Review – 2 Advisory and 1 Update Published – 2-1-22

Today, CISA’s NCCIC-ICS published two control system security advisories for products from Advantech and Ricon. They also updated their Multiple Data Distribution System advisory.

Advantech Advisory - This advisory describes a use of hard-coded cryptographic key in the Advantech ADAM-3600 remote terminal unit.

Ricon Advisory - This advisory describes an OS command injection vulnerability in the Ricon S9922 series Industrial Cellular Router.

NOTE: I briefly discussed this vulnerability on July 10^th, 2021.

Multiple DDS Update - This update provides additional information on an advisory that was originally published on November 11^th, 2021.

NOTE: Alias Robotic recently published an updated report on these vulnerabilities.

 

For more details about these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisory-and-1-update-published - subscription required.

Review - Public ICS Disclosures – Week of 7-3-21

This week we have thirteen vendor disclosures from ABB, Bosch, B&R Industrial Automation (3), Flexera, GE Healthcare, Hitachi, HMS Networks, Philips, QNAP, Rockwell Automation, and SonicWall. We have four researcher reports of vulnerabilities in products from Advantech (2), Ricon, and VMWare.

ABB Advisory - ABB published an advisory describing a serial number misuse vulnerability in their Busch®-ControlTouch product.

Bosch Advisory - Bosch published an advisory discussing three vulnerabilities in their Rexroth products.

B&R Advisory #1 - B&R published an advisory describing an out-of-bounds write vulnerability in their X20 EthernetIP Adapter.

B&R Advisory #2 - B&R published an advisory describing an out-of-bounds write vulnerability in their  PROFINET IO Devices.

B&R Advisory #3 - B&R published an advisory describing a denial of service vulnerability in their Automation Runtime product.

Dell Advisory - Dell published an advisory describing two vulnerabilities in their Dell Wyse Management Suite.

Flexera Advisory - Flexera published an advisory describing an exposure of sensitive information to an unauthorized actor vulnerability in their FlexNet Publisher.

GE Healthcare Advisory - GE Healthcare published an advisory discussing the PrintNightmare vulnerabilities.

Hitachi Advisory - Hitachi published an advisory discussing 23 vulnerabilities in their Hitachi Disk Array Systems.

HMS Advisory - HMS published an advisory describing an insecure file system permission vulnerability in their eCatcher product.

Philips Advisory - Philips published an advisory discussing the Kaseya VSA supply chain attack.

QNAP Advisory - QNAP published an advisory describing an improper access control vulnerability in their Legacy HBS 3 (Hybrid Backup Sync) product.

Rockwell Advisory - Rockwell published their advisory for the vulnerability reported this week by NCCIC-ICS.

SonicWall Advisory - SonicWall published an advisory describing an out-of-bounds read vulnerability in their SonicWall Switch product.

Advantech Report - ZDI published two reports (here and here) of stack-based buffer overflow vulnerabilities in the Advantech web access product.

Ricon Report - Zero Science Lab published a report describing an OS command injection vulnerability in the Ricon S9922L series LTE router.

VMWare Report - NCC Group published a report on exploiting CVE-2021-3156 VMWare vCenter Server 7.0 product.

For a more detailed discussion of the advisories see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-ac2 - subscription required.