Review – Public ICS Disclosures – Week of 1-6-24 – Part 1

This week we have 12 vendor disclosures from Bosch (2), FortiGuard, GE Gas Power, HPE, Insyde, Palo Alto Networks, SEL, and Splunk (4). We also have three vendor updates from Broadcom, and HP (2). There are three researcher reports for products from X-Rite (2) and Bosch. Finally, we have exploits for products from Advantech and Signalwire.

As is typical for the Saturday after Cyber Tuesday, I will be looking at this week’s advisories and updates from Schneider and Siemens in Part 2.

Advisories

Bosch Advisory #1 - Bosch published an advisory that describes 25 vulnerabilities in their Nexo cordless nutrunner.

Bosch Advisory #2 - Bosch published an advisory that describes an excessive attack surface vulnerability in their BCC Thermostat Product.

FortiGuard Advisory - FortiGuard published an advisory that describes an improper privilege management vulnerability in their FortiOS and FortiProxy products.

GE Gas Power Notice - GE Gas Power published a notice in response to a NERC Section 800 data request to assess the extent of cross-border operation control of Bulk Power System Elements.

HPE Advisory - HPE published an advisory that discusses four vulnerabilities (one of which is listed in CISA’s Known Exploited Vulnerabilities catalog) in their OneView software.

Insyde Advisory - Insyde published an advisory that discusses three vulnerabilities in their UEFI Bios.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that discusses the Terrapin-Attack vulnerability.

SEL Advisory - SEL announced that the latest version (5.2.0.5) of their SEL-5037 SEL Grid Configurator fixes a cybersecurity vulnerability that could allow an authenticated attacker to execute arbitrary code when the computer starts.

Splunk Advisory #1 - Splunk published an advisory that describes an uncontrolled resource consumption vulnerability in their Splunk Enterprise Security product.

Splunk Advisory #2 - Splunk published an advisory that describes an improper input validation vulnerability in their Enterprise Security product.

Splunk Advisory #3 - Splunk published an advisory that discusses seven vulnerabilities in their Enterprise Security.

Splunk Advisory #4 - Splunk published an advisory that discusses six vulnerabilities in their User Behavior Analytics software.

Updates

Broadcom Update - Broadcom published an update for their Netfilter subsystem advisory that was originally published on November 7^th, 2023.

HP Update #1 - HP published an update for their Intel Optane SSD Firmware advisory that was originally published on November 20^th, 2023.

HP Update #2 - HP published an update for their Intel Rapid Storage Technology advisory that was originally published on November 20^th, 2023.

Researcher Reports

X-Rite Reports - Claroty published two reports describing individual vulnerabilities in the X-Rite MA-T6 Kohinoor spectrophotometer firmware.

Bosch Report - Nozomi Networks published a report discussing nine vulnerabilities in the Bosch Rexroth ctrlX HMI WR21 (rebrand of Advantech TPC-110W HMI).

Exploits

Advantech Exploit - Cody 16 published an exploit for an SQL injection vulnerability in the Advantech Web/SCADA.

Signalwire Exploit - Amirhossein Bahramizadeh published an exploit for a race condition vulnerability in the Signalwire FreeSWITCH.

 

For more details on these disclosures, including links to 3^rd Party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-9f7 - subscription required.

Review – Public ICS Disclosures – Week of 9-16-23

This week we have 18 vendor disclosures from Broadcom (3), Eaton (2), GE Gas Power, Hitachi, Hitachi Energy (2), Honeywell, HPE (4), Mitsubishi, Moxa, and SEL (2). There are five vendor updates from Cisco (2) and Hitachi Energy (3). Finally, we have 29 researcher reports for vulnerabilities in products from Honeywell (7), Inductive Automation, and Voltronic Power (21).

Advisories

Broadcom Advisory #1 - Broadcom published an advisory that discusses a path traversal vulnerability in their Brocade Fabric OS.

Broadcom Advisory #2 - Broadcom published an advisory that discusses a path traversal vulnerability in their Brocade Fabric OS.

Broadcom Advisory #3 - Broadcom published an advisory that discusses a missing authentication vulnerability in their Brocade Fabric OS.

Eaton Advisory #1 - Eaton Advisories - Eaton published an advisory that describes an access control vulnerability in their User Management System.

Eaton Advisory #2 - Eaton published an advisory that discusses a deserialization of untrusted data vulnerability in multiple Eaton products that is listed in the CISA Known Exploited Vulnerability Catalog.

GE Gas Power Advisory - GE Published an advisory that discusses an authentication bypass vulnerability in the  Triangle Microworks SCADA Data Gateway.

Hitachi Advisory - Hitachi published an advisory that discusses two vulnerabilities in the JP1/VERITAS product.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that describes an improper input validation vulnerability in their RTU500 series products.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that describes an improper certificate validation vulnerability in their RTU500 scripting interface.

Honeywell Support Notice - Honeywell published a support notice for their Vindicator line of access control systems. Honeywell notes that their systems using Windows 7 and Windows XP operating systems will receive only limited support.

HPE Advisory #1 - HPE published an advisory that discusses three vulnerabilities in their Unified OSS Console.

HPE Advisory #2 - HPE published an advisory that describes a cross-site scripting vulnerability in their Unified OSS Console.

HPE Advisory #3 - HPE published an advisory that discusses a code corruption vulnerability in their IceWall Gen11 certd module.

HPE Advisory #4 - HPE published an advisory that describes an authentication bypass vulnerability in their Integrated Lights-Out 5 and 6 products.

Mitsubishi Advisory - Mitsubishi published an advisory that discusses three vulnerabilities in multiple FA products.

Moxa Advisory - Moxa published an advisory that describes two vulnerabilities in their ioLogik E1200 Series Web Server.

SEL Advisory - SEL published two software revisions notices that included fixes for cybersecurity vulnerabilities.

Updates

Cisco Update #1 - Cisco published an update for their HTTP/2 Rapid Reset Attack advisory that was originally published on October 16^th, 2023 and most recently updated on December 5^th, 2023.

Cisco Update #2 - Cisco published an update for their Apache Struts Vulnerability advisory that was originally published on December 12^th, 2023 and most recently updated on December 15^th, 2023.

Hitachi Energy Update #1 - Hitachi Energy published an update for their AFS65x, AFS67x, AFR67x and AFF66x series products advisory that was originally published on September 26^th, 2023.

Hitachi Energy Update #2 - Hitachi Energy published an update for their AFF66x products advisory that was originally published on July 25^th, 2023.

Hitachi Energy Update #3 - Hitachi Energy published an update for their Apache ActiveMQ advisory that was originally published on November 14^th, 2023.

Researcher Reports

Honeywell Reports - ZDI published 7 advisories for individual vulnerabilities in the Honeywell Saia PG5 Controls Suite.

Inductive Automation Report - ZDI published a report that describes a deserialization of untrusted data vulnerability in the Inductive Automation Ignition product.

Voltronic Reports - The Zero Day Initiative published 21 advisories for individual vulnerabilities in the Voltronic Power ViewPower Pro.

 

For more details about these disclosures, including links to researcher reports and 3^rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-552 - subscription required.

Review – Public ICS Disclosures – Week of 11-4-23 – Part 1

This week we have 23 vendor disclosures from Broadcom (15), Fuji Electric, GE Gas Power, GE Grid Solutions (4), and Hitachi (2).

Advisories

Broadcom Advisory #1 - Broadcom published an advisory that discusses an unquoted search path or element vulnerability in their Fabric OS.

Broadcom Advisory #2 - Broadcom published an advisory that describes a missing HTTP headers vulnerability in their Brocade ASCG products.

Broadcom Advisory #3 - Broadcom published an advisory that discusses a use after free vulnerability in their Fabric OS products.

Broadcom Advisory #4 - Broadcom published an advisory that discusses a missing authentication for critical function vulnerability in their Brocade ASG.

Broadcom Advisory #5 - Broadcom published an advisory that discusses an arbitrary code execution vulnerability in their Brocade ASCG OVA.

Broadcom Advisory #6 - Broadcom published an advisory that discusses an out-of-bounds write vulnerability in their Brocade ASGC product.

Broadcom Advisory #7 - Broadcom published an advisory that discusses an infinite loop vulnerability in their Brocade ASCG OVA product.

Broadcom Advisory #8 - Broadcom published an advisory that describes in improper input validation vulnerability in their Brocade Active Support Connectivity Gateway (ASC-G).

Broadcom Advisory #9 - Broadcom published an advisory that discusses an infinite loop vulnerability in their Brocade ASCG OVA product.

Broadcom Advisory #10 - Broadcom published an advisory that discusses four vulnerabilities in their Brocade ASCG product.

Broadcom Advisory #11 - Broadcom published an advisory that discusses an improper verification of cryptographic signature in their Brocade ASCG product.

Broadcom Advisory #12 - Broadcom published an advisory that discusses an OS command injection vulnerability in their Fabric OS product.

Broadcom Advisory #13 - Broadcom published an advisory that discusses a NULL pointer dereference vulnerability in their Brocade SANnav product.

Broadcom Advisory #14 - Broadcom published an advisory that discusses an improper input validation vulnerability in their Brocade ASCG.

Broadcom Advisory #15 - Broadcom published an advisory that discusses an integer overflow or wraparound vulnerability in their Brocade ASCG OVA product.

Fuji Advisory - JP-CERT published an advisory that describes seven vulnerabilities in the Fuji Electric TELLUS and V-Server products.

GE Gas Power Advisory - GE Gas Power published an advisory that discusses the web UI feature in Cisco IOS XE vulnerabilities.

GE Grid Solutions Advisories - GE Grid Solutions published 4 advisories for vulnerabilities in their D20MX Substation Controller, D400 Advanced Substation Gateway, G100 Advanced Substation Gateway, and G500 Advanced Substation Gateway products.

Hitachi Advisory #1 - Hitachi published an advisory that discusses 74 vulnerabilities in their Disc Array products.

Hitachi Advisory #2 - Hitachi published an advisory that discusses three Unauthorized update vulnerabilities in multiple Hitachi products.

 

For more details about these disclosures, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-517 - subscription required.

Review – Public ICS Disclosures – Week of 10-14-23 – Part 1

This week we have 18 vendor disclosures from Advantech, Aruba Networks, Bosch, Broadcom (3), Cisco (2), Eaton (2), Festo, GE Gas Power, Helmholz, HP (2), HPE, JTEKT, and mb Connect.

Advisories

Advantech Advisory - Advantech published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their R-SeeNet v2 products

Aruba Advisory - Aruba published an advisory that describes an information disclosure vulnerability in their AirWave Management Platform’s web-based management interface.

Bosch Advisory - Bosch published an advisory that describes ‘several vulnerabilities’ in their ctrlX WR21 HMI.

Broadcom Advisory #1 - Broadcom published an advisory that discusses the SOCKS5 heap buffer overflow vulnerability.

Broadcom Advisory #2 - Broadcom published an advisory that discusses an insufficient control flow management vulnerability in their Brocade Extension Switches.

Broadcom Advisory #3 - Broadcom published an advisory that discusses the HTTP2 Rapid Reset vulnerability.

Cisco Advisory #1 - Cisco published an advisory that discusses the SOCKS5 heap buffer overflow vulnerability.

Cisco Advisory #2 - Cisco published an advisory that discusses the HTTP2 Rapid Reset vulnerability.

Eaton Advisory #1 - Eaton published an advisory that describes a weak encoding of passwords vulnerability in their easyE4 product.

Eaton Advisory #2 - Eaton published an advisory that describes a plaintext storage of password vulnerability in their easySoft software.

Festo Advisory - CERT-VDE published an advisory that discusses a path traversal vulnerability in their TP 260 and MES PC products.

GE Gas Power Advisory - GE Gas Power published an advisory that discusses eight vulnerabilities in their NetworkST4, Remote Operations Offering, and M&D Lockbox products.

Helmholz Advisory - CERT-VDE published an advisory that discusses an improper privilege management vulnerability in the Helmholz REX24 products.

HP Advisory #1 - HP published an advisory that describes a privilege escalation vulnerability in multiple products.

HP Advisory #2 - HP published an advisory that discusses 83 vulnerabilities in their HP Device Manager product.

HPE Advisory - HPE published an advisory that describes a denial of service vulnerability in their Integrated Lights-Out product.

JTEKT Advisory - JTEKT published an advisory that describes two vulnerabilities in their OnSinView2 product.

MB Connect Advisory - MB Connect published an advisory that describes an improper privilege management vulnerability in their mymbCONNECT24 and mbCONNECT24 software.

 

For more details about these disclosures, including links to researcher reports and 3^rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-f0f - subscription required.

Review – Public ICS Disclosures – Week of 9-16-23

This week we have 15 vendor disclosures from Fauscher, GE Gas Power, HPE (4), Ingeteam, Mitsubishi, Phoenix Contact, QNAP (3), Schweitzer Engineering Labs (2), and Zyxel. There are five vendor updates for products from Broadcom (2) and Palo Alto Networks (3). There are also two researcher reports for products from Atos and Royal Aps. Finally, we have an exploit for products from Ivanti.

Advisories

Frauscher Advisory – CERT-VDE published an advisory that describes three vulnerabilities in their FDS101 for FAdC/FAdCi product.

GE Advisory - GE published an advisory that discusses seven vulnerabilities in the Nozomi Guardian/CMC.

HPE Advisory #1 - HPE published an advisory that discusses two vulnerabilities in their NonStop Products.

HPE Advisory #2 - HPE published an advisory that describes four incomplete cleanup vulnerabilities in their NonStop Products.

HPE Advisory #3 - HPE published an advisory that discusses two improper initialization vulnerabilities in their ProLiant AMD XL Servers.

HPE Advisory #4 - HPE published an advisory that discusses two improper initialization vulnerabilities in their ProLiant AMD DL Servers.

Ingeteam Advisory - Incibe-CERT published an advisory that describes three input validation vulnerabilities in the Ingeteam INGEPAC DA3451 and INGEPAC FC5066.

Mitsubishi Advisory - Mitsubishi published an advisory that describes an incorrect default permissions vulnerability in their FA Engineering Software products.

QNAP Advisory #1 - QNAP published an advisory that describes a classic buffer overflow vulnerability in their Multimedia Console products.

QNAP Advisory #2 - QNAP published an advisory that describes a classic buffer overflow vulnerability in their legacy versions of QTS products.

QNAP Advisory #3 - QNAP published an advisory that discusses three vulnerabilities in their QTS, QuTS hero, and QuTScloud.

SEL Advisory #1 - SEL published an advisory that reports vulnerabilities in their Protocol Services.

SEL Advisory #2 - SEL published an advisory that reports vulnerabilities in their Blueframe OS.

Zyxel Advisory - Zyxel published an advisory that discusses the report of a 2017 vulnerability in their EMG2926-Q10A product being listed on  CISA Known Exploited Vulnerabilities (KEV) catalog.

Updates

Broadcom Update #1 - Broadcom published an update for their Apache HTTP Server advisory that was originally published on August 1^st, 2023.

Broadcom Update #2 - Broadcom published an update for their HTTP Server advisory that was originally published on August 1^st, 2023.

Palo Alto Networks Update #1 - Palo Alto Networks published an update for their TunnelCrack vulnerabilities advisory that was originally published on August 16^th, 2023 and most recently updated on August 21^st.

Palo Alto Networks Update #2 - Palo Alto Networks published an update for their Cortex XDR Agent advisory that was published on September 9^th.

Palo Alto Networks Update #3 - Palo Alto Networks published an update for their BGP Software advisory that was published on September 13^th, 2023.

Reports

Atos Report - SEC Consult published a report describing two vulnerabilities in the Atos Unify OpenScape. The report includes proof-of-concept code.

Royal Aps Report - Zero Science published a report that describes a heap memory corruption vulnerability in the Royal Apps RoyalTSX remote access tool.

Exploit

Ivanti Exploit - Ege Balci published a Metasploit module for an out-of-bounds write vulnerability in the Ivanti Avalanche MDM.

 

For more details about these disclosures, including links to 3^rd party advisories and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-53a - subscription required.

Review – Public ICS Disclosures – Week of 8-12-23

This week we have 17 vendor disclosures from Aruba Networks, Broadcom, CODESYS, FortiGuard, GE Gas Power, Helmholz, HPE (2), Inductive Automation, Moxa (2), Palo Alto Networks, Red Lion, Rockwell, Ruckus Wireless, Wibu, and Zyxel.

Advisories

Aruba Advisory - Aruba published an advisory that describes two vulnerabilities in their Virtual Intranet Access (VIA) Windows Client.

Broadcom Advisory - Broadcom published an advisory that discusses a type confusion vulnerability in their Brocade Fabric OS product.

CODESYS Advisory - CODESYS published an advisory that discusses a heap-based buffer overflow vulnerability in multiple products.

FortiGuard Advisory - FortiGuard published an advisory that describes a stack-based buffer overflow vulnerability in their FortiOS product.

GE Gas Power - GE published an advisory that discusses a heap-based buffer overflow vulnerability in their CIMPLICITY product.

Helmholz Advisory - CERT-VDE published an advisory that discusses a cross-site scripting vulnerability in their REX 200 and REX 250 products.

HPE Advisory #1 - HPE published an advisory that discusses 13 vulnerabilities in their HP-UX Web Server Suite Software.

HPE Advisory #2 - HPE published an advisory that discusses two vulnerabilities in their SimpliVity Servers.

Inductive Automation Advisory - Inductive Automation published an advisory that describes six vulnerabilities in their Ignition product.

Moxa Advisory #1 - Moxa published an advisory that describes a use of hard-coded credentials vulnerability in their NPort IAW5000A-I/O Series.

Moxa Advisory #2 - Moxa published an advisory that describes eight vulnerabilities in their TN-5900 and TN-4900 Series Web Server.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that discusses the TunnelCrack vulnerabilities.

Red Lion Europe Advisory - CERT-VDE published an advisory that descries a cross-site scripting vulnerability in the Red Lion mbNET and mbNET/.rokey.

Rockwell Advisory - Rockwell published an advisory that describes three improper input validation vulnerabilities in their ThinManager ThinServer product.

Ruckus Advisory - Ruckus published an advisory that describes three cross-site scripting vulnerabilities in their ICX product line.

Wibu Advisory - Wibu published an advisory that describes a heap-based buffer overflow vulnerability in their CodeMeter Runtime product.

Zyxel Advisory #1 - Zyxel published an advisory that describes an improper handling of exceptions vulnerability in their XGS2220, XMG1930, and XS1930 series switches.

Zyxel Advisory #2 - Zyxel published an advisory that describes an OS command injection vulnerability in their NBG6604 home router.

 

For more information about the disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article on CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-810 - subscription required.

Review – Public ICS Disclosures – Week of 7-29-23 – Part 1 -

This week in Part 1 we have 80 vendor advisories from Aruba Networks, BD, Broadcom (45), CODESYS (5), Fujitsu, GE Gas Power, HP, HPE, Omron (3), Schweitzer Engineering Laboratory, Setelsa Security, Splunk, Tanzu (16), WAGO (2), and VMware.

For Part 2 I will look at vendor updates and researcher reports.

Advisories

Aruba Advisory - Aruba published an advisory that describes a command injection vulnerability in their CX Switches.

BD Advisory - BD published an advisory that discusses an incorrect authorization vulnerability in multiple products.

Broadcom Advisories - Broadcom published 45 advisories for third-party vulnerabilities in a variety of their products.

CODESYS Advisory #1 - CODESYS published an advisory that describes an improper restriction of excessive authentication attempts vulnerability in their Development System product.

CODESYS Advisory #2 - CODESYS published an advisory that describes an insufficient verification of data authenticity vulnerability in their Development System product.

CODESYS Advisory #3 - CODESYS published an advisory that describes an uncontrolled search path vulnerability in their Development System product.

CODESYS Advisory #4 - CODESYS published an advisory that describes 15 vulnerabilities in their Control V3 runtime systems products.

CODESYS Advisory #5 - CODESYS published an advisory that describes two vulnerabilities in their Control V3 runtime system products.

Fujitsu Advisory - Fujitsu published an advisory that describes an improper credential storage vulnerability in their Software Infrastructure Manager product.

GE Advisory - GE published an advisory that discusses a FortiOS stack-based buffer overflow vulnerability.

HP Advisory - HP published an advisory that describes an elevation of privilege vulnerability in some HP and Samsung Printer software packages.

HPE Advisory - HPE published an advisory that discusses 48 vulnerabilities in their Fibre Channel and SAN Switches.

Omron Advisory #1 - Omron published an advisory that describes three vulnerabilities in their CX-Programmer product.

Omron Advisory #2 - Omron published an advisory that describes an improper validation of specified type of input vulnerability in their CJ Series CJ2 CPU units.

Omron Advisory #3 - Omron published an advisory that discusses the INFRA:HALT vulnerabilities in their Multi-function Compact Inverter 3G3MX2.

SEL Advisory - SEL published an advisory that announces that a new version of their Synchrowave Linux Platform is available to fix an undescribed vulnerability by closing Port 10250 on k3s.

Setelsa Advisory - Incibe-CERT published an advisory that describes an SQL injection vulnerability in the Setelsa ConacWin access control platform.

Splunk Advisory - Splunk published an advisory that describes a log injection vulnerability in their SOAR product.

Tanzu Advisories - Tanzu published 16 advisories, each with multiple vulnerabilities in various products.

WAGO Advisory #1 - VDE-CERT published an advisory that discusses an authentication bypass by capture replay vulnerability in the WAGO 758-918 ETHERNET Gateways.

WAGO Advisory #2 - VDE-CERT published an advisory that discusses 15 vulnerabilities in multiple WAGO products.

VMware Advisory - VMware published an advisory that describes two vulnerabilities in their Horizon Server.

 

For more details on these disclosures, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-4fa - subscription required.

Review – Public ICS Disclosures – Week of 6-17-23

This week we have twelve vendor disclosures from FortiGuard (2), GE Gas Power, HP, HPE, Sick, Schweitzer Engineering Labs (2), Sierra Wireless, VMware, Western Digital, and Zyxel. There is also an update from GE Gas Power. We also have three researcher reports for products from Dell and an update of the OT:ICEFALL report. Finally, we have an exploit for the HiSECOS from Belden.

Advisories

FortiGuard Advisory #1 - FortiGuard published an advisory that describes a deserialization of untrusted data vulnerability in their FortiNAC.

FortiGuard Advisory #2 - FortiGuard published an advisory that describes a command injection vulnerability in their FortiNAC product

GE Gas Power Advisory - GE published an advisory that discusses five vulnerabilities in their Proficy Historian product.

HP Advisory - HP published an advisory that discusses a Time-of-Check to Time-of-Use (TOCTOU) vulnerability in their PC products using AMI UEFI Firmware.

HPE Advisory - HPE published an advisory that discusses a remote code execution vulnerability in their IceWall product modules.

Sick Advisory - Sick published an advisory that describes vulnerabilities in their SICK EventCam App.

SEL Advisory #1 - SEL announced that a new version of their SEL-5037 SEL Grid Configurator is available that mitigates undescribed cybersecurity vulnerabilities.

SEL Advisory #2 - SEL announced that a new version of their SEL-5030 acSELerator QuickSet Software is available that mitigates undescribed cybersecurity vulnerabilities.

Sierra Wireless Advisory - Sierra Wireless published an advisory that provides additional guidance on a previously disclosed improper authentication vulnerability for their routers using the AirLink Management Service (ALMS).

VMware Advisory - VMware published an advisory that describes five vulnerabilities in their vCenter Server and Cloud Foundation products.

Western Digital Advisory - Western Digital published an advisory that describes two command injection vulnerabilities in their My Cloud OS 5 Firmware.

Zyxel Advisory - Zyxel published an advisory that describes a command injection vulnerability in the NAS products. This vulnerability is listed in the CISA Known Exploited Vulnerabilities Catalog.

Updates

GE Gas Power Update - GE published an update for their Proficy Historian that was originally published on February 3^rd, 2023.

Researcher Reports

Dell Reports - Binarly published three reports describing individual vulnerabilities in the Dell Edge Gateway BIOS.

OT:ICEFALL Report - Forescout published an update of their OT:ICEFALL report.

Exploits

Belden Exploit - Dreizehnutters published an exploit for a privilege escalation vulnerability in Belden’s HiSecOS Web Server.

 

For more details on these disclosures, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-7c8 - subscription required.

Review – Public ICS Disclosures – Week of 6-3-23

This week we have 10 vendor disclosures from Broadcom, Fuji Electric, GE Gas Power, Johnson Controls, Moxa, Philips, VMware, WolfSSL, and Zyxel (2). We also have a vendor update from HPE. There are 17 researcher reports for products from Suprema (4), Control ID (5), and Connected IO (8). Finally, we have 2 exploits for products from Zyxel and Delta Electronics.

Advisories

Broadcom Advisory - Broadcom published an advisory that discusses an SQL injection vulnerability in multiple products.

Fuji Advisory - JP-CERT published an advisory that describes the eight vulnerabilities in multiple Fuji server products.

GE Advisory - GE published an advisory that discusses four vulnerabilities in their Control Server Virtual HMIs and ThickClient HMIs.

Moxa Advisory - Moxa published an advisory that describes a weak cryptographic algorithm vulnerability in the CN2600 Series terminal servers

Philips Advisory - Philips published an advisory that discusses the MoveIT SQL injection vulnerability.

VMware Advisory - VMware published an advisory that describes three vulnerabilities in their VMware Aria Operations for Networks product.

WolfSSL Advisory - WolfSSL published a change log for a new version of their SSL product that reports two vulnerabilities in the previous version that are being fixed in the new release.

Zyxel Advisory #1 - Zyxel published an advisory that describes a buffer overflow vulnerability in their 4G LTE and 5G NR outdoor routers.

Zyxel Advisory #2 - Zyxel published an advisory that describes a privilege escalation vulnerability in their GS1900 series switches.

Updates

HPE Update - HPE published an update for their Aruba OpenSSL advisory that was originally published on February 15^th, 2023 and most recently updated on May 22^nd, 2023.

Researcher Reports

Suprmema Reports - Claroty published four reports about individual vulnerabilities in the Suprema BioStar security platform.

Control ID Reports - Claroty published five reports about individual vulnerabilities in the Control ID iDSecure product.

Connected IO Reports #1-4 - Claroty published four reports about individual vulnerabilities in the Control IO ER2000 edge router.

Connected IO Reports #5-8 - Claroty published four reports about individual vulnerabilities in the Control IO IDSecure product.

Exploits

Zyxel Exploit - Sf published a Metasploit module for a command injection vulnerability in the Zyxel firewalls.

Delta Exploit - Shelby Pace published a Metasploit module for a deserialization of untrusted data vulnerability in the Delta InfraSuite Device Master.

 

For more details about these disclosures, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-f21 - subscription required.

Review – Public ICS Disclosures – Week of 4-22-23

This week we have eighteen vendor disclosures from BD, Belden (2), Bosch (2), GE Gas Power (2), Genetec, Hitachi Energy (4), HPE, Mitsubishi, Moxa, Omron, Schneider, and VMware. There are two vendor updates from HPE, and Mitsubishi. Finally, we have an FDA report on the Illumina vulnerabilities.

Advisories

BD Advisory - BD published an advisory that describes a credential sharing incident that could affect their BD Kiestra product.

Belden Advisory #1 - Belden published an advisory that discusses an integer overflow or wraparound vulnerability in their HiSecOS and Cellular Router products.

Belden Advisory #2 - Belden published an advisory that discusses two vulnerabilities in their Hirschmann product line.

Bosch Advisory #1 - Bosch published an advisory that describes an incorrect authorization vulnerability in their B420 Ethernet communication module.

Bosch Advisory #2 - Bosch published an advisory that discusses a use of obsolete function vulnerability in their SLC-0-GPNT00300 interface module.

GE Gas Power Advisory #1 - GE published an advisory that discusses a path traversal vulnerability in multiple products.

GE Gas Power Advisory #2 - GE published an advisory that discusses a buffer underflow vulnerability in multiple products.

Genetec Advisory - Genetec published an advisory that discusses three vulnerabilities in the Security Center product.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that discusses eight vulnerabilities in their Modular Switchgear Monitoring product.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that discusses four vulnerabilities in their RTU500 series product.

Hitachi Energy Advisory #3 - Hitachi Energy published an advisory that discusses two vulnerabilities in their RTU500 series product.

Hitachi Energy Advisory #4 - Hitachi Energy published an advisory that discusses two vulnerabilities in their AFS65x, AFS67x, AFR67x and AFF66x series Products.

HPE Advisory - HPE published an advisory that describes an arbitrary code execution vulnerability in their ProLiant RL300 Gen11 Server.

Mitsubishi Advisory - Mitsubishi published an advisory that discusses nine vulnerabilities in their FA product line.

Moxa Advisory - Moxa published an advisory that discusses two Trusted Computing Group TPM2.0 implementation vulnerabilities.

Omron Advisory - Omron published an advisory that describes a heap-based buffer overflow vulnerability in their CX-drive support tool.

Schneider Advisory - Schneider published an advisory that discusses a recently published exploit for vulnerabilities in their KNX building automation systems.

VMware Advisory - VMware published an advisory that describes four vulnerabilities in their Workstation and Fusion products.

Updates

HPE Update - HPE published an update for their IceWall advisory that was originally published on March 9^th, 2018 and most recently updated on January 27^th, 2023.

Mitsubishi Update - Mitsubishi published an update for their Ethernet port of MELSEC and MELIPC Series advisory that was originally published on November 30^th, 2021 and most recently updated on November 24^th, 2022.

Reports

Illumina Report - The Federal Drug Administration (FDA) published a letter to healthcare providers on the Illumina vulnerabilities reported this week by CISA.

 

For more details on these disclosures, including links to 3^rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-b33 - subscription required.

Review – Public ICS Disclosure – Week of 4-1-23

This week we have six vendor disclosures from ABB, Belden, GE Gas Power, Palo Alto Networks, Ruckus Wireless, and Yokogawa. We also have four vendor updates for products from Aruba Networks and CODESYS (3).

Advisories

ABB Advisory - ABB published an advisory that describes an insecure storage of sensitive information in their My Control System (on-premise).

Belden Advisory - Belden published an advisory that describes a privilege escalation vulnerability in their Hirschmann Industrial HiVision product.

GE Advisory – GE Gas Power published an advisory that discusses a path traversal vulnerability in multiple products. This is a third-party (Fortinet) vulnerability.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that discusses the DLL side loading vulnerability utilized by the Rorschach ransomware.

Ruckus Advisory - Ruckus published an advisory that discusses the  Framing Frames vulnerability.

Yokogawa Advisory - Yokogawa published an advisory that describes an elevation of privilege vulnerability in their CENTUM Authentication Mode.

Updates

Aruba Update - Aruba published an update for their Framing Frames advisory that was originally published on March 30^th, 2023.

CODESYS Update #1 - CODESYS published an update for their runtime system V3 communication server advisory that provides additional information that was originally published on February 23^rd, 2023 and most recently updated on March 8^th, 2023.

CODESYS Update #2 - CODESYS published an update that provides additional information for their Control V3 advisory that was originally published on February 23^rd, 2023 and most recently updated on March 8^th, 2023.

CODESYS Update #3 - CODESYS published an update that provides additional information for their Control V3 file access advisory that was originally published on February 23^rd, 2023 and most recently updated on March 8^th, 2023.

Reports

AMD Reports - Binarily published three reports about vulnerabilities in the SMM Driver On AMD-Based Gigabyte Devices.

 

For more details on these disclosures, including links to 3rd party advisories and a brief description of changes made in the updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-4-1 - subscription required.

Review – Public ICS Disclosures – Week of 2-11-23 – Part 1

While the Saturday after the 2^nd Tuesday is typically a heavy day for reporting control system security advisories, this particular Saturday is the worst that I have seen. To be able to get through all of the reporting I am going to have to resort to bulk listing of advisories for some vendors instead of my normal digest. I hope this will still be helpful.

This week we have 125 vendor disclosures from B&R (2), FortiGuard (40), Fujitsu, GE Gas Power, Hitachi Energy (12), HP (2), HPE (50), Insyde (12), Moxa, Phoenix Contact, Splunk (2), and WAGO.

In Part 2 I will look at this week’s Schneider and Siemens advisories that were published on Tuesday as well as two exploits that were published this week.

Vendor Advisories

B&R Advisory #1 - B&R published an advisory that describes a cross-site scripting vulnerability in their Automation Runtime product.

B&R Advisory #2 - B&R published an advisory that discusses 22 vulnerabilities in their APC, PPC, and MPC product lines.

FortiGuard Advisories - FortiGuard published 40 advisories for multiple vulnerabilities in multiple products.

Fujitsu Advisory - Fujitsu published an advisory that discusses 12 vulnerabilities in multiple Fujitsu products.

GE Advisory - GE Gas Power published an advisory that discusses an out-of-bounds write vulnerability in their NetworkST4 and M&D Lockbox products.

Hitachi Advisory #1 - Hitachi Energy published an advisory that discusses two vulnerabilities in their Gateway Station (GWS) Product.

Hitachi Advisory #2 - Hitachi published an advisory that discusses four improper input validation vulnerabilities in their Gateway Station (GWS) product.

Hitachi Advisories #3-12 - Hitachi Energy published ten advisories that describe an IEC 61850 MMS-Server vulnerability in multiple Hitachi product lines.

HP Advisory #1 - HP published an advisory that discusses an out-of-bounds read vulnerability in multiple product lines.

HP Advisory #2 - HP published an advisory that discusses five vulnerabilities in multiple product lines.

HPE Advisories - HPE published 50 advisories for multiple vulnerabilities in multiple product lines. Most of the reported vulnerabilities are third-party vulnerabilities.

Insyde Advisories - Insyde published 12 advisories for separate vulnerabilities in various libraries and services provided by Insyde.

Moxa Advisory - Moxa published an advisory that discusses a DNS cache poisoning vulnerability in the uClibc-ng libraries.

Phoenix Contact Advisory - Phoenix Contact published an advisory that discusses 64 vulnerabilities in their PLCnext Firmware.

Splunk Advisory #1 - Splunk published an advisory that discusses the Text4Shell vulnerability.

Splunk Advisory #2 - Splunk published an advisory that discusses nine vulnerabilities in the their Enterprise Package.

WAGO Advisory - CERT VDE published an advisory that describes a hidden functionality vulnerability in the WAGO Unmanaged Switch.

 

For more details on these disclosures, including list of affected products, links to researcher reports, 3^rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-47f - subscription required.

Review – Public ICS Disclosures – Week of 11-5-22 – Part 1 -

This is a busy Saturday after the 2^nd Tuesday. For Part 1 this week we have five OpenSSL 3.0 vendor disclosures from Carrier, Draeger, Eurotech, Palo Alto Networks, and QNAP.  There are 23 other vendor disclosures from Aiphone, Belden, Broadcom (9), Carrier, Fujitsu, GE Gas Power, HP, and HPE (8).

OpenSSL 3.0 Disclosures

Carrier published an OpenSSL 3.0 advisory. Carrier reports that no products are affected.

Draeger published an OpenSSL 3.0 advisory. Draeger reports that their medical devices are not affected.

Eurotech published an OpenSSL 3.0 advisory. Eurotech reports that none of their products are affected.

Palo Alto Networks updated their OpenSSL 3.0 advisory. They report that none of their products are affected.

QNAP published an OpenSSL 3.0 advisory. QNAP reports that their products are not affected.

Other Vendor Disclosures

Aiphone Advisory - Aiphone published an advisory that describes an information disclosure vulnerability in their GT Entrance Station product.

Belden Advisory - Belden published an advisory that discusses two unauthorized access vulnerabilities in their Provise and Hirschmann network management products.

Broadcom Advisory #1 - Broadcom published an advisory that discusses an off-by-one error vulnerability in their Brocade SANnav.

Broadcom Advisory #2 - Broadcom published an advisory that discusses an infinite loop vulnerability in undisclosed products (probably Brocade SANnav).

Broadcom Advisory #3 - Broadcom published an advisory that discusses an out-of-bounds write in their Brocade SANnav product.

Broadcom Advisory #4 - Broadcom published an advisory that describes an improper storage of sensitive information vulnerability in their Brocade SANnav product.

Broadcom Advisory #5 - Broadcom published an advisory that describes an information exposure vulnerability in their Brocade SANnav product.

Broadcom Advisory #6 - Broadcom published an advisory that describes an information exposure vulnerability in their Brocade SANnav product.

Broadcom Advisory #7 - Broadcom published an advisory that describes weak key exchange vulnerability in their Brocade SANnav product.

Broadcom Advisory #8 - Broadcom published an advisory that describes an information exposure vulnerability in their Brocade SANnav product.

Broadcom Advisory #9 - Broadcom published an advisory that describes a remote code execution vulnerability in their Brocade Fabric OS.

Carrier Advisory - Carrier published an advisory that discusses the Text4Shell vulnerability.

Fujitsu Advisory - Fujitsu published an advisory that discusses eight vulnerabilities in a variety of Fujitsu products.

GE Advisory - GE Gas Power published an advisory that discusses “Malware Persistence in VMWare ESXi Hypervisor”.

HP Advisory - HP published an advisory that describes a privilege escalation vulnerability in the BIOS for a number of HP products.

HPE Advisory #1 - HPE published an advisory that discusses an authentication bypass vulnerability in their B-series SAN Switches.

HPE Advisory #2 - HPE published an advisory that discusses five vulnerabilities in their B-Series SANnav Management Portal.

HPE Advisory #3 - HPE published an advisory that discusses an improper input validation vulnerability in their Synergy Servers.

HPE Advisory #4 - HPE published an advisory that discusses two vulnerabilities in their ProLiant Moonshot Servers.

HPE Advisory #5 - HPE published an advisory that discusses six vulnerabilities in their ProLiant DL/ML Servers.

HPE Advisory #6 - HPE published an advisory that discusses two vulnerabilities in their ProLiant BL/DL/ML Servers.

HPE Advisory #7 - HPE published an advisory that discusses an improper input validation vulnerability in their Apollo Servers.

HPE Advisory #8 - HPE published an advisory that discusses an improper input validation vulnerability in their StoreEasy Servers.

 

For more details about these advisories, including links to third-party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-b51 - subscription required.

Review – Public ICS Disclosures – Week of 8-20-22

This week we have five vendor disclosures from ABB, GE Gas Power (2), HP, and VMware. There is a vendor updates from Dell. Finally, there is a researcher report for products from Omron.

ABB Advisory - ABB published an advisory that discusses a an improper restriction of operations within the bounds of a memory buffer vulnerability in their ARM600 M2M Gateway.

GE Advisory #1 - GE published an advisory that describes an HTTP request/response splitting vulnerability in their Workstation ST products.

GE Advisory #2 - GE published an advisory that describes a cross-site scripting vulnerability in their Workstation ST products.

HP Advisory - HP published an advisory that describes a denial-of-service vulnerability in their HP PageWide Pro printers.

VMware Advisory - VMware published an advisory that describes a privilege escalation vulnerability in their VMware Tools product.

NOTE: This is being reported as a third-party vulnerability on some Linux distributions by OpenWall and Debian. This may show up as a third-party vulnerability in other products.

Dell Update - Dell published an update for their Log4Shell advisory.

Omron Report - The Zero Day Initiative published a report describing a use-after-free vulnerability in the Omron CS-One CX Programmer module.

 

For more details about these disclosures, including links to third-party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-9dc - subscription required.

Review – Public ICS Disclosures – Week of 3-26-22 – Part 1

Another busy week. This week, for Part 1 we have fifteen vendor disclosures from Bosch, Braun, Broadcom (2), Carrier, GE Gas Power, Hitachi, Hitachi Energy, HPE, Mitsubishi, Palo Alto Networks (2), Philips (2), and Phoenix Contact.

Bosch Advisory - Bosch published an advisory describing two stack-based buffer overflows in the recovery image process in their CPP Firmware.

Braun Advisory - Braun published an advisory discussing the PaloAlto Networks report on infusion pump vulnerabilities.

Broadcom Advisory #1 - Broadcom published an advisory discussing the 23 reported vulnerabilities in Insyde's H2O UEFI firmware.

Broadcom Advisory #2 - Broadcom published an advisory describing an inadequate cryptographic key implementation vulnerability in their Brocade Fabric OS (FOS) for older generation platforms.

Carrier Advisory - Carrier published an advisory discussing the LAPSUS$ attack on Octa.

GE Advisory - GE published an advisory discussing the SpringShell vulnerabilities.

Hitachi Advisory - Hitachi published an advisory discussing 31 vulnerabilities in their Disk Array products.

Hitachi Energy Advisory - Hitachi Energy published an advisory discussing the Spring4Shell vulnerabilities.

HPE Advisory - HPE published an advisory describing four vulnerabilities in the HPE OneView product.

Mitsubishi Advisory - Mitsubishi published an advisory discussing the Log4Shell vulnerabilities in their CC-Link IE TSN Configurator.

Palo Alto Networks Advisory #1 - Palo Alto Networks published an advisory discussing an infinite loop vulnerability in their PAN-OS products.

Palo Alto Networks Advisory #2 - Palo Alto Networks published an advisory discussing the Spring4Shell vulnerabilities.

Philips Advisory #1 - Philips published an advisory discussing six vulnerabilities in their IntelliVue XDS and VuePACS products.

Philips Advisory #2 - Philips published an advisory discussing an authentication bypass by spoofing vulnerability.

Phoenix Contact Advisory - Phoenix Contact published and advisory discussing 15 vulnerabilities (2 with known exploits) in their PROFINET SDK.

 

For more information on these disclosures, including links to researcher reports, 3^rd-party vendor advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-113 - subscription required.

Review – Public ICS Disclosures – Week of 3-5-22 – Part 1

It has been a busy week, even without the 2^nd Tuesday disclosures. This will be a three-part report. This week we have thirteen vendor disclosures from Boston Scientific, Broadcom, Carestream, WAGO, Draeger, Eaton (4), GE Gas Power, Genetec, Hitachi Energy, and Johnson Controls.

Boston Scientific Advisory - Boston Scientific published an advisory discussing the Access:7 vulnerabilities.

Broadcom Advisory - Broadcom published an advisory discussing the DirtyPipe vulnerability.

Carestream Advisory - Carestream published an advisory discussing the Access:7 vulnerabilities.

Ecava Advisory - Incibe CERT published an advisory discussing eight vulnerabilities in the Ecava IntegraXor.

WAGO Advisory - VDE CERT published an advisory describing a cross-site scripting vulnerability in various WAGO PLCs.

Draeger Advisory - Draeger published an advisory discussing the PwnKit vulnerability.

Eaton Advisory #1 - Eaton published an advisory describing a cross-site scripting vulnerability in their Intelligent Power Manager.

Eaton Advisory #2 - Eaton published an advisory describing a cross-site scripting vulnerability in their Intelligent Power Manager.

Eaton Advisory #3 - Eaton published an advisory describing a cross-site scripting vulnerability int heir Intelligent Power Manager.

Eaton Advisory #4 - Eaton published an advisory describing a cross-site scripting vulnerability int heir Intelligent Power Manager.

GE Gas Power Advisory - GE Gas Power published an advisory discussing the Russia-Ukraine situation.

Genetec Advisory - Genetec published an advisory describing a privilege escalation vulnerability in the Authentication Service role in their Security Center product.

Hitachi Energy Advisory - Hitachi Energy published an advisory describing seven vulnerabilities (two with published exploits) in their RelCare product.

Johnsons Controls Advisory - Johnson Controls published an advisory discussing a deserialization of untrusted data vulnerability in their DSC PowerManage product.

 

For more details on these disclosures, including links to 3^rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3 - subscription required.

Review - Public ICS Disclosures – Week of 2-19-22

This week we have twelve vendor disclosures from Aruba, GE Gas Power (2), Hitachi, Insyde (3), HPE, PulseSecure, QNAP, Siemens, and VMware. We have five vendor updates from Aruba, Dell, HPE, Johnson Controls, and Milestone. We also have 19 researcher reports for products from WECON (15), Fuji Electric (3), and Industrial Control Links (ICL). Finally we have three exploits reported for products from ICL and WebHMI (2).

Aruba Advisory - Aruba published an advisory describing 16 vulnerabilities in their AOS-CX Switches. Some of these are third-party vulnerabilities.

GE Gas Power Advisory #1 - GE published an advisory discussing the GE CIMPLICITY vulnerabilities reported earlier this week.

GE Gas Power Advisory #2 - GE published an advisory discussing the Blackberry QNX Neutrino Kernel vulnerability.

Hitachi Advisory - Hitachi published an advisory discussing 20 recently reported Microsoft vulnerabilities affecting their Hitachi Disk Array Systems.

Insyde Advisory #1 - Insyde published an advisory describing a privilege escalation vulnerability in their SysPasswordDxe driver.

Insyde Advisory #2 - Insyde published an advisory describing a buffer overflow vulnerability in their VariableEditSmm driver.

Insyde Advisoyr #3 - Insyde published an advisory describing a plain-text storage of sensitive information vulnerability in their HddPasswordPei driver.

HPE Advisory #1 - HPE published an advisory describing two vulnerabilities in their OneView Global Dashboard.

PulseSecure Advisory - PulseSecure published an advisory describing an integer overflow or wrap around vulnerability in multiple product lines.

QNAP Advisory - QNAP published an advisory describing two cross-site scripting vulnerabilities in their NAS running Proxy Server.

Siemens Advisory - Siemens published an advisory discussing 23 vulnerabilities in their Industrial Products.

VMware Advisory - VMware published an advisory describing a cross-site scripting vulnerability in their Workspace ONE Boxer.

Aruba Update - Aruba published an update for their PwnKit advisory that was originally published on February 1^st, 2022.

Dell Update - Dell published an update for their generic Log4Shell  advisory.

HPE Update - HPE published an update for their PwnKit advisory that was originally published on February 1^st 2022.

Johnson Controls Update - Johnson Controls published an update for their Log4Shell advisory.

Milestone Update - Milestone published an update for their Log4Shell advisory.

WECON Reports - The Zero Day Initiative published 15 reports of vulnerabilities in the WECON LeviStudioU.

Fuji Reports - ZDI published 3 reports of vulnerabilities in the Fuji Electric Alpha5 servo amplifiers.

ICL Report - Zero Science published a report describing a file write/overwrite and delete vulnerability in the ICL ScadaFlex II SCADA Controllers SC-1/SC-2.

ICL Exploit - LiquidWorm published an exploit for the ICL vulnerability reported above.

WebHMI Exploit #1 - Antonio Cuomo published an exploit for a remote code execution vulnerability in WebHMI version 4.1.1.

WebHMI Exploit #2 - Antonio Cuomo published an exploit for cross-site scripting vulnerability in WebHMI 4.1.

 

For more details about these disclosures, including links to 3rd party advisories, researcher reports, and exploits – see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-762 - subscription required.