Exploit - Ricardo Jose Ruiz Fernandez published an exploit for shell bypass vulnerability in the Riello UPS system.

Fortinet Exploit - Jheysel-r7, Zach Hanley, and Gwendal Guegniaud published a Metasploit module for an externally controlled reference to a resource in another sphere vulnerability in the FortiNAC.

 

For more details about these disclosures, including links to third-party advisories, researcher reports and summary of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-d50  - subscription required.

Review – Public ICS Disclosures – Week of 2-4-23

This week we have eleven vendor disclosures from ABB, Baicells, Dahua, Palo Alto Networks (5), Ruckus, and Zyxel Networks (2). We also have three vendor updates from CONTEC, HPE, and Moxa. Finally, we have thirteen researcher reports on products from Siemens, and Open Design Alliance (12).

NOTE: There have been problems with the NIST NVD CVE listings this morning. They have been slow to load or have not been found. Hopefully this will be corrected in the near future.

Vendor Disclosures

Baicells Advisory - Baicells published an advisory that describes a cross-site scripting vulnerability in their Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices.

Dahua Advisory - Dahua published an advisory that describes an unauthorized modification of device timestamp vulnerability in some of their embedded products.

Palo Alto Networks Advisory #1 - Palo Alto Networks published an advisory that discusses an improper privilege management vulnerability in SUDO.

Palo Alto Networks Advisory #2 - Palo Alto Networks published an advisory that discusses the OpenSSL vulnerabilities disclosed Feb 7, 2023.

Palo Alto Networks Advisory #3 - Palo Alto Networks published an advisory that describes a protection mechanism failure vulnerability in their Cortex XDR agent.

Palo Alto Networks Advisory #4 - Palo Alto Networks published an advisory that describes an information disclosure vulnerability in their Cortex XDR agent.

Palo Alto Networks Advisory #5 - Palo Alto Networks published an advisory that describes a file disclosure vulnerability in their Cortex XSOAR server.

Ruckus Advisory - Ruckus published an advisory that describes a cross-site request forgery vulnerability in multiple products using their AP Web application.

NOTE: Multiple end-of-life products are listed as being affected by this vulnerability.

Zyxel Advisory #1 - Zyxel published an advisory that describes a command injection vulnerability in their firewalls.

Zyxel Advisory #2 - Zyxel published an advisory that describes an improper check for unusual or exceptional conditions vulnerability in their Aps.

Vendor Updates

CONTEC Update - JP CERT published an update for their Solar View Compact advisory that was originally published on May 26^th, 2022 and most recently updated on December 13^th, 2022.

HPE Update - HPE published an update for their OneView advisory that was originally published on January 31^st, 2023.

Moxa Update - Moxa published an update for their UC Series advisory that was originally published on November 29^th, 2023.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-22-333-04) for this new information.

Researcher Reports

Siemens Report - Otorio published a report describing two vulnerabilities in the Siemens Automation License Manager.

ODA Report #1 - The Zero Day Initiative published a report that describes a memory corruption vulnerability in the ODA Drawing SDK.

ODA Report #2 - ZDI published a report that describes a memory corruption vulnerability in the ODA Drawing SDK.

ODA Report #3 - ZDI published a report that describes an out-of-bounds write vulnerability in the ODA Drawing SDK.

ODA Report # 4 - ZDI published a report that describes an out-of-bounds write vulnerability in the ODA Drawing SDK.

ODA Report #5 - ZDI published a report that describes a heap-based buffer overflow vulnerability in the ODA Drawing SDK.

ODA Report #6 - ZDI published a report that describes an out-of-bounds write vulnerability in the ODA Drawing SDK.

ODA Report #7 - ZDI published a report that describes an out-of-bounds write vulnerability in the ODA Drawing SDK.

ODA Report #8 - ZDI published a report that describes an out-of-bounds write vulnerability in the ODA Drawing SDK.

ODA Report # 9 - ZDI published a report that describes an out-of-bounds write vulnerability in the ODA Drawing SDK.

ODA Report #10 - ZDI published a report that describes an out-of-bounds write vulnerability in the ODA Drawing SDK.

ODA Report #11 - ZDI published a report that describes a heap-based buffer overflow vulnerability in the ODA Drawing SDK.

ODA Report #12 - ZDI published a report that describes a use-after-free vulnerability in the ODA Drawing SDK.

 

For more details about these disclosures, including links to third-party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-6e9 - subscription required.

Review – Public ICS Disclosures – Week of 1-21-23

This week we have an OpenSSL 3.0 advisory from Dell. We have seven vendor disclosures from Carrier, Contec, GE Grid Solutions, Meinberg, Omron, and PulseSecure (2). We also have three vendor updates from CODESYS, HPE, and PcVue. Finally, we have 16 researcher reports for products from Siretta (14), Zyxel, and Delta Electronics.

Open SSL 3.0 Advisories

Dell published an advisory that discusses the OpenSSL 3.0 vulnerabilities.

Vendor Advisories

Carrier Advisory - Carrier published an advisory that discusses multiple authentication bypass vulnerabilities in their WebCTRL® and i-Vu® software.

Contec Advisory - Contec published an advisory that describes an SQL injection vulnerability in the Contec CONPROSYS HMI System.

GE Grid Solutions Advisory - GE Grid Solutions published an advisory for their DS Agile Distributed Control System.

Meinberg Advisory - Meinberg published an advisory that discusses eight vulnerabilities in their LANTIME product.

Omron Advisory - JP Cert published an advisory that describes an improper restriction of an XML entity reference vulnerability in the OMRON CX-Motion Pr.

PulseSecure Advisory #1 - PulseSecure published an advisory that discusses a use-after-free vulnerability.

PulseSecure Advisory #2 - PulseSecure published an advisory that discusses a double free vulnerability.

Vendor Updates

CODESYS Update - CODESYS published an update for their Control V3 communication server advisory that was originally published on November 22nd, 2022 and most recently updated on December 14^th, 2022.

HPE Update - HPE published an update for their IceWall advisory that was originally published on March 9^th, 2018 and most recently updated on May 26^th, 2021.

PcVue Update - PcVue published an update for their email and SMS accounts advisory that was originally published on November 25^th, 2022 and most recently updated on December 20^th, 2022.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-22-354-03) to reflect this information.

Researcher Reports

Siretta Report #1 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing 46 stack-based buffer overflow vulnerabilities.

Siretta Report #2 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a directory traversal vulnerability.

Siretta Report #3 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing four command injection vulnerabilities.

Siretta Report #4 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a heap-based buffer overflow vulnerability.

Siretta Report #5 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a file write vulnerability.

Siretta Report #6 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a leftover debug code vulnerability.

Siretta Report #7 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing an OS command injection vulnerability.

Siretta Report #8 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing an OS command injection vulnerability.

Siretta Report #9 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing an OS command injection vulnerability.

Siretta Report #10 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a stack-based buffer overflow vulnerability.

Siretta Report #11 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a directory traversal vulnerability.

Siretta Report #12 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing an OS command injection vulnerability.

Siretta Report #13 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a directory traversal vulnerability.

Siretta Report #14 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a stack-based buffer overflow vulnerability.

Zyxel Report - Positive Technologies published a report describing an improper check for unusual or exceptional conditions vulnerability in Zyxel switches.

Delta Report - Tenable published a report describing a privilege escalation vulnerability in the Delta Electronics InfraSuite Device Master.

 

For more details about these disclosures, including links to third-party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-e09 - subscription required.

Review – Public ICS Disclosures – Week of 1-14-23

This week we have twelve vendor disclosures from Campbell Scientific, Contec, HIMA, HP, Medtronic, and Wireshark (7). We also have two researcher disclosures for products from Mitsubishi and GE,

Vendor Disclosures

Campbell Advisory - INCIBE-CERT published an advisory that describes an exposure of sensitive information to unauthorized actor vulnerability in the Campbell dataloggers.

Contec Advisory - Contec published an advisory that describes SQL injection vulnerabilities in their CONPROSYS HMI System.

HIMA Advisory - CERT-VDE published an advisory that describes an unquoted Windows search path vulnerability in multiple HIMA X-OPC and X-OTS products.

HP Advisory - HP published an advisory that discusses eight vulnerabilities in multiple HP products.

Medtronic Advisory - Medtronic published an end-of-life notice for their superDimension™ navigation system.

Wireshark Advisory #1 - Wireshark published an advisory that describes a packet injection vulnerability in their EAP dissector.

Wireshark Advisory #2 - Wireshark published an advisory that describes a memory leak vulnerability in their NFS dissector.

Wireshark Advisory #3 - Wireshark published an advisory that describes a denial of service vulnerability in their Dissection engine.

Wireshark Advisory #4 - Wireshark published an advisory that describes a denial of service vulnerability in their GNW dissector.

Wireshark Advisory #5 - Wireshark published an advisory that describes a denial of service vulnerability in their iSCSI dissector.

Wireshark Advisory #6 - Wireshark published an advisory that describes an excessive loop vulnerability in multiple dissectors.

Wireshark Advisory #7 - Wireshark published an advisory that describes a denial of service vulnerability in their TIPC dissector.

Researcher Reports

Mitsubishi Report - CISCO Talos published a report that describes an authentication bypass vulnerability in the Mitsubishi MELSEC iQ-FX5U webserver.

GE Report - Claroty published a report that describes five vulnerabilities in the GE Proficy Historian. The report contains proof-of-concept code.

 

For more details about these disclosures, including links to third-party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-6c3 - subscription required.

Review – 3 Advisories and 1 Update Published – 1-17-23

Today, CISA’s NCCIC-ICS published three control system security advisories for products from Siemens, Mitsubishi Electric, and GE Digital. They also updated an advisory for products from Contec.

Advisories

Siemens Advisory - This advisory discusses twelve vulnerabilities in the Siemens SINEC Infrastructure Network Services (INS).

NOTE: I briefly discussed these vulnerabilities on Sunday.

Mitsubishi Advisory - This advisory describes a predictable seed in the PRNG of Mitsubishi MELSEC iQ-F and iQ-R Series products.

GE Advisory - This advisory describes five vulnerabilities in the GE Digital Proficy Historian.

Update

Contec Update - This update provides additional information on an advisory that was originally published on December 13^th, 2022.

NOTE: This update is based upon an update of the JP-CERT advisory that was published on January 10^th.

 

For more details about these advisories, including links to third-party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-1-update-published-f4a - subscription required.

Review – Public ICS Disclosures – Week of 12-10-22 – Part 1

On this Saturday after Cyber Tuesday, for Part 1 we have nineteen vendor disclosures from Aruba Networks, Contec, Eaton, Festo, FortiGuard Labs, GE Gas Power, Hitachi Energy (4), HP (7), IFM Electronic, and Phoenix Contact.

Vendor Disclosures

Aruba Advisory - Aruba published an advisory that describes thirteen vulnerabilities in their EdgeConnect Enterprise Orchestrator.

CONTEC Advisory - JPCERT published an advisory that describes four vulnerabilities in the CONTEC SolarView Compact. CONTEC has new versions that mitigate the vulnerabilities.

Eaton Advisory - Eaton published an advisory that describes two vulnerabilities in their Intelligent Power Protector (IPP) software.

Festo Advisory - CERT-VDE published an advisory that discusses a link following vulnerability in multiple Festo products.

FortiGuard Advisory - FortiGuard published an advisory that describes a heap-based buffer overflow vulnerability in their FortiOS SSL-VPN.

GE Gas Power - GE published an advisory that discusses two vulnerabilities in FortiOS.

Hitachi Energy Advisory #1 - Hitachi published an advisory that describes five vulnerabilities in their UNEM Product.

Hitachi Energy Advisory #2 - Hitachi published an advisory that describes five vulnerabilities in their FOXMAN-UN Product.

Hitachi Energy Advisory #3 - Hitachi published an advisory that discusses three vulnerabilities in their Lumada Asset Performance Management (APM) Product.

Hitachi Energy Advisory #4 - Hitachi published an advisory that describes an access control vulnerability in their Lumada APM Product. Hitachi

HP Advisory #1 - HP published an advisory that describes five vulnerabilities (one third-party) in their Security Manager product.

HP Advisory #2 - HP published an advisory that discusses five vulnerabilities in their AMD Client UEFI Firmware.

HP Advisory #3 - HP published an advisory that describes a Time-of-Check to Time-of-Use (TOCTOU) vulnerability in their PC BIOS.

HP Advisory #4 - HP published an advisory that discusses an improper restriction of operations within  the bounds of a memory buffer vulnerability in a wide variety of their PCs.

HP Advisory #5 - HP published an advisory that discusses the Text4Shell vulnerability in their Teradici Cloud Access Connector.

HP Advisory #6 - HP published an advisory that describes a privilege escalation vulnerability in their HyperX NGENUITY software.

HP Advisory #7 - HP published an advisory that describes a Time-of-Check to Time-of-Use (TOCTOU) vulnerability in their AMI UEFI Firmware.

IFM Advisory - CERT-VDE published an advisory that describes a weak password recovery vulnerability in the IFM moneo appliance.

Phoenix Contact Advisory - Phoenix Contact published an advisory that discusses two vulnerabilities in their PROFINET SDK product.

 

For more information on these disclosures, including links to third-party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-9ea - subscription required.

Review – 3 Advisories Published – 12-13-22

Today, CISA’s NCCIC-ICS published three control system security advisories for products from Contec, Schneider Electric, and ICONICS/Mitsubishi.

Contec Advisory - This advisory describes an OS command injection vulnerability in the CONPROSYS HMI System (CHS).

Schneider Advisory - This advisory describes four vulnerabilities in the Schneider APC Easy UPS Online.

ICONICS Advisory - This advisory describes a path traversal vulnerability in the ICONICS (Mitsubishi) ICONICS Product Suite.

 

For more details about these advisories, including a down-the-rabbit-hole look at how Contec looks at secure control systems, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-published-12-13-22 - subscription required.

Review – Public ICS Disclosure – Week of 8-27-22

This week we have twelve vendor disclosures from Aruba, Contec, GE Grid Solutions (2), HPE (3), Johnson Controls, Ovarro (2), Rockwell Automation, and Yokogawa. We also have three vendor updates from Mitsubishi, QNAP, and VMware.

Aruba Advisory - Aruba published an advisory that describes twelve vulnerabilities in their AOS-CX switches.

Contec Advisory - JP-CERT published an advisory that describes two vulnerabilities in the Contec FLEXLAN FX3000 wireless LAN.

GE Grid Advisory #1 - GE Grid published an advisory that describes a vulnerability in their Reason RT430/RT434 – GPS/GNSS Precision Clocks.

GE Grid Advisory #2 - GE Grid published an advisory that describes a vulnerability in their Reason RT431 - Time Code Generator.

HPE Advisory #1 - HPE published an advisory that discusses a privilege escalation vulnerability in their ProLiant Apollo, XL Servers.

HPE Advisory #2 - HPE published an advisory that discusses an information disclosure vulnerability in their HPE Apollo, XL Servers.

HPE Advisory #3 - HPE published an advisory that discusses an privilege escalation vulnerability in their Superdome Flex 280 Servers.

Johnson Controls Advisory - Johnson Controls published an advisory that describes a command injection vulnerability in their  iSTAR Ultra door controller.

Ovarro Advisory #1 - Ovarro published an advisory that discusses four vulnerabilities in their Kingfisher Toolbox Plus software.

Ovarro Advisory #2 - Ovarro published an advisory that discusses four vulnerabilities in their Seprol range of S2000 WITS RTUs.

Rockwell Advisory - Rockwell published an advisory that discusses two vulnerabilities in their KEPServer Enterprise.

Yokogawa Advisory - Yokogawa published an advisory that discusses an insufficient verification of data authenticity vulnerability in their STARDOM controller.

NOTE: This is an OT:ICEFALL vulnerability, the first that I recall seeing being reported as a third-party vulnerability.

Mitsubishi Update - Mitsubishi published an update for their GENESIS64TM and MC Works64 advisory that was originally published on July 19^th, 2022.

NOTE: NCCIC-ICS did not update their advisory (ICSA-22-202-04) for this information.

QNAP Update - QNAP published an update for their Samba advisory that was originally published on August 16^th, 2022.

VMware Update - VMware published an update for their VMware Tools advisory that was originally published on August 23^rd, 2022.

 

For more details about these disclosures, including links to third-party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-8-27 - subscription required.

Review – 2 Advisories Published – 9-1-22

Today, CISA’s NCCIC-ICS published a control system security advisory for products from Delta Electronics and a medical device security advisory for products from Contec Health. 

Delta Advisory - This advisory describes an out-of-bounds read vulnerability in the Delta DOPSoft software supporting the DOP-100 series HMI screens.

Contec Advisory - This advisory describes five vulnerabilities in the Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor.

For more information on these advisories and a brief discussion of potential problems with coordinating vulnerability disclosures with Chinese companies, see my article at CFSN detailed analysis - https://patrickcoyle.substack.com/p/2-advisories-published-9-1-22 - subscription required.

Review – Public ICS Disclosures – Week of 8-6-22 – Part 2

For Part 2 we have 36 vendor updates from BD (3), CONTEC, HP, Schneider (7), and Siemens (24).

BD Update #1 - BD published an update for their BD Alaris™ 8015 PC Unit advisory that was originally published on November 12^th, 2022, and most recently updated on March 15^th, 2021.

NOTE: NCCIC-ICS did not update their advisory (ICSMA-20-317-01) for this information.

BD Update #2 - BD published an update for their Interpeak IPNET TCP IP stack that was originally published on October 1^st, 2019.

BD Update #3 - BD published an update for their Alaris PC Unit PCU model 8015 advisory that was originally published on February 7^th, 2017 and most recently updated on March 16^th, 2021.

NOTE: NCCIC-ICS did not update their advisory (ICSMA-17-017-02) for this information.

CONTEC Update - JP-CERT published an update for the CONTEC Solar View Compact advisory that was originally published on July 27^th, 2022.

HP Update - HP published an update for their Security Manager and Web Jetadmin advisory that was originally published on January 31^st, 2022 and most recently updated on May 3^rd, 2022.

Schneider Update #1 - Schneider published an update for their Log4Shell Advisory.

Schneider Update #2 - Schneider published an update for their Embedded FTP Servers advisory that was originally published on March 22^nd, 2018 and most recently updated on April 12^th, 2022.

Schneider Update #3 - Schneider published an update for their Modicon Controllers advisory that was originally published on September 26^th, 2019 and most recently updated on April 15^th, 2021.

Schneider Update #4 - Schneider published an update for their EcoStruxure Control Expert advisory that was originally published on July 13^th, 2021 and most recently updated on July 12^th, 2022.

Schneider Update #5 - Schneider published an update for their Modicon PAC Controllers advisory that was originally published on August 10^th, 2021.

Schneider Update #6 - Schneider published an update for their BadAlloc advisory that was originally published on November 9^th, 2021 and most recently updated on June 15^th, 2022.

Schneider Update #7 - Schneider published an update for their OPC UA and X80 Advanced RTU advisory that was originally published on July 12^th, 2022.

Siemens Update #1 - Siemens published an update for their UMC Component advisory that was originally published on July 14^th, 2020 and most recently updated on July 13^th, 2021

NCCIC-ICS did not update their advisory (ICSA-20-196-05) for this information.

Siemens Update #2 - Siemens published an update for their OpenSSL advisory that was originally published on April 14^th, 2014 and most recently updated on June 14^th, 2022.

Siemens Update #3 - Siemens published an update for their RUGGEDCOM advisory that was originally published on March 10^th, 2022 and most recently updated on June 14^th, 2022.

NOTE: NCCIC-ICS did not update their advisory (ICSA-22-069-01) for this information.

Siemens Update #4 - Siemens published an update for their Libcurl advisory that was originally published on May 12^th, 2022, and most recently updated on June 14^th, 2022.

NOTE: NCCIC-ICS did update their advisory (ICSA-22-132-13) but did not list the update on their advisory page, so I did not cover it on Friday.

Siemens Update #5 - Siemens published an update for their SIMATIC WinCC advisory that was originally published on February 10^th, 2022 and most recently updated on May 10^th, 2022.

NOTE: NCCIC-ICS did update their advisory (ICSA-22-041-02) but did not list the update on their advisory page, so I did not cover it on Friday.

Siemens Update #6 - Siemens published an update for their OpenSSL advisory that was originally published on June 16^th, 2022 and most recently updated on July 12^th, 2022.

NOTE: NCCIC-ICS did not update their advisory (ICSA-22-167-14) for this information.

Siemens Update #7 - Siemens published an update for their Log4Shell advisory.

Siemens Update #8 - Siemens published an update for their SIMATIC advisory that was originally published on July 13^th, 2021 and most recently updated on July 14^th, 2022

NOTE: NCCIC-ICS did update their advisory (ICSA-21-194-06) but did not list the update on their advisory page, so I did not cover it on Friday.

Siemens Update #9 - Siemens published an update for their Industrial Products advisory that was originally published on March 20^th, 2018 and most recently updated on June 14^th, 2022.

Siemens Update #10 - Siemens published an update for their Wibu CodeMeter advisory that was originally published on November 9^th, 2021 an most recently updated on January 11^th, 2022.

Siemens Update #11 - Siemens published an update for their SIMATIC advisory that was originally published on July 12^th, 2022.

NCCIC-ICS did not update their advisory (ICSA-22-195-15) for this information.

Siemens Update #12 - Siemens published an update for their SIMATIC NET CP advisory that was originally published on March 8^th, 2022 and most recently updated on June 14^th, 2022.

Siemens Update #13 - Siemens published an update for their SIMATIC S7-300 advisory that was originally published on November 10^th, 2020 and most recently updated on August 10^th, 2021.

NCCIC-ICS did not update their advisory (ICSA-20-315-04) for this information.

Siemens Update #14 - Siemens published an update for their Industrial Products advisory that originally published on December 10th, 2019 and most recently updated on June 14^th, 2022.

Siemens Update #15 - Siemens published an update for their PROFINET advisory that was originally published on October 10^th, 2019 and most recently updated on February 8^th, 2022.

Siemens Update #16 - Siemens published an update for their PROFINET advisory that was originally published on April 14^th, 2022 and most recently updated on July 12^th, 2022.

NOTE: NCCIC-ICS did update their advisory (ICSA-22-104-06) but did not list the update on their advisory page, so I did not cover it on Friday.

Siemens Update #17 - Siemens published an update for their GNU/Linux advisory that was  originally published in 2018 and most recently updated on July 12^th, 2022.

Siemens Update #18 - Siemens published an update for their SIMATIC S7 CPU advisory that was originally published on February 11^th, 2020 and most recently updated on April 14^th, 2020.

Note: NCCIC-ICS did not update their advisory (ICSA-20-042-05) for this information.

Siemens Update #19 - Siemens published an update for their JT2Go and Teamcenter advisory that was originally published on July 12^th, 2022.

Siemens Update #20 - Siemens published an update for their Insyde Bios advisory that was originally published on February 22^nd, 2022 and most recently updated on July 12^th, 2022.

Siemens Update #21 - Siemens published an update for their OPC UA advisory that was originally published on May 12^th, 2022 and most recently updated on July 12^th, 2022.

Siemens Update #22 - Siemens published an update for their OpenSSL advisory that was originally reported on July 13^th, 2021 and most recently updated on July 12^th, 2022.

Siemens Update #23 - Siemens published an update for their SIMATIC S7-1200 advisory that was originally published on December 10^th, 2019, and most recently updated on March 12^th, 2020.

NOTE: NCCIC-ICS did update their advisory (ICSA-19-344-06) but did not list the update on their advisory page, so I did not cover it on Friday.

Siemens Update #24 - Siemens published an update for their SIMATIC S7-400 advisory that was originally published on November 13^th, 2018, and most recently updated on February 10^th, 2020

NOTE: NCCIC-ICS did not update their advisory (ICSA-18-317-02) for this information.

 

For more details about these updates, including summary of changes made, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-0ca - subscription required.