Review – Public ICS Disclosures – Week of 1-11-24 – Part 3

For Part 3 we have one additional advisory for products from Siemens. We also have 17 vendor updates from Siemens. There are two researcher reports for vulnerabilities in products from Offis. Finally we have three exploits for products from ABB and Palo Alto Networks (2)

Advisories

Siemens Advisory - Siemens published an advisory that discusses an insertion of sensitive information into a log file vulnerability in their Siveillance Video Device Pack.

Updates

Siemens Update #1 - Siemens published an update for their User Management Component advisory that was originally published on December 12^th, 2023, and most recently updated on October 8^th, 2024.

Siemens Update #2 - Siemens published an update for their SIMATIC S7-1500 advisory that was originally published on October 8^th, 2024, and most recently updated on December 10^th, 2024.

Siemens Update #3 - Siemens published an update for their Siemens Engineering Platform advisory that was originally published on November 12^th, 2024.

Siemens Update #4 - Siemens published an update for their Socket.IO advisory that was originally published on September 10^th, 2024, and most recently updated on December 10^th, 2024.

Siemens Update #5 - Siemens published an update for their SIMATIC WinCC advisory that was originally published on April 9^th, 2024, and most recently updated on July 9^th, 2024.

Siemens Update #6 - Siemens published an update for their BlastRadius.Fail advisory that was originally published on July 9^th, 2024, and most recently updated on December 10^th, 2024.

Siemens Update #7 - Siemens published an update for their e OPC UA Implementations advisory that was originally published on September 12^th, 2023, and most recently updated on December 10^th, 2025.

Siemens Update #8 - Siemens published an update for their SCALANCE W-700 advisory that was originally published on June 11^th, 2024, and most recently updated on September 10^th, 2024.

Siemens Update #9 - Siemens published an update for their SIMATIC SCADA and PCS 7 systems advisory that was originally published on September 10^th, 2024, and most recently updated on November 12^th, 2024.

Siemens Update #10 - Siemens published an update for their SegmentSmack advisory that was originally published on April 14^th, 2020, and most recently updated on July 9^th, 2024.

Siemens Update #11 - Siemens published an update for their S7-1500 CPU devices advisory that was originally published on January 10^th, 2023, and most recently updated on June 11^th, 2024.

Siemens Update #12 - Siemens published an update for their PROFINET Stack advisory that was originally published on April 12^th, 2022, and most recently updated on July 9^th, 2024.

Siemens Update #13 - Siemens published an update for their SCALANCE products advisory that was originally published on December 13^th, 2022, and most recently updated on October 10^th, 2023.

Siemens Update #14 - Siemens published an update for their Mendix Runtime advisory that was originally published on September 10^th, 2024, and most recently updated on December 12^th, 2024.

Siemens Update #15 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on December 12^th, 2023, and most recently updated on December 10^th, 2024.

Siemens Update #16 - Siemens published an update for their Web Server of SIMATIC S7-1500 CPUs advisory that was originally published on October 8^th, 2024, and most recently updated on November 12^th, 2024.

Siemens Update #17 - Siemens published an update for their User Management Component advisory that was originally published on September 10^th, 2024, and most recently updated on November 12^th, 2024.

Researcher Reports

Offis Report #1 - Cisco Talos published a report that describes an improper restriction of operations within the bounds of a memory buffer in the Offis DCMTK DICOM library.

Offis Report #2 - Cisco Talos published a report that describes an improper restriction of operations within the bounds of a memory buffer in the Offis DCMTK DICOM library.

Exploits

ABB Exploit - Cyber Danube published an exploit for two vulnerabilities in the ABB AC500v3.

Palo Alto Networks Exploit #1 - An unidentified researcher published an exploit for an improper check for unusual or exceptional conditions vulnerability (reported in the CISA Known Exploited Vulnerabilities catalog) in the Palo Alto Networks PanOS product.

Palo Alto Networks Exploit #2 - SSD published an advisory for an OS command injection vulnerability in the Palo Alto Networks Expedition Migration Tool.

 

For more information on these disclosures, including links to 3rd party advisories and researcher reports, in addition to brief summaries of changes made in the updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-e6f - subscription required.

Review – Public ICS Disclosures – Week of 4-20-24 – Part 2

For Part 2 we have nine additional vendor disclosures from Panasonic, QNAP (6), WatchGuard, and Welotec. We also have eight vendor updates from Broadcom (6), Mitsubishi, and Palo Alto Networks. There are four researcher reports for products from Mathieu Malaterre (3) and Offis. Finally, we have three exploits for products from FortiGuard and Palo Alto Networks (2).

Advisories

Panasonic Advisory - Panasonic published an advisory that describes an improper restriction of operations within the bounds of a memory buffer.

QNAP Advisory #1 - QNAP published an advisory that describes four vulnerabilities in their QTS and QuTS hero products.

QNAP Advisory #2 - QNAP published an advisory that discusses four vulnerabilities in their utility Proxy Server.

QNAP Advisory #3 - QNAP published an advisory that describes two vulnerabilities in their QuFirewall.

QNAP Advisory #4 - QNAP published an advisory that describes an integer overflow or wraparound vulnerability in their QTS, QuTS hero, and QuTScloud product.

QNAP Advisory #5 - QNAP published an advisory that describes an improper authentication vulnerability in their Media Streaming Add-on.

QNAP Advisory #6 - QNAP published an advisory that describes two path traversal vulnerabilities in their QTS, QuTS hero, and QuTScloud products.

WatchGuard Advisory - WatchGuard published an advisory that discusses the Diffie-Hellman Key Agreement Protocol Weaknesses.

Welotec Advisory - CERT-VDE published an advisory that describes an improper restriction of rendered UI layers or frames vulnerability in their SMART EMS and VPN Security Suite products.

Updates

Broadcom Update #1 - Broadcom published an update for their EZServer module advisory that was originally published on November 8^th, 2022.

Broadcom Update #2 - Broadcom published an update for their Identical SSH keys advisory that was originally published on April 10^th, 2024.

Broadcom Update #3 - Broadcom published an update for their Hardcoded TLS keys advisory that was originally published on April 11^th, 2024.

Broadcom Update #4 - Broadcom published an update for their SANnav OVA advisory that was originally published on April 11^th, 2024.

Broadcom Update #5 - Broadcom published an update for their Insecure file permission advisory that was originally published on April 11^th, 2024.

Broadcom Update #6 - Broadcom published an update for their Docker instances advisory that was originally published on April 11^th, 2024.

Mitsubishi Update - Mitsubishi published an update for their Microsoft Message Queuing advisory that was originally published on February 20^th, 2024.

Reports

Palo Alto Networks Update - Palo Alto Networks published an update for their Arbitrary File Creation advisory that was originally published on April 12^th, 2024 and most recently updated on April 20^th, 2024.

Offis Report - Cisco Talos published a report describing an incorrect type conversion or cast vulnerability in the Offis DCMTK, a collection of DICOM libraries.

Exploits

FortiGuard Exploit - Spencer McIntyre published a Metasploit module for an SQL injection vulnerability in the FortiClient EMS (this vulnerability is listed in CISA’s Known Exploit Vulnerability Catalog).

Palo Alto Networks Exploit #1 - Sfewer-r7 published a Metasploit module for a command injection vulnerability in the Palo Alto Networks PAN-OS (this vulnerability is listed in CISA’s KEV Catalog).

Palo Alto Networks Exploit #2 - Kr0ff published an exploit for a command injection vulnerability in the Palo Alto Networks PAN-OS (this vulnerability is listed in CISA’s KEV Catalog).

 

For more information about these disclosures, including links to 3rd party advisories and researcher reports, as well as summaries of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-6e6 - subscription required.

Review – 6 Advisories Published – 6-23-22

Today, CISA’s NCCIC-ICS published five control system security advisories for products from Elcomplus, Pyramid Solutions, Secheron, and Yokogawa (2). They also published a medical device control system security advisory for products from OFFIS.

NCCIC-ICS has now reported advisories for four of the ten vendors covered in the OT:ICEFALL report.

Elcomplus Advisory - This advisory describes three vulnerabilities in the Elcomplus SmartICS web-based HMI.

Pyramid Solutions Advisory - This advisory describes an out-of-bounds write vulnerability in the Pyramid Solutions EtherNet/IP Adapter Development Kit.

NOTE: Weidmueller is almost certainly not the only vendor that uses the affected development or DLL kits. This is sure to show up (eventually) as a third-party vulnerability in a number of products.

Secheron Advisory - This advisory describes seven vulnerabilities in the Secheron SEPCOS Control and Protection Relay.

NOTE: There is a vendor level of control over PLC’s? From the description in the advisory, it sounds like admin level access. Could someone try to explain the difference?

Yokogawa Advisory #1 - This advisory describes a violation of secure design principles vulnerability in the Yokogawa Consolidation Alarm Management Software for Human Interface Station (CAMS for HIS) software.

NOTE: I briefly reported on this vulnerability on May 28^th, 2022.

Yokogawa Advisory #2 - This advisory discusses OT:ICEFALL vulnerabilities in the Yokogawa STARDOM network control system.

NOTE: NCCIC-ICS still is not providing links to the OT:ICEFALL report or naming Forescout as the authoring agency.

OFFIS Advisory - This advisory describes three vulnerabilities in the OFFIS DCMTK libraries and software that process DICOM image files.

 

For more information on these advisories, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-published-6-23-22 - subscription required.