Review – Public ICS Disclosures – Week of 4-26-25 – Part 1

For Part 1 this week we have 11 vendor disclosures from ABB (3), Bosch, Broadcom, Dassault Systems (2), HPE, Philips, and Sick (2).

Advisories

ABB Advisory #1 - ABB published an advisory that describes three vulnerabilities in their ABB Network Card.

ABB Advisory #2 - ABB published an advisory that describes two vulnerabilities in their Automation Builder product.

ABB Advisory #3 - ABB published an advisory that discusses an access of uninitialized pointer vulnerability in their Ekip Com IEC61850 product.

Bosch Advisory - Bosch published an advisory that describes 15 vulnerabilities (with publicly available exploits) in their Rexroth AG ctrlX OS products.

Broadcom Advisory - Broadcom published an advisory that discusses two vulnerabilities in multiple Brocade products.

Dassault Systems Advisory #1 - Dassault Systems published an advisory that describes a use-after-free vulnerability in their SOLIDWORKS eDrawings.

Dassault Systems Advisory #2 - Dassault Systems published an advisory that describes an out-of-bounds write vulnerability in their SOLIDWORKS eDrawings application.

HPE Advisory - HPE published an advisory that discusses a heap-based buffer overflow vulnerability in their Superdome Flex, Superdome Flex 280, and Compute Scale-up Server 3200 products.

Philips Advisory - Philips published an advisory that discusses the SAP NetWeaver vulnerability.

Sick Advisory #1 - Sick published an advisory that describes two vulnerabilities in their Flexi Compact products.

Sick Advisory #2 - Sick published an advisory that describes 23 vulnerabilities in their picoScan and multiScan products.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-a52 - subscription required.

Review – Public ICS Disclosures – Week of 11-23-24

This week we have 41 vendor disclosures from Axis (5), B&R, Dell, Dassault Systems, ELECOM, Fuji Electric, GE Vernova (19), Hitachi Energy, HPE, Mitsubishi, Palo Alto Networks, PEPPERL+FUCHS, Splunk (2), SMA Solar Technology, VMware, and Zyxel. There are also five vendor updates from ELECOM (4) and FortiGuard. We also have 21 researcher reports of vulnerabilities in products from ABB (4) and Fuji (17).

Advisories

Axis Advisory #1 - Axis published an advisory that describes an improper validation of syntactic correctness of input vulnerability in their AxisOS product.

Axis Advisory #2 - Axis published an advisory that describes an improper validation of syntactic correctness of input vulnerability in their AxisOS product.

Axis Advisory #3 - Axis published an advisory that describes an incorrect default permissions vulnerability in their Camera Station products.

Axis Advisory #4 - Axis published an advisory that describes an insufficiently protected credentials vulnerability in the Camera Station products.

Axis Advisory #5 - Axis published an advisory that describes a client-side enforcement of server-side security vulnerability in their Camera Station products.

B&R Advisory - B&R published an advisory that describes an authentication bypass using an alternate path or channel vulnerability in multiple mapp products.

Dell Advisory - Dell published an advisory that describes four vulnerabilities in their Wyse Management Suite. The first vulnerability is a third-party (MongoDB) issue.

Dassault Systems Advisory - Dassault Systems published an advisory that discusses a deserialization of untrusted data vulnerability (with publicly available exploit) in their Iterop product.

ELECOM Advisory - JP-CERT published an advisory that describes four vulnerabilities in multiple ELECOM wireless LANs.

Fuji Advisory - JP-CERT published an advisory that describes three vulnerabilities in the Fuji V-SFT, TELLUS, and V-Server products.

GE Vernova Advisories - GE Vernova (formerly Grid Solutions) published 19 advisories.

Hitachi Energy Advisory - Hitachi Energy published an advisory that discusses four vulnerabilities in their NSD570 Teleprotection Equipment.

HPE Advisory - HPE published an advisory that describes an unauthorized data modification vulnerability in their IceWall Products.

Mitsubishi Advisory - Mitsubishi published an advisory that describes three vulnerabilities in their GENESIS64TM and MC Works64 products.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that describes an improper certificate validation vulnerability (with publicly available exploit) in their GlobalProtect App.

PEPPERL+FUCHS Advisory - CERT-VDE published an advisory that discusses the PKFAIL vulnerability in multiple products from PEPPERL+FUCHS.

Splunk Advisory #1 - Splunk published an advisory that discusses three vulnerabilities (one with publicly available exploit) in their Splunk Machine Learning Toolkit.

Splunk Advisory #2 - Splunk published an advisory that discusses an exposure of sensitive information to an unauthorized actor vulnerability in their Python for Scientific Computing product.

SMA Solar Advisory - CERT-VDE published an advisory that describes an SQL injection vulnerability in SMA Sunny Central products.

VMware Advisory - Broadcom published an advisory that describes five vulnerabilities in the VMware Aria Operations product.

Zyxel Advisory - Zyxel published an advisory that discusses recent attempts to exploit a previously fixed directory traversal vulnerability in their ZLD firewall.

Updates

ELECOM Update #1 - JP-CERT published an update for the ELECOM wireless LAN router advisory that was originally published on May 28^th, 2024, and most recently updated on August 27^th, 2024.

ELECOM Update #2 - JP-CERT published an update for the ELECOM wireless LAN router advisory that was originally published on March 26^th, 2024, and most recently updated on August 27^th, 2024.

ELECOM Update #3 - JP-CERT published an update for the ELECOM wireless LAN router advisory that was originally published on August, 27^th, 2024, and most recently updated on September 9^th, 2024.

ELECOM Update #4 - JP-CERT published an update for the ELECOM wireless LAN router advisory that was originally published on March 26^th, 2024, and most recently updated on August 27^th, 2024.

FortiGuard Update - FortiGuard published an update for their missing authentication in fgfmsd advisory that was originally published on October 23^rd, 2024, and most recently updated on November 15^th, 2024.

Researcher Reports

ABB Reports - Zero Science published four reports of vulnerabilities in the ABB Cylon Aspect building energy management product.

Fuji Reports - The Zero Day Initiative published 17 reports of vulnerabilities in the Fuji Monitouch V-SFT.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-95e - subscription required. 

Review – Public ICS Disclosures – Week of 11-16-24

This week we have 21 vendor disclosures from Dassault Systems, HPE, Palo Alto Networks (2), Philips (2), QNAP (8), Sick, WAGO, Westermo (2), Wireshark (2), and Zyxel. There are also seven vendor updates from FortiGuard, Mitsubishi, Moxa (4), and VMware. We also have three researcher reports for vulnerabilities in products from MC Technologies (2) and Mongoose Web Server Library. Finally, we have three exploits for products from Korenix, Palo Alto Networks, and Siemens.

Advisories

Dassault Systems Advisory - Dassault Systems published an advisory that describes two vulnerabilities in their eDrawings product.

HPE Advisory - HPE published an advisory that describes an improper handling of exceptional conditions vulnerability in their NonStop DISK UTIL.

Palo Alto Networks Advisory #1 - Palo Alto Networks published an advisory that describes an OS command injection vulnerability {listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog} in their PAN-OS products.

Palo Alto Networks Advisory #2 - Palo Alto Networks published an advisory that describes a missing authentication for critical function vulnerability {listed in CISA’s KEV catalog} in their PAN-OS products.

Philips Advisory #1 - Philips published an advisory that discusses an argument injection vulnerability reported by Laravel.

Philips Advisory #2 - Philips published an advisory that discusses an improper authentication vulnerability {listed in CISA’s KEV catalog} reported by Microsoft in their Windows Scheduler.

QNAP Advisory #1 - QNAP published an advisory that describes four vulnerabilities in their Notes Station 3.

QNAP Advisory #2 - QNAP published an advisory that discusses three vulnerabilities in their QTS and QTS Hero products.

QNAP Advisory #3 - QNAP published an advisory that describes four cross-site scripting vulnerabilities in their Photo Station products.

QNAP Advisory #4 - QNAP published an advisory that describes an exposure of sensitive information to unauthorized actor vulnerability in their AI Core product.

QNAP Advisory #5 - QNAP published an advisory that describes a link following vulnerability in their QuLog Center product.

QNAP Advisory #6 - QNAP published an advisory that describes 15 vulnerabilities in their QTS and QuTS hero products.

QNAP Advisory #7 - QNAP published an advisory that describes two OS command injection vulnerabilities in their QuRouter product.

QNAP Advisory #8 - QNAP published an advisory that describes an authorization bypass through user controlled key vulnerability in their Media Streaming Add-on.

Sick Advisory - Sick published an advisory that describes an execution with unnecessary privileges vulnerability in their  Incoming Goods Suite.

WAGO Advisory - CERT-VDE published an advisory that describes eight vulnerabilities in the firmware of multiple WAGO products.

Westermo Advisory #1 - Westermo published an advisory that discusses an out-of-bounds write vulnerability (with publicly available exploit) in their WeOS.

Westermo Advisory #2 - Westermo published an advisory that discusses the Blast-Radius vulnerabilities in their WeOS products

Wireshark Advisory #1 - Wireshark published an advisory that describes an ECMP dissector crash vulnerability.

Wireshark Advisory #2 - Wireshark published an advisory that describes an FiveCo RAP dissector infinite loop vulnerability.

Zyxel Advisory - Zyxel published an advisory that discusses recent attempts by threat actors to target Zyxel firewalls through previously disclosed vulnerabilities.

Updates

FortiGuard Update #1 - FortiGuard published an update for their CONTINUATION Frames advisory that was originally published on May 14^th, 2024.

FortiGuard Update #2 - FortiGuard published an update for their regreSSHion advisory that was originally published on July 9^th, 2024, and most recently updated on November 15^th, 2024.

Mitsubishi Update - Mitsubishi published an update for their Ethernet port advisory that was originally published on November 30^th, 2021, and most recently updated on November 9^th, 2023.

Moxa Update #1 - Moxa published an update for their Ethernet Switches advisory that was originally published on November 1^st, 2024.

Moxa Update #2 - Moxa published an update for their MDS-G4028-L3 Series advisory that was originally published on November 4^th, 2024.

Moxa Update #3 - Moxa published an update for their Cellular Routers advisory that was originally published on October 14^th, 2024, and most recently updated on October 25^th, 2024.

Moxa Update #4 - Moxa published an update for their SSLv2 Vulnerabilities advisory that was originally published on March 31^st, 2016.

VMware Update - VMware published an update for their vCenter Server advisory that was originally published on September 17^th, 2024, and most recently updated on October 21^st, 2024.

Researcher Reports

MC Technologies Reports - Cisco Talos published two reports covering four OS command injection vulnerabilities in the MC Technologies MC LR Router web interface.

Mongoose Web Server Report - Nozomi Networks published a report describing ten vulnerabilities in the Mongoose Web Server Library.

Exploits

Korenix Exploit - St. Pölten UAS published an exploit for a path traversal vulnerability in the Korenix JetPort 5601.

Palo Alto Networks Exploit - Sachinart published an exploit for a missing authentication for critical function vulnerability in the Palo Alto Networks PAN-OS product.

Siemens Energy Exploit - SEC Consult published an exploit for four vulnerabilities in the Siemens Energy Omnivise T3000.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-3cc - subscription required.