Review – Public ICS Disclosure – Week of 5-27-23

This week we have 31 vendor disclosures from BD, Bosch, B&R, Contec, Eaton, Fuji Electric, Hitachi Energy (2), HPE (3), Mitsubishi, Splunk (15), VMware, and Zyxel (3). There are also four vendor updates from HPE (2) and Moxa (2). We also have 40 researcher reports for vulnerabilities for products from Delta Electronics (22), Fatek Automation (11), Mitsubishi, and Unified Automation (6). Finally, we have an exploit for products from Seagate.

Advisories

BD Advisory - BD published an advisory that discusses a buffer underflow vulnerability in some of their Kiestra products.

Bosch Advisory - Bosch published an advisory that describes a chip damaging vulnerability in their CPP13 and CPP14 cameras.

B&R Advisory - B&R published an advisory that discusses an abuse of service location protocol vulnerability in their ARPOL product.

Contec Advisory - Contec published an advisory that describes seven vulnerabilities in their CONPROSYS HMI System.

Eaton Advisory - Eaton published an advisory that describes a group access authorization logic vulnerability in their SecureConnect portal.

Fuji Electric - JP CERT published an advisory that describes three vulnerabilities in the Fuji Electric FRENIC RHC Loader.

Hitachi Energy Advisory #1 - Hitachi published an advisory that describes an improper output neutralization for logs vulnerability in their UNEM product.

Hitachi Energy Advisory #2 - Hitachi published an advisory that that describes an improper output neutralization for logs vulnerability in their FOXMAN-UN product.

HPE Advisory #1 - HPE published an advisory that describes an arbitrary code execution vulnerability in their Smart Storage Administrator (SSA) Offline product.

HPE Advisory #2 - HPE published an advisory that discusses four vulnerabilities in their HP-UX BIND product.

HPE Advisory #3 - HPE published an advisory that describes a denial of service vulnerability in their HP-UX IPv6 Stack.

Mitsubishi Advisory - Mitsubishi published an advisory that describes four vulnerabilities in their MELSEC iQ-R Series/iQ-F Series EtherNet/IP modules and EtherNet/IP configuration tools.

Splunk Advisories 1-3 - Splunk published three advisories for product updates for third party vulnerabilities.

Splunk Advisories 4-15 - Splunk published 12 advisories for individual vulnerabilities in multiple products.

VMware Advisory - VMware published an advisory that describes an insecure redirect vulnerability in their Workspace ONE Access and Identity Manager products.

Zyxel Advisory #1 - Zyxel published an advisory that describes two classic buffer overflow vulnerabilities in their firewalls.

Zyxel Adviosry #2 - Zyxel published an advisory that describes an OS command injection vulnerability in some of their NAS versions.

Zyxel Advisory #3 - Zyxel published an advisory that discusses recent attacks on their ZyWALL devices.

Updates

HPE Update #1 - HPE published an update for their StoreEasy Servers advisory that was originally published on February 14^th, 2023 and most recently updated on March 23^rd, 2023.

HPE Update #2 - HPE published an update for their OneView advisory that was originally published on February 6^th, 2023.

Moxa Update #1 - Moxa published an update for their MXsecurity advisory that was originally published on March 8^th, 2023 and most recently updated on May 23^rd, 2023.

Moxa Update #2 - Moxa published an update for their Arm-based Computer advisory that was originally published on November 22^nd, 2022.

Researcher Reports

Delta Electronics Reports - ZDI published 22 reports about individual vulnerabilities in the Delta CNCSoft-B product.

Fatek Reports - ZDI published eleven reports about individual vulnerabilities in the Fatek FvDesigner.

Mitsubishi Report - Talos Intelligence published a report describing a memory corruption vulnerability in the Mitsubishi MELSEC iQ-F FX5U MELSOFT.

Unified Automation Report #1 - Claroty published a report that describes an object validation vulnerability in the Unified Automation UaGateway.

Unified Automation Reports #2-6 - ZDI published five reports describing vulnerabilities in the Unified Automation UaGateway.

Exploits

Seagate Exploit - Ege Balci published an metsploit module for an OS command injection vulnerability in the Seagate Central External NAS Storage device.

For more details about these disclosures, including links to researcher reports and exploits, as well as a brief description of new information in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-5-27 - subscription required.

Review - 1 Advisory Published – 8-25-22

Today, CISA’s NCCIC-ICS published a control system security advisory for products from FATEK. I also take a down-the-rabbit-hole look at similar vulnerabilities in the same FATEK product.

FATEK Advisory - This advisory describes an out-of-bounds write vulnerability in the FATEK FvDesigner software.

 

For more details about this advisory, and a down-the-rabbit-hole look at similar vulnerabilities in the same FATEK product – see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-published-8-25-22 - subscription required.

Review – 4 Advisories Published – 2-24-22

Today, CISA’s NCCIC-ICS published four control system security advisories for product from Baker Hughes, Schneider Electric, Mitsubishi Electric and FATEK Automation.

Baker Hughes Advisory - This advisory describes a use of password hash with insufficient computational effort vulnerability in the Baker Hughes Bently Nevada 3500 machinery protection system.

NOTE: This advisory was originally published to the HSIN ICS library on August 19^th, 2021. This allows CISA to share the information with critical infrastructure organizations prior to making the vulnerability public. To request access to the HSIN ICS library email HSIN.HelpDesk@hq.dhs.gov.

Schneider Advisory - This advisory describes three vulnerabilities on the Schneider Easergy P5 and P3 medium voltage protection relays.

NOTE: I briefly discussed the two Schneider advisories for these vulnerabilities on January 16^th, 2022.

Mitsubishi Advisor - This advisory describes nine vulnerabilities in the Mitsubishi EcoWebServerIII.

NOTE: I briefly discussed these vulnerabilities last Saturday.

FATEK Advisory - This advisory describes three vulnerabilities in the FATECK FvDesigner software tool.

 

For more information on these advisories, including links to third-party vendors, researchers and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-2-24-22 - subscription required.

Review - 2 Advisories and 1 Update Published – 11-16-21

Today, CISA’s NCCIC-ICS published two control system security advisories for products from Mitsubishi and FATEK. They also published an update for products from Mitsubishi.

Mitsubishi updated a second advisory today. If NCCIC-ICS does not cover that update on Thursday, I will address it this weekend.

Mitsubishi Advisory - This advisory describes an input validation vulnerability in the Mitsubishi GOT2000 series, GOT SIMPLE series, and GT SoftGOT2000 HMI.

FATEK Advisory - This advisory describes two vulnerabilities in the FATEK WinProladder PLC programming software.

Mitsubishi Update - This update provides additional information on an advisory that was originally published on February 18^th, 2021 and most recently updated on July 29^th, 2021.

For additional information on these advisories and updates, see my article on CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-and-1-update-published-cbf - subscription required.

Review - 7 Advisories Published – 10-7-21

Today CISA’s NCCIC-ICS published seven control system security advisories for products from FATEK Automation (2), InHand Networks, Mitsubishi Electric, Johnson Controls (2), Mobile Industrial Robots

FATEK Advisory #1 - This advisory describes a stack-based buffer overflow vulnerability in the FATEK Communication Server.

FATEK Advisory #2 - This advisory describes seven vulnerabilities in the FATEK WinProladder.

InHand Advisory - This advisory describes 13 vulnerabilities in the In Hand IR615 Router.

Mitsubishi Advisory - This advisory describes an uncontrolled resource consumption vulnerability in the Mitisubishi MELSEC iQ-R Series C Controller Module R12CCPU-V.

Johnson Controls Advisory #1 - This advisory describes an integer overflow or wraparound vulnerability in the Johnson Controls exacqVision Server 32-bit.

Johnson Controls Advisory #2 - This advisory describes an improper privilege management vulnerability in the Johnson Controls exacqVision Server Bundle.

Mobile Industrial Robots - This advisory describes ten vulnerabilities in the MiR MiR100, MiR200, MiR250, MiR500, MiR1000, MiR Fleet products.

NOTE: NCCIC-ICS reports that both FATEK and InHand have failed to cooperate with the vulnerability mitigation coordination activities of the agency.

For more details about the advisories, including lots of information (including exploit links) about the Mobile Industrial Robots advisory, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-published-10-7-21 - subscription required.

Review - 4 Advisories Published – 8-5-21

Advantech Advisory - This advisory describes three vulnerabilities in the Advantech WebAccess/SCADA software package.

mySCADA Advisory - This advisory describes four vulnerabilities in the mySCADA myPRO product.

FATEK Advisory - This advisory describes three vulnerabilities in the FATEK FvDesigner software tool.

HCC Advisory - This advisory describes 14 vulnerabilities in the HCC Embedded InterNiche TCP/IP stack product.

For more details about the above advisories, including links to the INFRA:HALT report, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-8-5-21 - subscription required.

2 Advisories Published – 6-24-21

Today CISA’s NCCIC-ICS published a control system security advisory for products from FATEK and a medical device security advisory for products from Philips

FATEK Advisory

This advisory describes three vulnerabilities in the FATEK WinProladder. The vulnerabilities were reported by Michael Heinzl. FATEK is working on mitigation measures.

The three reported vulnerabilities are:

• Out-of-bounds read - CVE-2021-32990,

• Out-of-bounds write -CVE-2021-32988, and

• Improper restriction of operations within the bounds of a memory buffer - CVE-2021-32992

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerabilities to allow for the execution of arbitrary code.

Philips Advisory

This advisory describes a clear-text transmission of sensitive information vulnerability in the Philips Interoperability Solution XDS document sharing system. The vulnerability is self-reported. Philips provides generic mitigation measures.

NCCIC-ICS reports that an uncharacterized attacker could remotely exploit the vulnerability to allow an attacker to read the LDAP system credentials by gaining access to the network channel used for communication. This risk applies to configurations using LDAP via TLS and where the domain controller returns LDAP referrals.

1 Advisory and 1 Update Published – 4-8-21

Today the CISA NCCIC-ICS published a control system security advisory for products from FATEK Automation and updated a medical device security advisory for products from Medtronic.

FATEK Advisory

This advisory describes an integer underflow vulnerability in the FATEK WinProladder PLC. The vulnerability was reported by Francis Provencher via the Zero Day Initiative. NCCIC-ICS reports that FATEK is working on mitigation measures.

NCCIC-ICS reports that an uncharacterized attacker with uncharacterized access could exploit the vulnerability to cause execution of arbitrary code.

NOTE: I briefly described this vulnerability on March 13^th, 2020.

Medtronic Update

This update provides additional information on an advisory that was originally published on March 21^st, 2019 and most recently updated on June 4^th, 2020. The new information includes announcing that updates are available for:

• Protecta™ Cardiac Resynchronization Therapy Defibrillator (CRT-D), and

• Implanted Cardiac Defibrillator (ICD), all models

Public ICS Disclosures – Week of 3-6-21

This week we have seven disclosures from Aruba Networks (2), Boston Scientific, PEPPERL+FUCHS, Siemens, and Schneider (2). We have vendor updates for products from Siemens (2) and Schneider (2). There is a researcher report for products from Fatek Automation. Finally, there was an exploit published for products from VMware.

Aruba Advisories

Aruba published an advisory discussing the SAD DNS vulnerability in their Instant Access Points products. Aruba has new versions that mitigate the vulnerability.

 

Aruba published an advisory describing nineteen vulnerabilities in their Instant Access Points products. Aruba has new versions that mitigate the vulnerabilities.

The 19 reported vulnerabilities are:

• Buffer overflow (3) - CVE-2019-5319, CVE-2021-25144, and CVE-2021-25149,

• Authenticated arbitrary remote command injection - CVE-2021-25150,

• Authenticated arbitrary file write - CVE-2021-25148,

• Unauthenticated command injection via DHCP options - CVE-2020-24636,

• Unauthenticated denial of service via PAPI protocol -CVE-2021-25143,

• Unauthenticated command injection via Web UI - CVE-2021-25162,

• Authenticated arbitrary file write via Web UI (2) - CVE-2021-25155, and CVE-2021-25159,

• Authenticated remote command execution (2) - CVE-2020-24635, and CVE-2021-25146,

• Authentication bypass - CVE-2019-5317 (Jenkins third-party),

• Authenticated reflected cross-site scripting - CVE-2021-25161,

• Unauthenticated arbitrary file read via race condition - CVE-2021-25158,

• Authenticated arbitrary directory create via Web UI - CVE-2021-25156,

• Authenticated arbitrary file read via Web UI - CVE-2021-25157,

• Authenticated arbitrary file write via Web UI to specific backup site - CVE-2021-25160, and

• Remote unauthorized disclosure of information - CVE-2021-25145,

Boston Scientific

Boston Scientific published an advisory discussing the Microsoft TCP/IP vulnerabilities. They report that they are looking into the impact on their products “that use the affected Microsoft Window 7 and higher operating systems”.

PEPPRERL+FUCHS Advisory

CERT-VDE published an advisory describing three vulnerabilities in the PEPPERL+FUCHS P+F RocketLinx products. The vulnerabilities were reported by T. Weber of SEC Consult Vulnerability Lab.  PEPPERL+FUCHS has new firmware versions that mitigate the vulnerabilities. There is no indication that Weber was provided an opportunity to verify the efficacy of the fix.

The three reported vulnerabilities are:

• Cross-site request forgery - CVE-2020-12502,

• Improper input validation - CVE-2020-12503, and

• Hidden functionality - CVE-2020-12504

Siemens Advisory

Siemens published an advisory describing an improper access control vulnerability in their Mendix Forgot Password Appstore module. Siemens has a new version that mitigates the vulnerability.

Schneider Advisories

Schneider published an advisory describing an improper restriction of operations within the bounds of a memory buffer vulnerability in their PowerLogic power meters. The vulnerability was reported by Tal Keren and Rei Henigman of Claroty. Schneider has new versions that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Schneider published an advisory describing an improper restriction of operations within the bounds of a memory buffer vulnerability in their PowerLogic power meters. The vulnerability was reported by Tal Keren and Rei Henigman of Claroty. Schneider has new versions that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

NOTE: The Claroty report explains the reason for the separate reports for these very similar vulnerabilities. They note that the different product sets are affected differently resulting in very different CVSS v3.0 Base Scores.

Siemens Updates

Siemens published an update for their GNU/Linux subsystem advisory that was originally published in 2018 and most recently updated on February 9^th, 2021. The new information includes adding the following CVEs:

• CVE-2020-8625,

• CVE-2021-3347,

• CVE-2021-20193,

• CVE-2021-23839,

• CVE2021-23840,

• CVE-2021-23841, and

• CVE-2021-27212

 

Siemens published an update for their CodeMeter advisory that was originally published in 2018 and most recently updated on February 9^th, 2021. The new information includes updating mitigation measures for:

• SINEC INS, and

• SINEMA Remote Connect

Schneider Updates

Schneider published an update for their Ripple20 advisory that was originally published on June 23, 2020 and most recently updated on January 12^th, 2021. The new information includes:

• Adding mitigation measures for EcoStruxure Building SmartX IP MP Controllers, and

• Updating affected version information for EcoStruxure Building SmartX IP RP Controllers

 

Schneider published an update for their PLC Simulator advisory that was originally reported on November 11^th, 2020. The new information includes announcing the development of a remediation plan for CVE2020-7559.

NOTE: NCCIC-ICS may not update ICSA-20-315-03 for this announcement.

Fatek Report

The Zero Day Initiative published a report of a 0-day improper validation of user supplied data vulnerability in the Fatek PLC WinProladder. According to the report, NCCIC-ICS was supposed to issue an advisory on this last Thursday. I would expect to see it published this coming week.

VMware Exploit

Mikhail Klyuchnikov published a Metasploit module for an improper privilege management vulnerability in the VMware vCenter Server. VMware reported the vulnerability on February 23^rd, 2021 with new versions to mitigate.

4 Advisories Published – 2-25-21

Today the CISA NCCIC-ICS published four control system security advisories for products from ProSoft Technology, Rockwell Automation, Fatek, and PerFact.

ProSoft Advisory

This advisory describes a permissions, privileges, and access controls vulnerability in the ProSoft industrial cellular gateways. The vulnerability was reported by Maxim Rupp. ProSoft has a new firmware version that mitigates the vulnerability. There is no indication that Maxim has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow an attacker to change the current user’s password and alter device configurations.

Note: Interesting Twitversation about this advisory today.

Rockwell Advisory

This advisory describes an insufficiently protected credentials vulnerability in the Rockwell  Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers.  The vulnerability was independently reported by Lab. of Information Systems Security Assurance, Kaspersky, and Claroty. Rockwell describes compensating controls to mitigate the vulnerability. There is no indication that the researchers were provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow a remote unauthenticated attacker to bypass the verification mechanism and connect with Logix controllers. Additionally, this vulnerability could enable an unauthorized third-party tool to alter the controller’s configuration and/or application code.

Fatek Advisory

This advisory describes five vulnerabilities in the Fatek FvDesigner software tool. The vulnerabilities were reported by Francis Provencher and rgod via the Zero Day Initiative. Fatek is working on mitigation measures.

The five reported vulnerabilities are:

• Use after free - CVE-2021-22662,

• Access of uninitialized pointer - CVE-2021-22670,

• Stack-based buffer overflow - CVE-2021-22666,

• Out-of-bounds write - CVE-2021-22683, and

• Out-of-bounds read - CVE-2021-22638

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerabilities to allow an attacker to read/modify information, execute arbitrary, and/or crash the application.

PerFact Advisory

This advisory describes an external control of system or configuration setting vulnerability in the PerFact OpenVPN-Client. The vulnerability was reported by Sharon Brizinov of Claroty. PerFact has a new version that mitigates the vulnerability. There is no indication that Sharon has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow for local privilege escalation or remote code execution through a malicious webpage.

4 Advisories Published – 9-10-20

Today the CISA NCCIC-ICS published three control system and one medical device security advisories for products from HMS Network, FATEK Automation, AVEVA, and Philips.

HMS Advisory

This advisory describes a permissive cross-domain policy with untrusted domains vulnerability in the HMS Ewon Flexy and Cosy products. The vulnerability was reported by Parth Srivastava of Protiviti India Member Private Limited. HMS has updated firmware that mitigates the vulnerability. There is no indication that Srivastava has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit this vulnerability to allow attackers to retrieve limited confidential information.

FATEK Advisory

This advisory describes a stack-based buffer overflow vulnerability in the FATEK PLC WinProladder. The vulnerability was reported by Natnael Samson via the Zero Day Initiative. FATEK has not responded to NCCIC-ICS about this vulnerability.

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerability to crash the device being accessed; a buffer overflow condition may cause a denial-of-service event and remote code execution.

AVEVA Advisory

This advisory describes an SQL injection vulnerability in the AVEVA Enterprise Data Management Web. The vulnerability was reported by Yuri Kramarz of Cisco Talos. AVEVA has an upgrade that mitigates the vulnerability. The AVEVA advisory notes that Kramzrz has verified the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to allow a remote attacker to execute arbitrary SQL commands on the affected device.

Philips Advisory

This advisory describes eight vulnerabilities in the Philips  Patient Information Center iX (PICiX); PerformanceBridge Focal Point; IntelliVue Patient Monitor products. The vulnerabilities were reported by Julian Suleder, Nils Emmerich, Birk Kauer of ERNW Research GmbH, Dr. Oliver Matula of ERNW Enno, and Rey Netzwerke GmbH via BSI. Philips plans on releasing updates over the next year.

The eight reported vulnerabilities are:

• Improper neutralization of formula elements in a CSV file - CVE-2020-16214,

• Cross-site scripting - CVE-2020-16218,

• Improper authentication - CVE-2020-16222,

• Improper check for certificate revocation - CVE-2020-16228,

• Improper handling of length parameter inconsistency - CVE-2020-16224,

• Improper validation of syntactic correctness of input - CVE-2020-16220,

• Improper input validation - CVE-2020-16216, and

• Exposure of resource to wrong sphere - CVE-2020-16212

NCCIC-ICS reports that a relatively low-skilled attacker with either physical access to surveillance stations and patient monitors or access to the medical device network could exploit the vulnerabilities to allow unauthorized access, interrupted monitoring, and collection of access information and/or patient data.

ICS-CERT Publishes Advisory and Alert

Today the DHS ICS-CERT published a new control system security advisory for products from Fatek. They also published a control system security alert for a class of micro-electromechanical systems (MEMS) accelerometer sensors from a number of vendors.

Fatek Advisory

This advisory describes a stack-based buffer overflow in Fatek PLCs. An anonymous researcher reported the vulnerability via the Zero Day Initiative (ZDI). Fatek has produced a new version that mitigates the vulnerability. There is no indication that the anonymous researcher has been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low skilled attacker could remotely exploit the vulnerability to crash the affected device or allow remote code execution.

The Fatek release note for the new version of the Fatek Ethernet Module Configuration Tool used in these devices explain that there were two separate changes responding to apparently separate vulnerabilities. It is not clear from the release note if both are necessary to mitigate the vulnerability listed in the ICS-CERT advisory or if there is another vulnerability that was not reported by ICS-CERT.

MEMS Accelerometer Alert

This alert describes a publicly disclosed vibration based design flaw in a number of MEMs accelerometers from a variety of manufacturers. ICS-CERT does not identify the vulnerability reporter, but it appears to be based upon a paper that will be presented at the  IEEE European Symposium on Security & Privacy, Paris, France, April 2017 by Timothy Trippel, Ofir Weisse, Wenyuan Xu, Peter Honeyman, and Kevin Fu.

According to ICS-CERT:

“According to public reporting, the design flaws may be exploitable by playing specific acoustic frequencies in close proximity to devices containing embedded capacitive MEMS accelerometer sensors. At a specific acoustic frequency it may be possible to induce a vibration within vulnerable accelerometers to alter the sensors’ output in a predictable way. The impact of exploitation would be dependent on the function and operation of host devices, but it is understood that during an attack it may be possible to render affected sensors inoperable. This could result in a denial of service for host devices. During a successful attack, the integrity of measured data by vulnerable sensors could also be compromised. In the worst case attack scenario, it may be possible for an attacker to control sensor output data in a predictable way to achieve some level of control over a host device that primarily operates on unvalidated sensor data.”

One device manufacturer, Robert Bosch GmbH, has already produced a vulnerability advisory for MEMs accelerometers that they produce. ICS-CERT is working with other vendors to identify a list of affected products that use the affected capacitive MEMS accelerometers and to determine each vendor’s mitigation plan.

Commentary

The ICS-CERT failure to identify the source of the public disclosure in this particularly alert is extremely short sighted. I understand their desire to encourage coordinated disclosures, but I have never thought that failing to give credit where it is due served that purpose well. In this case this is an academic paper for a vulnerability that looks like it will take a great deal of effort to effectively exploit; particularly in an ICS environment. Failing to provide the details of the vulnerability (through a link to the original paper) is a disservice to the ICS community.

To make matters worse, from a coordinated disclosure point of view, the vulnerability potentially affects nearly all (apparently) MEMS accelerometer manufacturers. There would be no effective way to really coordinate the disclosure with all of the potential vendors. Further, I expect that many solutions are going to depend upon actions of other vendors that actually employ the accelerometers in their equipment.

Oh, and by-the-way, the original paper was publicly disclosed today in a NY Times article.

ICS-CERT really does need to get out a revision to this alert that gives specific credit, and a link to the paper, to the discoverers of this vulnerability.

Oh, in another cute by-the-way, this vulnerability already has a cute name – WALNUT.