Review – Public ICS Disclosures – Week of 1-21-23

This week we have an OpenSSL 3.0 advisory from Dell. We have seven vendor disclosures from Carrier, Contec, GE Grid Solutions, Meinberg, Omron, and PulseSecure (2). We also have three vendor updates from CODESYS, HPE, and PcVue. Finally, we have 16 researcher reports for products from Siretta (14), Zyxel, and Delta Electronics.

Open SSL 3.0 Advisories

Dell published an advisory that discusses the OpenSSL 3.0 vulnerabilities.

Vendor Advisories

Carrier Advisory - Carrier published an advisory that discusses multiple authentication bypass vulnerabilities in their WebCTRL® and i-Vu® software.

Contec Advisory - Contec published an advisory that describes an SQL injection vulnerability in the Contec CONPROSYS HMI System.

GE Grid Solutions Advisory - GE Grid Solutions published an advisory for their DS Agile Distributed Control System.

Meinberg Advisory - Meinberg published an advisory that discusses eight vulnerabilities in their LANTIME product.

Omron Advisory - JP Cert published an advisory that describes an improper restriction of an XML entity reference vulnerability in the OMRON CX-Motion Pr.

PulseSecure Advisory #1 - PulseSecure published an advisory that discusses a use-after-free vulnerability.

PulseSecure Advisory #2 - PulseSecure published an advisory that discusses a double free vulnerability.

Vendor Updates

CODESYS Update - CODESYS published an update for their Control V3 communication server advisory that was originally published on November 22nd, 2022 and most recently updated on December 14^th, 2022.

HPE Update - HPE published an update for their IceWall advisory that was originally published on March 9^th, 2018 and most recently updated on May 26^th, 2021.

PcVue Update - PcVue published an update for their email and SMS accounts advisory that was originally published on November 25^th, 2022 and most recently updated on December 20^th, 2022.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-22-354-03) to reflect this information.

Researcher Reports

Siretta Report #1 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing 46 stack-based buffer overflow vulnerabilities.

Siretta Report #2 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a directory traversal vulnerability.

Siretta Report #3 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing four command injection vulnerabilities.

Siretta Report #4 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a heap-based buffer overflow vulnerability.

Siretta Report #5 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a file write vulnerability.

Siretta Report #6 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a leftover debug code vulnerability.

Siretta Report #7 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing an OS command injection vulnerability.

Siretta Report #8 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing an OS command injection vulnerability.

Siretta Report #9 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing an OS command injection vulnerability.

Siretta Report #10 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a stack-based buffer overflow vulnerability.

Siretta Report #11 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a directory traversal vulnerability.

Siretta Report #12 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing an OS command injection vulnerability.

Siretta Report #13 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a directory traversal vulnerability.

Siretta Report #14 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a stack-based buffer overflow vulnerability.

Zyxel Report - Positive Technologies published a report describing an improper check for unusual or exceptional conditions vulnerability in Zyxel switches.

Delta Report - Tenable published a report describing a privilege escalation vulnerability in the Delta Electronics InfraSuite Device Master.

 

For more details about these disclosures, including links to third-party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-e09 - subscription required.

Review – Public ICS Disclosures – Week of 10-8-22 – Part 1

This is a moderately busy Saturday after 2^nd Tuesday. For Part 1 this week, we have fifteen vendor disclosures from Aruba, Bentley (3), Eaton, GE Healthcare, Hitachi Energy, HP, Palo Alto Networks, Phoenix Contact, PulseSecure, Softing (2), TandD, and VMware.

Aruba Advisory - Aruba published an advisory describing three vulnerabilities in their EdgeConnect Enterprise Orchestrator.

Bentley Advisory #1 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation And MicroStation-Based Applications.

Bentley Advisory #2 - Bentley published an advisory that describes a stack-based buffer overflow vulnerability in their MicroStation And MicroStation-Based Applications.

Bentley Advisory #3 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-Based Applications.

Eaton Advisory - Eaton published an advisory that describes an unrestricted file upload vulnerability in their Foreseer EPMS.

GE Healthcare Advisory - GE published an advisory that provides guidance on securing serial ports in medical devices.

Hitachi Energy Advisory - Hitachi published an advisory that discusses two vulnerabilities in their MicroSCADA X DMS600

product.

HP Advisory - HP published an advisory that discusses eleven vulnerabilities in their GPU Display Driver.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that describes an authentication bypass vulnerability in their Pan-OS product.

Phoenix Contact Advisory - CERT-VDE published an advisory that discusses 83 vulnerabilities in the Phoenix Contact PLCnext Control.

PulseSecure Advisory - PulseSecure published an advisory that describes two denial of service vulnerabilities in their Ivanti Connect Secure products.

Softing Advisory #1 - Softing published an advisory that describes a use after free vulnerability in their OPC UA C++ SDK and OPC Suite products.

Softing Advisory #2 - Softing published an advisory that describes an input validation vulnerability in their OPC UA C++ SDK, Secure Integration Server, edgeConnector, edgeAggregator, uaGate and OPC Suite products.

TandD Advisory - TandD published an advisory that describes a denial-of-service vulnerability in their TR4 Series devices

NOTE: TandD does not call this a ‘vulnerability’ they call it a problem “whereby internal communication between components fails” which kind of sounds like a ‘denial-of-service’ vulnerability to me.

VMware Advisory - VMware published an advisory that describes an arbitrary file read vulnerability in their VMware vRealize Operations product.

 

For more information on these disclosures, including links to third-party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-c00 - subscription required.

Review – Public ICS Disclosures – Week of 7-30-22

This week we have eleven vendor disclosures from Belden, Bosch, DrayTek, HPE, Meinberg, Mitsubishi, OPC Foundation, PulseSecure, Software Toolbox (2), and VMware. There are also two updates from Belden and HP.

 

Belden Advisory - Belden published an advisory that describes a denial of service vulnerability in their Hirschmann EagleSDV.

Bosch Advisory - Bosch published an advisory that describes two vulnerabilities in the their BF-OS. Bosch

DrayTek Advisory - DrayTek published an advisory that describes a remote code execution vulnerability in their Vigor Routers.

NOTE: The DrayTek advisory includes an actual link to the Trellix report. That is full disclosure.

HPE Advisory - HPE published an advisory that discusses a directory traversal vulnerability in their B-series Fibre Channel SAN Switch.

Meinberg Advisory - Meinberg published an advisory that discusses fifteen vulnerabilities (13 with available exploits) in their LANTIME firmware.

Mitsubishi Advisory - Mitsubishi published an advisory that discusses two vulnerabilities in their GT SoftGOT2000.

NOTE: The Mitsubishi advisory notes that these vulnerabilities affect “multiple FA products”, but only one product is currently listed. We may see additional products added in future updates.

OPC Foundation - The OPC Foundation published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their OPC UA .NET Standard Reference Server.

PulseSecure Advisory - PulseSecure published an advisory that discusses an OS command injection vulnerability.

Software Toolbox Advisory #1 - Software Toolbox published an advisory that discusses the DICOM hardening vulnerability in their OPC Quick Client.

Software Toolbox Advisory #2 - Software Toolbox published an advisory that discusses the DICOM hardening vulnerability in their Top Server.

VMware Advisory - VMware published an advisory that describes ten vulnerabilities (with one known exploit) in multiple products.

Belden Update - Belden published an update for their FragAttacks advisory that was originally published on March 14^th, 2022.

HP Update - HP published an update for their Wireless Bluetooth advisory that was originally published on February 8th, 2022 and most recently updated on June 13^th, 2022.

 

For more details on these disclosures, including links to 3^rd party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-ec0 - subscription required.

Review – Public ICS Disclosures – Week of 3-26-22 – Part 2

In Part 2 we have ten additional vendor disclosures from Beckman Coulter, PulseSecure, QNAP (2), Rockwell Automation, Tanzu (3), VMware and Western Digital. There are also vendor updates from Dell and Siemens. Finally, we have two researcher reports about vulnerabilities in products from Siemens.

Beckman Coulter Advisory - Beckman published an advisory discussing the PrintNightmare vulnerability.

PulseSecure Advisory - PulseSecure published an advisory discussing an infinite loop vulnerability in multiple products.

QNAP Advisory #1 - QNAP published an advisory discussing the DirtyPipe vulnerability.

QNAP Advisory #2 - QNAP published an advisory discussing an infinite loop vulnerability in their QNAP NAS products.

Rockwell Advisory - Rockwell published an advisory describing an XML external entity vulnerability in their Workbench products.

Tanzu Advisory #1 - Tanzu published an advisory discussing a denial-of-service vulnerability in their Spring Framework products.

Tanzu Advisory #2 - Tanzu published an advisory describing a command injection vulnerability in their Spring Cloud Function.

Tanzu Advisory #3 - Tanzu published an advisory discussing the SpringShell vulnerability.

VMware Advisory - VMware published an advisory describing an information disclosure vulnerability in their vCenter Server.

Western Digital Advisory - Western Digital published an advisory describing a DLL hijacking vulnerability in their G-RAID 4/8 Software Utility.

Dell Update - Dell published an update for their Log4Shell advisory.

Siemens Update - Siemens published an update for their SegmentSmack advisory that was originally published on April 14^th, 2020 and most recently updated on March 11^th, 2022.

Siemens Reports - The Zero Day Initiative published two reports (here and here) about vulnerabilities in the Siemens Simcenter Femap simulation application.

 

For more details about these disclosures, including links to researcher reports and third-party vendor advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-008 - subscription required.

Review - Public ICS Disclosures – Week of 2-19-22

This week we have twelve vendor disclosures from Aruba, GE Gas Power (2), Hitachi, Insyde (3), HPE, PulseSecure, QNAP, Siemens, and VMware. We have five vendor updates from Aruba, Dell, HPE, Johnson Controls, and Milestone. We also have 19 researcher reports for products from WECON (15), Fuji Electric (3), and Industrial Control Links (ICL). Finally we have three exploits reported for products from ICL and WebHMI (2).

Aruba Advisory - Aruba published an advisory describing 16 vulnerabilities in their AOS-CX Switches. Some of these are third-party vulnerabilities.

GE Gas Power Advisory #1 - GE published an advisory discussing the GE CIMPLICITY vulnerabilities reported earlier this week.

GE Gas Power Advisory #2 - GE published an advisory discussing the Blackberry QNX Neutrino Kernel vulnerability.

Hitachi Advisory - Hitachi published an advisory discussing 20 recently reported Microsoft vulnerabilities affecting their Hitachi Disk Array Systems.

Insyde Advisory #1 - Insyde published an advisory describing a privilege escalation vulnerability in their SysPasswordDxe driver.

Insyde Advisory #2 - Insyde published an advisory describing a buffer overflow vulnerability in their VariableEditSmm driver.

Insyde Advisoyr #3 - Insyde published an advisory describing a plain-text storage of sensitive information vulnerability in their HddPasswordPei driver.

HPE Advisory #1 - HPE published an advisory describing two vulnerabilities in their OneView Global Dashboard.

PulseSecure Advisory - PulseSecure published an advisory describing an integer overflow or wrap around vulnerability in multiple product lines.

QNAP Advisory - QNAP published an advisory describing two cross-site scripting vulnerabilities in their NAS running Proxy Server.

Siemens Advisory - Siemens published an advisory discussing 23 vulnerabilities in their Industrial Products.

VMware Advisory - VMware published an advisory describing a cross-site scripting vulnerability in their Workspace ONE Boxer.

Aruba Update - Aruba published an update for their PwnKit advisory that was originally published on February 1^st, 2022.

Dell Update - Dell published an update for their generic Log4Shell  advisory.

HPE Update - HPE published an update for their PwnKit advisory that was originally published on February 1^st 2022.

Johnson Controls Update - Johnson Controls published an update for their Log4Shell advisory.

Milestone Update - Milestone published an update for their Log4Shell advisory.

WECON Reports - The Zero Day Initiative published 15 reports of vulnerabilities in the WECON LeviStudioU.

Fuji Reports - ZDI published 3 reports of vulnerabilities in the Fuji Electric Alpha5 servo amplifiers.

ICL Report - Zero Science published a report describing a file write/overwrite and delete vulnerability in the ICL ScadaFlex II SCADA Controllers SC-1/SC-2.

ICL Exploit - LiquidWorm published an exploit for the ICL vulnerability reported above.

WebHMI Exploit #1 - Antonio Cuomo published an exploit for a remote code execution vulnerability in WebHMI version 4.1.1.

WebHMI Exploit #2 - Antonio Cuomo published an exploit for cross-site scripting vulnerability in WebHMI 4.1.

 

For more details about these disclosures, including links to 3rd party advisories, researcher reports, and exploits – see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-762 - subscription required.

Review - Public ICS Disclosures – Week of 10-16-21

This week we have ten vendor disclosures from ABB, Weidmueller, HMS (2), HPE (2), Meinberg, PulseSecure, QNAP, and VMware. We also have two researcher reports of vulnerabilities in products from SonicWall and RDP Manager. There were three exploits published for products from SonicWall and Mitsubishi (2).

ABB Advisory - ABB published an advisory describing an integrity check bypass in their free@home System Access Point product.

Weidmueller Advisory - CERT-VDE published an advisory discussing the INFRA:HALT vulnerabilities in the Weidmueller Remote I/O fieldbus couplers.

HMS Advisory #1 - HMS published an advisory discussing the BrakTooth vulnerabilities in their Anybus wireless products.

HMS Advisory #2 - HMS published an advisory discussing the BadAlloc vulnerabilities in their Anybus wireless products.

HPE Advisory #1 - HPE published an advisory describing an information disclosure vulnerability in their 6120XG Blade Switch.

HPE Advisory #2 - HPE published an advisory describing a cross-site scripting vulnerability in their Superdome Flex Server.

Meinberg Advisory - Meinberg published an advisory discussing the GPSD Rollover Bug.

PulseSecure Advisory - PulseSecure published an advisory describing a malformed packet request vulnerability in their Pulse Connect Secure software.

QNAP Advisory - QNAP published an advisory describing a command injection vulnerability in their QNAP NAS running the Media Streaming add-on.

VMware Advisory - VMware published an advisory describing an information disclosure vulnerability in their vRealize Operations Tenant App for VMware Cloud Director.

SonicWall Report - Vulnerability Lab published a report of a cross-site scripting vulnerability in the SonicWeb SonicOS.

RDP Manager Report - Vulnerability Lab published a report of a denial-of-service vulnerability in the RDP Manager windows software client.

SonicWall Exploit - Jacob Baines published an exploit for an improper access control vulnerability in the SonicWall SMA100 product.

Mitsubishi Exploit #1 - Hamit Cibo published an exploit for a reflected cross-site scripting vulnerability in the Mitsubishi ME RTU.

Mitsubishi Exploit #2 - Hamit Cibo published an exploit for a source code disclosure vulnerability in the Mitsubishi ME RTU.

For more details about these advisories, reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-c22 - subscription required.

Review - Public ICS Disclosures – Week of 7-31-21

This week we have three INFRA:HALT advisories from: Phoenix Contact, Schneider Electric, Siemens. We have 17 other advisories for products from Aruba, Bosch, Carestream, Genetec, Hitachi ABB Power Grids (3), Johnson Controls, Mitsubishi Electric (4), Phoenix Contact (3), PulseSecure, VMware. Finally, there are two updates from CODESYS and PcVue.

INFRA:HALT Advisories

Phoenix Contact published an advisory discussing the INFRA:HALT vulnerabilities.

Schneider published an advisory discussing the INFRA:HALT vulnerabilities.

Siemens published an advisory discussing the INFRA:HALT vulnerabilities.

Other Advisories

Aruba published an advisory describing a privilege escalation vulnerability in their Analytics and Location Engine (ALE).

Bosch published an advisory describing a cross-site request forgery vulnerability in their IP Cameras.

Carestream published an advisory discussing the PrintNightmare vulnerabilities.

Genetec published an advisory describing four vulnerabilities in their Streamvault products.

Hitachi ABB published an advisory discussing the FragAttacks WiFi vulnerabilities in their TropOS Product.

Hitachi ABB published an advisory describing a password in memory vulnerability in their Counterparty Settlement Billing (CSB) Product.

Hitachi ABB published an advisory describing a password in memory vulnerability in their Retail Operations Product.

Johnson Controls published an advisory describing an auto-update vulnerability in their Software House C•CURE 9000 product

Mitsubishi published an advisory describing an information disclosure vulnerability in their MELSEC iQ-R Series CPU module.

Mitsubishi published an advisory describing an unauthorized log-in vulnerability in their MELSEC iQ-R series CPU modules.

Mitsubishi published an advisory describing a denial-of-service vulnerability in their MELSEC iQ-R Series CPU module.

Mitsubishi published an advisory describing an authentication bypass vulnerability in their MELSEC iQ-R Series CPU Module.

Phoenix Controls published an advisory discussing the WIBU CodeMeter vulnerabilities reported by NCCIC-ICS.

Phoenix Controls published an advisory describing a denial of service vulnerability in their PLCnext Control devices.

Phoenix Controls published an advisory describing an improper privilege management vulnerability in their  FL MGUARD DM product.

PulseSecure published an advisory describing six vulnerabilities in their Pulse Connect Secure.

VMware published an advisory describing two vulnerabilities in their VMware Workspace ONE Access product.

Updates

CODESYS published an update for their CODESYS Development System V3 advisory that was originally published on July 15^th, 2021.

PcVue published an update for their advisory that was originally published in November 2020.

For more details on these advisories, including links to exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-e33 - subscription required.

Review - Public ICS Disclosures – Week of 7-10-21

This week we have eleven vendor disclosures from Aruba Networks, Carestream, CODESYS, Hitachi-ABB Power Grids, Philips, PulseSecure (2), SonicWall (2), and VMware (2). We have an updated disclosure from HMS. There are ten researcher reports for products from Advantech (4), Rockwell (5), and Schneider. Finally, we have three exploits for products from VMware, and Aruba (2).

Aruba Advisory - Aruba published an advisory describing four vulnerabilities in their AOS-CX Devices.

Carestream Advisory - Carestream published an advisory discussing the PrintNightmare vulnerabilities.

CODESYS Advisory - CODESYS published an advisory describing six vulnerabilities in their V2 web servers.

Hitachi-ABB Advisory - Hitachi-ABB published an advisory describing a password autocomplete vulnerability in their eSOMS web application.

Philips Advisory - Philips published an advisory discussing the latest SolarWinds vulnerability.

PulseSecure #1 - PulseSecure published an advisory discussing three OpenSSL vulnerabilities.

PulseSecure #2 - PulseSecure published an advisory discussing two OpenSSL vulnerabilities.

SonicWall #1 - SonicWall published an advisory discussing two OpenSSL vulnerabilities.

SonicWall #2 - SonicWall published an advisory describing an SQL injection vulnerability in their end-of-life Secure Remote Access (SRA) products.

Advantech Reports - Talos published four vulnerability reports for six vulnerabilities in the Advantech R-SeeNet product.

Rockwell Reports - Kaspersky published five reports on vulnerabilities in the Rockwell Automation ISaGRAF Runtime product.

Schneider Report - Tenable published a report describing an authentication bypass vulnerability in the Schneider Modicon M340/M580 PLC.

VMware Exploit - Wvu published a Metasploit module for an input validation vulnerability in the VMware vCenter Server.

Aruba Exploit #1 - Aleph Security published an exploit for eight vulnerabilities in the Aruba Instant (IAP) product.

Aruba Exploit #2 - GR33NH4T published an exploit for an arbitrary file write vulnerability in the Aruba Instant (IAP) product.

For more details about the advisories see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-ab4 - subscription required.

Public ICS Disclosures – Week of 5-8-21, Part 1

This is a busier week than normal, even for a ‘Second Tuesday’ week. We have three vendor notifications for the FragAttacks WiFi vulnerabilities from Aruba, Ruckus, and Texas Instruments. We have two vendor notifications for the two OPC UA vulnerabilities reported this week by NCCIC-ICS from Beckhoff, Belden. We also have twelve other vendor notifications from Braun, SITEL (4), PEPPERL+FUCHS, CODESYS (3), Dell, and PulseSecure (2).

There will be a similarly lengthy list in Part 2 tomorrow.

FragAttacks Advisories

Aruba published an advisory discussing the FragAttacks vulnerabilities. Aruba provides a list of affected products and has new versions that mitigate the vulnerabilities.

Ruckus published an advisory discussing the FragAttacks vulnerabilities. Ruckus provides a list of affected products and has updates that mitigate the vulnerabilities.

TI published an advisory discussing the FragAttacks vulnerabilities. TI provides a list of affected products and has new versions that mitigate the vulnerabilities.

OPC UA Advisories

Beckhoff published an advisory discussing the OPC UA advisories. Beckhoff provides a list of affected products and has new versions that mitigate the vulnerabilities.

Belden published an advisory discussing the OPC UA advisories. Belden provides a list of affected products and has new versions that mitigate the vulnerabilities.

Braun Advisory

Braun published an advisory describing four vulnerabilities in a number of their products. The vulnerabilities were reported by McAfee Advanced Threat Research. Braun has new versions that mitigate the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The four reported vulnerabilities are:

• Insufficient verification of data authenticity,

• Missing authentication for critical function,

• Clear-text transmission of sensitive information, and

• Unrestricted upload of file with dangerous type.

SITEL Advisories

Incibe-Cert published an advisory describing a hard-coded credentials vulnerability in the SITEL CAP/PRX products. The vulnerability was reported by S21sec. SITEL has a new firmware version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Incibe-Cert published an advisory describing an exposure of sensitive information to an unauthorized actor vulnerability in the SITEL CAP/PRX products. The vulnerability was reported by S21sec. SITEL has a new firmware version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Incibe-Cert published an advisory describing a clear-text transmission of sensitive information vulnerability in the SITEL CAP/PRX products. The vulnerability was reported by S21sec. SITEL has a new firmware version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Incibe-Cert published an advisory describing an uncontrolled resource consumption vulnerability in the SITEL CAP/PRX products. The vulnerability was reported by S21sec. SITEL has a new firmware version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

PEPPERL+FUCHS Advisory

CERT-VDE published an advisory describing four vulnerabilities in the PEPPERL+FUCHS ICE1 Ethernet IO Modules. These are third-party (Hilscher) vulnerabilities. PEPPERL+FUCHS has provided generic mitigation measures.

The four reported vulnerabilities are:

• Out-of-bounds write (2) - CVE-2021-20987 and CVE-2021-20986,

• Improper restriction of operations within the bounds of a memory buffer - CVE-2021-20988, and

• Exposure of sensitive information to an unauthorized actor - CVE-2019-18222 (Mbed TLS)

CODESYS Advisories

CODESYS published an advisory describing three vulnerabilities in their CODESYS V2 runtime systems. The vulnerabilities were reported by Yossi Reuven of SCADAfence and Sergey Fedonin and Denis Goryushev of Positive Technologies. CODESYS has updates that mitigate the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The three reported vulnerabilities are:

• Heap-based buffer overflow - CVE-2021-30186,

• Stack-based buffer overflow - CVE-2021-30188, and

• Improper input validation - CVE-2021-30195

CODESYS published an advisory describing six vulnerabilities in their V2 web server. The vulnerabilities were reported by Vyacheslav Moskvin, Sergey Fedonin and Anton Dorfman of Positive

Technologies. CODESYS has a new version that mitigates the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The six reported vulnerabilities are:

• Stack-based buffer overflow - CVE-2021-30189,

• Improper access control - CVE-2021-30190,

• Buffer copy without checking size of input - CVE-2021-30191,

• Improperly implemented security check - CVE-2021-30192,

• Out-of-bounds write - CVE-2021-30193, and

• Out-of-bounds read - CVE-2021-30194

CODESYS published an advisory describing an improper neutralization of special elements used in an OS command vulnerability in their CODESYS V2 Runtime Toolkit 32. This is a Linux implementation vulnerability. The vulnerability was reported by van Kurnakov and Sergey Fedonin of Positive Technologies. CODESYS has a new version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Dell Advisory

Dell published an advisory describing an improper authorization vulnerability in their Dell Wyse Windows Embedded System. The vulnerability was reported by Alessandro Baldini and Alessio D'Anastasio. Dell has updates that mitigate the vulnerability.

PulseSecure Advisories

PulseSecure published an advisory describing an HTTP request smuggling vulnerability in their Virtual Traffic Manager (vTM). The vulnerability was reported by James Kettle from PortSwigger Web Security.  PulseSecure has new versions that mitigate the vulnerability. There is no indication that Kettle has been provided an opportunity to verify the efficacy of the fix.

PulseSecure published an advisory describing a buffer overflow vulnerability in their Pulse Connect Secure. PulseSecure provides a work around pending development of a new version that will mitigate the vulnerability.