Review – 12 Advisories Published – 12-11-25

Today CISA’s NCCIC-ICS published ten control system security advisories for products from OpenPLC, Siemens (6), AzeoTech, and Johnson Controls (2). They also published two medical device security advisories for products from Varex and Grassroots.

Siemens published an additional eight advisories on Tuesday that were not covered here by CISA. I will address those this weekend.

Advisories

OpenPLC Advisory - This advisory describes a cross-site scripting vulnerability in the OpenPLC_V3.

Gridscale Advisory - This advisory describes two vulnerabilities in the Siemens Gridscale X Prepay energy management product.

Energy Services Advisory - This advisory discusses an authentication bypass using an alternate path or channel vulnerability in the Siemens Energy Services product.

Building X Advisory - This advisory describes an improper verification of cryptographic signature vulnerability in the Siemens Building X - Security Manager Edge Controller.

SINEMA Advisory - This advisory describes two vulnerabilities in the Siemens SINEMA Remote Connect Server.

SALT Advisory - This advisory describes an improper certificate validation vulnerability in the Siemens Advanced Licensing (SALT) Toolkit.

IAM Advisory - This advisory describes an improper certificate validation vulnerability in the Siemens IAM Client.

AzeoTech Advisory - This advisory describes seven vulnerabilities in the AzeoTech DAQFactory.

iSTAR Ultra Advisory - This advisory describes two OS command injection vulnerabilities in the Johnson Controls iSTAR Ultra and iSTAR Edge products.

iSTAR Advisory - This advisory describes two improper neutralization of special elements used in an OS command vulnerability iSTAR Ultra and iSTAR Edge products.

Varex Advisory - This advisory discusses an uncontrolled search path element vulnerability (with publicly available exploit) in their Panoramic Dental Imaging Software.

Grassroots Advisory - This advisory describes an out-of-bounds write vulnerability in the Grassroots DICOM viewer.

NOTE: CISA reports that DICOM viewers from SimpleITK and medInria are also affected by this vulnerability.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/12-advisories-published-12-11-25 - subscription required.

Review – Public ICS Disclosures – Week of 10-4-25 – Part 2

For Part 2 we have five additional vendor disclosures from Fuji Electric, OpenPLC, Philips (2) and Wireshark. There is a vendor update from HPE. We have six researcher reports for vulnerabilities in products from OpenPLC (2), and Planet (4). Finally, we have three exploits for products from FortiGuard (2) and MotionEye.

Advisories

Fuji Advisory - JP-CERT published an advisory that describes nine vulnerabilities in the Fuji V-SFT screen configuration software.

OpenPLC Advisory - OpenPLC published an advisory that describes an improper input validation vulnerability.

Philips Advisory #1 - Philips published an advisory that discusses the Oracle server side request forgery vulnerability.

Philips Advisory #2 - Philips published an advisory that discusses three Cisco vulnerabilities.

Wireshark Advisory - Wireshark published an advisory that describes an infinite loop vulnerability in their MONGO dissector.

Updates

HPE Update - HPE published an update for their Aruba EdgeConnect SD-WAN Gateways advisory that was originally published on September 16^th, 2025.

Researcher Reports

OpenPLC Report - CISCO Talos published a report that describes a missing release of file descriptor or handle after the effective lifetime vulnerability in the OpenPLC v3.

Planet Reports - Cisco Talos published four reports for nine vulnerabilities in the Planet WGR-500 industrial router.

Exploits

FortiGuard Exploit #1 - Milad Karimi published an exploit for an SQL injection vulnerability {which is listed in CISA’s Known Exploited Vulnerability (KEV) catalog} in the FortiWeb Fabric Connector. The vulnerability was previously disclosed by FortiGuard.

FortiGuard Exploit #2 - Kityzed2003 published an exploit for a an SQL injection vulnerability (which is listed in CISA’s KEV catalog) in the FortiWeb product.

MotionEye Exploit - Maksim Rogov published a Metasploit module for an improper encoding or escaping from object vulnerability in the MotionEye.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-fa2 - subscription required.

Review – Public ICS Disclosures – Week of 9-14-24

This week we have 16 vendor disclosures from CIRCUTOR, Dell, Dassault Systems (2), GE Vernova, Hitachi, HP (2), Moxa, Philips (3), SEL, Softing, Supermicro, and VMware. There are also two updates from HPE and Moxa. Finally, we also have six researcher reports for products from OpenPLC (3), Riello, and Supermicro (2).

Advisories

CIRCUTOR Advisory - Incibe-CERT published an advisory that describes six vulnerabilities in the CIRCUTOR Q-SMT and TCP2RS+ substation equipment.

Dell Advisory - Dell published an advisory that discusses seven vulnerabilities (three with publicly available exploits) in their ThinOS products.

Dassault Systems Advisory #1 - Dassault Systems published an advisory that describes a cross-site scripting vulnerability in their 3DEXPERIENCE product.

Dassault Systems Advisory #2 - Dassault Systems published an advisory that describes a cross-site scripting vulnerability in their 3DEXPERIENCE product.

GE Vernova Advisory - GE Vernova published an advisory that describes six vulnerabilities in their ControlST platform.

HPE Advisory #1 - HPE published an advisory that discusses five vulnerabilities in their StoreEasy Servers.

HPE Advisory #2 - HPE published an advisory that describes three vulnerabilities in their Aruba Networking Controller and Gateway-Based AOS.

Moxa Advisory - Moxa published an advisory that describes three vulnerabilities in their MXview One and MXview One Central Manager Series.

Philips Advisory #1 - Philips published an advisory that discusses the recent Fortinet breach.

Philips Advisory #2 - Philips published an advisory that discusses the recent VMware vulnerabilities.

Philips Advisory #3 - Philips published an advisory that discusses the recent Windows Update Downgrade Attack Advisory.

SEL Advisory - SEL published a version update notice for their SEL-5032 acSELerator Architect Software.

Softing Advisory - Softing published an advisory that describes a missing release of memory vulnerability in their uaToolkit Embedded and smartLink products.

Supermicro Advisory - Supermicro published an advisory that discusses two vulnerabilities in their Denverton platform.

VMware Advisory - VMware published an advisory that describes two vulnerabilities in their vCenter Server.

Updates

HPE Update - HPE published an update for their HPE ProLiant DL/ML/XL, Synergy, and Edgeline Servers advisory that was originally published on September 16^th, 2024.

Moxa Update - Moxa published an update for their  regreSSHion vulnerability advisory that was originally published on August 2^nd, 2024 and most recently updated on September 10^th, 2024.

Researcher Reports

OpenPLC Report #1 - Talos published a report that describes a stack-based buffer overflow vulnerability in the OpenPLC OpenPLC _v3.

OpenPLC Report #2 - Talos published a report that describes two out-of-bounds read vulnerabilities in the OpenPLC OpenPLC _v3.

OpenPLC Report #3 - Talos published a report that describes two incorrect type or cast vulnerabilities in the OpenPLC OpenPLC _v3.

Riello Report - CyberDanube published a report describing two vulnerabilities in the Riello Netman 204 network communications card.

Supermicro Report #1 - Binarly published a report that describes a use of hard-coded credentials vulnerability in the Supermicro BMC Firmware.

Supermicro Report #2 - Binarly published a report that describes an insecure RSA signing key used in multiple Supermicro servers.

 

For more details about these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-ed6 - subscription required.

Review – Public ICS Disclosures – Week of 10-7-23 – Part 2

For Part 2 we have three vendor disclosures from Schneider (2) and Siemens. There are eleven updates from Siemens. Finally, we have five exploits for OpenPLC, Splunk, and Tinycontrol (3).

Advisories

Schneider Advisory #1 - Schneider published an advisory that describes two vulnerabilities in their SpaceLogic C-Bus Toolkit products.

Schneider Advisory #2 - Schneider published an advisory that describes a deserialization of untrusted data vulnerability in their EcoStruxure Power Monitoring Expert product.

Siemens Advisory - Siemens published an advisory that describes a cross-site scripting vulnerability in their SINEMA Server.

Updates

Siemens Update #1 - Siemens published an update for their OpenSSL in Industrial Products advisory that was originally published on June 14^th, 2022, and was most recently updated on September 12^th, 2023.

Siemens Update #2 - Siemens published an update for their OPC UA Implementations advisory that was originally published on September 12^th, 2023.

Siemens Update #3 - Siemens published an update for their SCALANCE Products advisory that was originally published on August 9^th, 2022, and most recently updated on April 11^th, 2023.

Siemens Update #4 - Siemens published an update for their SCALANCE W1750D advisory that was originally published on May 9^th, 2023.

Siemens Update #5 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on November 27^th, 2018, and most recently updated on September 12^th, 2023.

Siemens Update #6 - Siemens published an update for their SCALANCE Products advisory that was originally published on December 13^th, 2022, and most recently updated on April 11^th, 2023.

Siemens Update #7 - Siemens published an update for their SIMATIC WinCC Kiosk Mode advisory that was originally published on May 10^th, 2022 and most recently updated on July 11^th, 2023.

Siemens Update #8 - Siemens published an update for their OPC-UA in Industrial Products advisory that was originally published on May 10^th, 2022, and most recently updated on October 11^th, 2022.

Siemens Update #9 - Siemens published an update for their SINEC NMS and SINEMA Server advisory that was originally published on March 8^th, 2022, and most recently updated on March 14^th, 2023.

Siemens Update #10 - Siemens published an update for their WIBU Systems CodeMeter advisory that was originally published on September 12^th, 2023.

Siemens Update #11 - Siemens published an update for their OpenSSL in SCALANCE W1750D Devices advisory that was originally published on March 14^th, 2023.

Exploits

OpenPLC Exploit - Kai Feng published an exploit for a remote code execution vulnerability in products from OpenPLC.

Splunk Exploit - Redway Security published an exploit for admin account takeover vulnerability in products from Splunk.

Tinycontrol Exploit #1 - LIQUIDWORM published an exploit for a denial of service vulnerability in the Tinycontrol LAN controller.

Tinycontrol Exploit #2 - LIQUIDWORM published an exploit for a remote credentials extraction vulnerability in the Tinycontrol LAN controller.

Tinycontrol Exploit #3 - LIQUIDWORM published an exploit for a remote admin password change vulnerability in the Tinycontrol LAN controller.

 

For more information on these disclosures, including a brief summary of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-f57 - subscription required.

Review – Public ICS Disclosures – Week of 9-9-23 – Part 2

For Part 2 we have four vendor disclosures from Schneider and Siemens (3). We also have fourteen updates from Siemens. Finally, we have four exploits for products from Ivanti, OpenPLC, Splunk, and VMware.

Advisories

Schneider Advisory - Schneider published an advisory that describes a missing authentication for critical function vulnerability in their Update Service for the IGSS (Interactive Graphical SCADA System) product.

Siemens Advisory #1 - Siemens published an advisory that describes seven vulnerabilities in their Teamcenter Visualization and JT2Go products.

Siemens Advisory #2 - Siemens published an advisory that describes an insertion of sensitive information in an externally-accessible file or directory in their SIMATIC PCS neo Administration Console.

Siemens Advisory #3 - Siemens published an advisory that describes an incorrect permission assignment for critical resource vulnerability in their Spectrum Power 7 product.

Updates

Siemens Update #1 - Siemens published an update for their SIMATIC S7-1500 TM MFP advisory that was originally published on June 13^th, 2023.

Siemens Update #2 - Siemens published an update for their SIMATIC S7-1500 TM MFP Linux kernel advisory that was originally published on June 13^th, 2023 and most recently updated on August 8^th, 2023.

Siemens Update #3 - Siemens published an update for their n RUGGEDCOM ROS advisory that was originally published on November 8^th, 2022 and most recently updated on April 11^th, 2023.

Siemens Update #4 - Siemens published an update for their Tecnomatix Plant Simulation advisory that was originally published on July 11^th, 2023 and most recently updated on August 8^th, 2023.

Siemens Update #5 - Siemens published an update for their OpenSSL component advisory that was originally published on June 14^th, 2022, and most recently updated on July 11^th, 2023.

Siemens Update #6 - Siemens published an update for their QMS Automotive advisory that was originally published on November 8^th, 2022.

Siemens Update #7 - Siemens published an update for their SIPROTEC 5 Devices advisory that was originally published on December 13^th, 2022 and most recently updated on May 9^th, 2023.

Siemens Update #8 - Siemens published an update for their e Web Server Login Page of Industrial Controllers advisory that was originally published on November 8^th, 2022 and most recently updated on August 8^th, 2023.

Siemens Update #9 - Siemens published an update for their RUGGEDCOM APE1808 advisory that was originally published on February 14^th, 2023.

Siemens Update #10 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on November 27^th, 2018 and most recently updated on August 8^th, 2023.

Siemens Update #11 - Siemens published an update for their Denial of Service Vulnerabilities in Industrial Products advisory that was originally published on December 13^th, 2022 and most recently updated on July 11^th, 2023.

Siemens Update #12 - Siemens published an update for their SIPROTEC 5 Devices advisory that was originally published on April 11^th, 2023 and most recently updated on May 9^th, 2023.

Siemens Update #13 - Siemens published an update for their OpenSSL X.400 advisory that was originally published on August 8^th, 2023.

Siemens Update #14 - Siemens published an update for their OpenSSL RSA Decryption in SIMATIC Products advisory that was originally published on August 8^th, 2023.

Exploits

Ivanti Exploit - Jheysel-r7, James Horseman, and Zach Hanley published a Metasploit module for an incorrect authorization vulnerability in the Ivanti Sentry product.

OpenPLC Exploit - Kai Feng published an exploit for a buffer overflow vulnerability in the OpenPLC webserver.

Splunk Exploit - RedWay Security and Santiago Lopez published an exploit for a privilege escalation vulnerability in the Splunk Enterprise product.

VMware Exploit - Ege Balci published an exploit for three vulnerabilities in the VMware vRealize Log.

 

For more details about these disclosures, including a summary of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-934 - subscription required.

Public ICS Disclosures – Week of 5-8-21, Part 2

This week we have five additional vendor notifications from QNAP (2), VMware, and Siemens (2). We also have two vendor updates from Siemens. We also have nine researcher reports for products from Moxa (4), and Siemens (5). Finally, we have three exploits for ScadaBR (2) and OpenPLC.

The sharp-eyed reader will have noted that I have not mentioned Schneider at all in yesterday’s or today’s posts. Schneider published seven new advisories and six updates on Tuesday. I am going to have to do a ‘Part 3’ to my Public ICS Disclosures post this week. I will try to get it out later today.

QNAP Advisories

QNAP published an advisory describing a command injection vulnerability in their NAS running Malware Remover 4.x. The vulnerability was reported by polict of Shielder via the Zero Day Initiative. QNAP has an update that mitigates the vulnerability. There is no indication that the researcher has been provided an opportunity to verify the efficacy of the fix.

QNAP published an advisory discussing eCh0raix Ransomware. QNAP is taking the unusual step of noting that the eCh0raix ransomware has been reported to affect QNAP NAS devices. There is no mention of a particular vulnerability being used, but they do recommend (among other generic mitigation measures) not using ports 443 or 8080.

VMware Advisory

VMware published an advisory describing a cross-site scripting vulnerability in their Workspace ONE UEM console. The vulnerability was reported by Mr. Lauritz Holtmann and Mr. Leif Enders of usd AG. VMware has patches that mitigate the vulnerability. There is no indication that Holtmann has been provided an opportunity to verify the efficacy of the fix.

Siemens Advisories

Siemens published an advisory describing 13 vulnerabilities in their SINAMICS medium voltage products. Siemens has new versions for some of the products that mitigate the vulnerabilities.

The 13 reported vulnerabilities are:

• Improper restriction of operations within the bounds of a memory buffer (2) - CVE-2021-27383 and CVE-2021-27385,

• Access memory location after the end of buffer (2) - CVE-2021-27384 and CVE-2019-8280,

• Uncontrolled resource allocation - CVE-2021-27385,

• Improper initialization (4) - CVE-2019-8259, CVE-2019-8264,  CVE-2019-8265, andCVE-2019-8277,

• Out-of-bounds read (2) - CVE-2019-8260 and CVE-2019-8261,

• Heap-based buffer overflow - CVE-2019-8262,

• Stack-based buffer overflow - CVE-2019-8263,

• Improper Null termination - CVE-2019-8275,

NOTE 1: The CVE’s above with links were previously discussed by Kaspersky Labs in a report on VNC vulnerabilities.

NOTE 2: Many of these vulnerabilities were also reported earlier this week by NCCIC-ICS in the Siemens SIMATIC HMIs/WinCC Products and in the Siemens SINUMERIK products back in June of 2020

COMMENT: Siemens has been aware of these VNC problems for quite some time. I am surprised that they are just now getting around to reporting/fixing these problems in the two product lines being reported this week. I suspect that this is a problem that may have been prevented by use of a good software bill of materials.

Siemens published an advisory discussing four vulnerabilities in their Industrial PCs and CNC devices. These are third-party (Intel) vulnerabilities. Siemens is recommending updating the Bios on some of the affected products.

The four reported vulnerabilities are:

• Improper isolation of shared resources in System-on-a-chip - CVE-2020-8698,

• Improper privilege management - CVE-2020-8745,

• Improper authentication - CVE-2020-8694, and

• Improper input validation - CVE-2020-0590

Siemens Updates

Siemens published an update for their GNU/Linux subsystem advisory that was was originally published in 2018 and most recently updated on March 13^th, 2021. The new information includes:

• Adding the following CVEs:

◦ CVE-2020-13529,

◦ CVE-2020-36312,

◦ CVE-2021-20305, and

• Clarifying that the list of vulnerabilities is no longer maintained for versions below V2.8.4.

Siemens published an update for their DNSpooq – Dnsmasq advisory that was originally published on January 19^th, 2021 and most recently updated on March 13^th, 2021. The new information includes clarifying that a solution for SCALANCE W1750D is not expected.

NOTE: NCCIC-ICS does not update their DNSSpooq advisory for changes in vendor advisories since the NCCIC-ICS advisory links to the latest version of the vendor advisory.

Moxa Reports

Kaspersky published four reports for vulnerabilities in the Moxa NPort IA5000A Series. Moxa reported on these vulnerabilities on April 28^th, 2021. The CVEs covered in the Kaspersky reports are:

• CVE-2020-27149,

• CVE-2020-27184,

• CVE-2020-27150, and

• CVE-2020-27185

NOTE: Links are to the respective Kaspersky reports.

Siemens Reports

ZDI published five reports of vulnerabilities in the Siemens Solid Edge Viewer. The vulnerabilities were reported by rgod. The vulnerabilities have been coordinated thru NCCIC-ICS with Siemens, but Siemens has not yet published an advisory for these issues. It has, however, provided CVE numbers for the vulnerabilities. The reported vulnerabilities in the ZDI reports are:

• Improper restriction of XML External Entity - CVE-2021-27492,

• Improper validation of user supplied data - CVE-2021-27490,

• Untrusted pointer dereference - CVE-2021-27496,

• Stack-based buffer overflow - CVE-2021-27494, and

• Out-of-bounds write - CVE-2021-27488

NOTE: Links are to the respective ZDI report.

ScadaBR Exploits

Fellipe Oliveira published two different exploits for a vulnerability in ScadaBr. There is a CVE number (CVE-2021-26828) provided but there is no information on that CVE in either the Mitre or NIST databases. These may be 0-day exploits. The exploits employ separate techniques:

• Authenticated arbitrary file upload, and

• Linux shell upload

NOTE: Links are to the exploit reports.

OpenPLC Exploit

Fellipe Oliveira published an exploit for a remote code execution vulnerability in the OpenPLC WebServer. There is no CVE number or reference to vendor notification. This may be a 0-day exploit.

Public ICS Disclosures – Week of 4-24-21

This week we three vendor NAME:WRECK disclosures from Boston Scientific, Braun, and Rockwell. We also have 14 vendor disclosures from Beckhoff, Bosch (2), B&R Industrial Automation, MB connect, CODESYS (5), Moxa, ODA, and Texas Instruments (2). We have five researcher reports for products from Advantech (4) and Siemens. Finally, we have exploits for products from OpenPLC and VMWare.

NAME:WRECK Advisories

Boston Scientific published an advisory discussing the NAME:WRECK vulnerabilities, announcing that they are investigating to see if any of their products are affected.

Braun published an advisory discussing the NAME:WRECK vulnerabilities, announcing that none of their ‘connected devices’ are affected.

Rockwell published an advisory discussing the NAME:WRECK vulnerabilities, providing a list of affected products and fixed versions.

Beckhoff Advisory

Beckhoff published an advisory describing an improper input validation vulnerability in their TwinCAT OPC UA Server and IPC Diagnostics UA Server. The vulnerability was reported by Industrial Control Security Laboratory of QI-ANXIN Technology Group. Beckhoff has new versions that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Bosch Advisories

Bosch published an advisory describing seven vulnerabilities in their ctrlX CORE - IDE App. These are third-party (OpenSSL and Python) vulnerabilities. The next version of the product will mitigate the vulnerabilities.

The seven reported vulnerabilities are:

• Improper encoding or escaping of output - CVE-2020-26116 (exploit),

• Inadequate information (NIST ?) - CVE-2020-27619,

• HTTP request smuggling - CVE-2021-23336 (exploit),

• Integer overflow or wraparound - CVE-2021-23840, CVE-2021-23841,

• Classic buffer overflow - CVE-2021-3177 (exploit), and

• NULL pointer dereference - CVE-2021-3449

Bosch published an advisory describing an FTP backdoor in their Rexroth Fieldbus Couplers. Bosch provides generic workarounds.

B&R Advisory

B&R published an advisory describing an uncontrolled resource consumption vulnerability in their  I/O system and HMI components. This is a third-party (Siemens) vulnerability. B&R provides generic workarounds.

MB Advisory

CERT-VDE published an advisory discussing the DNSpooq vulnerabilities in the MB connect mbNET products. MB connect has new versions that mitigate the vulnerabilities.

CODESYS Advisories

CODESYS published an advisory [.PDF download link] describing a cross-site request forgery vulnerability in their CODESYS Automation Server. The vulnerability was reported by Uri Katz of Claroty. CODESYS has a new version that mitigates this vulnerability. There is no indication that Katz has been provided an opportunity to verify the efficacy of the fix.

CODESYS published an advisory [.PDF download link] describing a NULL pointer dereference vulnerability in their CODESYS V3 products containing the CmpGateway. The vulnerability was reported by Uri Katz of Claroty. CODESYS has a new version that mitigates this vulnerability. There is no indication that Katz has been provided an opportunity to verify the efficacy of the fix.

CODESYS published an advisory [.PDF download link] describing an insufficient verification of data authenticity vulnerability in their Development System V3. The vulnerability was reported by an OEM customer. CODESYS has a new version that mitigates the vulnerability. There is no indication that the researcher has been provided an opportunity to verify the efficacy of the fix.

CODESYS published an advisory [.PDF download link] describing describing an insufficient verification of data authenticity vulnerability in their Development System V3. The vulnerability was reported by Uri Katz of Claroty. CODESYS has a new version that mitigates this vulnerability. There is no indication that Katz has been provided an opportunity to verify the efficacy of the fix.

CODESYS published an advisory [.PDF download link] describing an improper input validation vulnerability in their V3 products and Control V3 Runtime System Toolkit. The vulnerability was reported by Alexander Nochvay from Kaspersky Lab ICS CERT. CODESYS has a new version that mitigates the vulnerability. There is no indication that Nochvay has been provided an opportunity to verify the efficacy of the fix.

Moxa Advisory

Moxa published an advisory describing four vulnerabilities in their NPort IA5000A Series Serial Device Servers. The vulnerability was reported by Alexander Nochvay from Kaspersky Lab ICS CERT. Moxa has a new version to mitigate one of the vulnerabilities and workarounds for the others. There is no indication that Nochvay has been provided an opportunity to verify the efficacy of the fix.

The four reported vulnerabilities:

• Improper access control - CVE-2020-27149,

• Unprotected storage of credentials - CVE-2020-27150,

• Cleartext transmission of sensitive information (2) - CVE-2020-27184 and CVE-2020-27185

ODA Advisory

ODA published an advisory describing an out-of-bounds write vulnerability in their Open Design Alliance Drawings SDK. ODA has a new version that mitigates the vulnerability.

NOTE: This is a very minimalist advisory.

TI Advisories

TI published an advisory discussing the BadAlloc vulnerabilities in their SimpleLink™ CC13XX, CC26XX, CC32XX and MSP432E4 products. TI provides generic work arounds for these vulnerabilities.

TI published an advisory describing an integer overflow vulnerability in their Networks Developers Kit. The vulnerability was reported by Omri Ben Bassat and David Atch of Microsoft. The product is no longer supported.

Advantech Report

The Zero Day Initiative published four reports for vulnerabilities in the Advantech WebAccess/HMI Designer products. The vulnerabilities were reported by kimiya and have been coordinated with NCCIC-ICS and an advisory from them is pending.

The four reported vulnerabilities are:

• Heap-based buffer overflow - ZDI-21-490 and ZDI-21-487,

• File parsing memory corruption- ZDI-21-489, and

• Out-of-bounds write - ZDI-21-488,

Siemens Report

ZDI published a report describing an information validation vulnerability in the Siemens JT2Go product. The vulnerability was reported by Michael DePlante. ZDI has been coordinating with NCCIC-ICS since last September.

OpenPLC Exploit

Fellipe Oliveira published an exploit for a remote code execution vulnerability in the OpenPLC product. There is no CVE provided and no indications of coordination with the vendor. This may be a 0-day vulnerability.

VMware Exploit

Egor Dimitrenko published a Metasploit module for two vulnerabilities in the VMware vRealize Operations Manager. The vulnerabilities were reported by VMware on March 31^st, 2021.

The two exploited vulnerabilities are:

• Server-side request forgery - CVE-2021-21975, and

• Arbitrary file write - CVE-2021-21983