Review – Public ICS Disclosures – Week of 3-7-26 – Part 2 -

For Part 2 we have additional 14 vendor disclosures from Delta Electronics, Janitza, Mitsubishi, Moxa (4), NI (2), Palo Alto Networks (3), Philips, and Ruckus. Part 3 is in the works.

Advisories

Delta Advisory - Delta published an advisory that describes two vulnerabilities in their COMMGR 2 product

Janitza Advisory - CERT-VDE published an advisory that describes four vulnerabilities in the Janitza UMG 96RM-E products.

Mitsubishi Advisory - Mitsubishi published an advisory that describes an improper validation of specified index, position, or offset vulnerability in their CNC Series products.

Moxa Advisory #1 - Moxa published an advisory that discusses a GNU argument injection vulnerability.

Moxa Advisory #2 - Moxa published an advisory that discusses three vulnerabilities in their DA Series products.

Moxa Advisory #3 - Moxa published an advisory that discusses three vulnerabilities in their DA Series products.

Moxa Advisory #4 - Moxa published an advisory that discusses an insufficient flow control management vulnerability in their DA Series products.

NI Advisory #1 - NI published an advisory that describes two out-of-bounds write vulnerabilities in their Digilent DASYLab product.

NI Advisory #2 - NI published an advisory that describes two out-of-bounds read vulnerabilities in their Digilent DASYLab product.

PAN Advisory #1 - PAN published an advisory that discusses eight vulnerabilities (one with publicly available exploits and listed in CISA’s KEV catalog) in their Prima Browser product.

PAN Advisory #2 - PAN published an advisory that describes an improper check for unusual or exceptional conditions vulnerability in their Cortex XDR Agent.

PAN Advisory #3 - PAN published an advisory that describes an exposure of sensitive information to an unauthorized control sphere in their Cortex XDR Broker VM product.

Philips Advisory - Philips published an advisory that discusses the Stryker cyberattack.

Ruckus Advisory - Ruckus published an advisory that discusses the AirSnitch vulnerabilities.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-194 - subscription required.

Review – Public ICS Disclosures – Week of 12-20-25

This was a relatively light Christmas week for disclosures. We have seven vendor disclosures from Delta Electronics, Eaton (3), Hitachi (2), and Ruckus. We also have four exploits for products from FortiGuard, HP (2), and HPE.

Advisories

Delta Advisory - Delta published an advisory that describes a cleartext transmission of sensitive information in their DVP-12SE PLC.

Eaton Advisory #1 - Eaton published an advisory that describes an uncontrolled search path vulnerability in their UPS Companion (EUC) Software.

Eaton Advisory #2 - Eaton published an advisory that describes two uncontrolled search path element vulnerabilities in their UPS Companion (EUC) software.

Eaton Advisory #3 - Eaton published an advisory that describes an improper input validation vulnerability in their xComfort ECI.

Hitachi Advisory #1 - Hitachi published an advisory that discusses two vulnerabilities in their Infrastructure Analytics Advisor and Ops Center Analyzer products.

Hitachi Advisory #2 - Hitachi published an advisory that discusses 35 vulnerabilities in their Disk Array products.

Ruckus Advisory - Ruckus published an advisory that discusses the Qualcomm U-boot vulnerability.

Exploits

FortiGuard Exploit - Indoushka published an exploit for an SQL injection vulnerability in the FortiGuard FortiWeb Fabric Connector.

HP Exploit #1 - Indoushka published an exploit for a PHP code injection vulnerability in the HP ProCurve SNAC Domain Controller.

HP Exploit #2 - Indoushka published an exploit for a credential dumping attack on the HP ProCurve SNAC Domain Controller.

HPE Exploit - Remmons-r7, et al, published a Metasploit module for a code injection vulnerability in the HPE One View product.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-218 - subscription required.

Review – Public ICS Disclosures – Week of 11-22-25 – Part 2

For Part 2 we have three additional vendor disclosures from ABB, and Wibu (2). There are also six vendor updates from ABB, FortiGuard (2), and Mitsubishi (3). Finally, we have five exploits for products from Broadcom, FortiGuard (2), HP, and Ruckus.

Advisories

ABB Advisory - ABB published an advisory that discusses 22 vulnerabilities in their Ability Camera Connect product.

Wibu Advisory #1 - Wibu published an advisory that describes a write-what-where condition vulnerability in their legacy WibuKey product.

Wibu Advisory #2 - Wibu published an advisory that describes an improper restriction of operations within the bounds of a memory buffer vulnerability in their legacy WibuKey product.

Updates

ABB Update - ABB published an update for their Terra AC wallbox advisory that was originally published on September 16^th, 2025, and most recently updated on October 27^th, 2025.

FortiGuard Update #1 - FortiGuard published an update for their CAPWAP daemon advisory that was originally published on November 18^th, 2025.

FortiGuard Update #2 - FortiGuard published an update for their CAPWAP daemon advisory that was originally published on November 18^th, 2025.

Mitsubishi Update #1 - Mitsubishi published an update for their Lighting Control System MILCO.S advisory that was originally published on November 18^th, 2025.

Mitsubishi Update #2 - Mitsubishi published an update for their Flexera InstallShield advisory that was originally published on July 24^th, 2025.

Exploits

Broadcom Exploit - Indoushka published an exploit for two vulnerabilities in the Broadcom Brocade Fabric OS.

FortiGuard Exploit #1 - Indoushka published an exploit for a relative path traversal vulnerability in the FortiGuard FortiWeb product.

FortiGuard Exploit #1 - Sfewer-r7 published a Metasploit module for two vulnerabilities in the FortiGuard FortiWeb product.

HP Exploit - Indoushka published an exploit for an improper authentication vulnerability in the HP Intelligent Management product.

Ruckus Exploit - Huthaifa Qashou published an exploit for a cross-site scripting vulnerability in the Ruckus Unleashed product.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-f10 - subscription required.

Review – Public ICS Disclosures – Week of 10-25-25

This week we have bulk vendor disclosures from HP (6). We have 11 additional vendor disclosures from Circutor, Hitachi Energy, HPE, Moxa, Philips, QNAP, Ruckus, Sick (2), Supermicro, and WatchGuard. There are bulk updates from HP (6). We have six additional vendor updates from ABB, Hitachi Energy, and Moxa (4). Finally, we have a researcher report of a vulnerability in products from MPDV Mikrolab.

Bulk Disclosures – HP

• HP Client Management Script Library – Security Update,

• AMD Graphics August 2025 Security Update,

• HP Card Readers (B Models) – Potential Information Disclosure,

• NVIDIA GPU Display Driver October 2025 Security Update,

• Intel Xeon Processor Firmware August 2025 Security Update,

• HP ThinPro 8.1 SP8 Security Updates.

Advisories

Circutor Advisory - INCIBE-CERT published an advisory that describes 12 vulnerabilities in the Circutor SGE-PLC100 and SGE-PLC50 concentrators.

Hitachi Energy Advisory - Hitachi Energy published an advisory that discusses the BlastRadius-Fail vulnerability.

HPE Advisory - HPE published an advisory that describes seven vulnerabilities in their Private Cloud AI product.

Moxa Advisory - Moxa published an advisory that discusses an inadequate encryption strength vulnerability in multiple Moxa product lines.

Philips Advisory - Philips published an advisory that discusses a Windows remote code execution vulnerability that is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

QNAP Advisory - QNAP published an advisory that discusses an HTTP request/response smuggling vulnerability (with publicly available exploit) in their NetBak PC Agent.

Ruckus Advisory - Ruckus published an advisory that describes “a number of vulnerabilities in access control and privilege escalation” in their RUCKUS Network Director.

Sick Advisory #1 - Sick published an advisory that discusses an inclusion of functionality from untrusted control sphere vulnerability (listed in CISA’s KEV and has publicly available exploit) in their SID products.

Sick Advisory #2 - Sick published an advisory that describes six vulnerabilities in their TLOC100-100 product.

Supermicro Advisory - Supermicro published an advisory that discusses an improper handling of insufficient entropy vulnerability in multiple Supermicro products.

WatchGuard Advisory - WatchGuard published an advisory that describes a command injection vulnerability in their Mobile VPN product.

Bulk Updates – HP

• Intel Rapid Storage Technology Software August 2025 Security Update,

• HP Hotkey Support – Escalation of Privilege,

• NVIDIA GPU Display Driver January 2025 Security Update,

• NVIDIA GPU Display Driver July 2025 Security Update,

• Intel System Security Report and System Resources Defense, and

• Intel Graphics Software August 2025 Security Update

Updates

ABB Update - ABB published an update for their Terra AC wallbox advisory that was originally published on September 16^th, 2025, and most recently updated on October 9^th, 2025.

Hitachi Energy Update - Hitachi Energy published an update for their Asset Suite advisory that was originally published on September 30^th, 2025.

Moxa Update #1 - Moxa published an update for their Ethernet Switch advisory that was originally published on October 23^rd, 2025.

Moxa Update #2 - Moxa published an update for their Secure Routers advisory that was originally published on April 2^nd, 2025, and most recently updated on May 5^th, 2025.

Moxa Update #3 - Moxa published an update for their Secure Routers advisory that was originally published on April 2^nd, 2025.

Moxa Update #4 - Moxa published an update for their ICMP Timestamp advisory that was originally published on October 21^st, 2025.

Researcher Reports

MPDV Mikrolab Report - SEC Consult published a report that describes a path traversal vulnerability in the MPDV MIP 2, FEDRA 2, and HYDRA X Manufacturing Execution Systems.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-0e8 - subscription required.

Review – Public ICS Disclosures – Week of 7-5-25 – Part 2

For Part 2 this week we have 13 additional vendor disclosures from Mitsubishi, Palo Alto Networks (5), Pheonix Contact (4), Rockwell Automation, and Ruckus. Part 3 is planned for Tuesday.

Advisories

Mitsubishi Advisory - Mitsubishi published an advisory that describes a two vulnerabilities in their EcoGuideTAB product.

Palo Alto Networks Advisory #1 - PAN published an advisory that discusses 24 vulnerabilities in their PAN-OS products. These are third-party vulnerabilities.

Palo Alto Networks Advisory #2 - PAN published an advisory that discusses 8 vulnerabilities (one listed in CISA’s Known Exploited Vulnerabilties catalog) in their Prisma Access Browser.

Palo Alto Networks Advisory #3 - PAN published an advisory that describes an incorrect privilege assignment vulnerability in their Autonomous Digital Experience Manager.

Palo Alto Networks Advisory #4 - PAN published an advisory that describes an incorrect privilege assignment vulnerability in their GlobalProtect App.

Palo Alto Networks Advisory #5 - PAN published an advisory that describes an untrusted search path vulnerability in their GlobalProtect App.

Phoenix Contact Advisory #1 - Phoenix Contact published an advisory that describes four vulnerabilities in their PLCnext Firmware.

Phoenix Contact Advisory #2 - Phoenix Contact published an advisory that discusses 54 vulnerabilities in their PLCnext Firmware.

Phoenix Contact Advisory #3 - Phoenix Contact published an advisory that describes three vulnerabilities in their CHARX SEC-3xxx charging controllers.

Phoenix Contact Advisory #4 - Phoenix Contact published an advisory that describes five vulnerabilities in their CHARX SEC-3xxx charging controllers.

Rockwell Advisory - Rockwell published an advisory that describes two improper input validation vulnerabilities in their Arena Simulation product.

Ruckus Advisory - Ruckus published an advisory that describes nine vulnerabilities in their SmartZone and Network Director products.

 

For more information on these disclosures, including links to 3^rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-eeb - subscription required.

Review – Public ICS Disclosures – Week of 4-12-25

This week we have 14 vendor disclosures from ads-tech, Broadcom, Delta Electronics, GE Vernova (2), HP, HPE (2), Philips, Rockwell Automation, SEL (3), and WAGO. There are two vendor updates from Broadcom and Siemens. We also have three researcher reports for vulnerabilities in products from Eclipse. Finally, we have two exploits for products from Ruckus and FortiGuard.

Advisories

Ads-tech Advisory - CERT-VDE published an advisory that discusses three vulnerabilities (two with publicly available exploits) in the ads-tech IRF products.

Broadcom Advisory - Broadcom published an advisory that describes an input validation vulnerability in multiple Brocade products.

Delta Advisory - Delta published an advisory that describes three vulnerabilities in their ISPsoft product.

GE Advisory #1 - GE Vernova published an advisory that discusses four vulnerabilities in their NetworkST4 devices and Remote Operations Offering products.

GE Advisory #2 - GE Vernova published an advisory that discusses three vulnerabilities (all three listed in CISA’s KEV catalog) in unspecified GE products.

HP Advisory - HP published an advisory that describes a link following vulnerability in their Touchpoint Analytics Service.

HPE Advisory #1 - HPE published an advisory that describes an unauthorized access vulnerability in their Performance Cluster Manager.

HPE Advisory #2 - HPE published an advisory that describes an unauthorized access vulnerability in their Cray Data Virtualization Service.

Philips Advisory - Philips published an advisory that discusses a use after free vulnerability (with publicly available exploit) in multiple Philips products.

Rockwell Advisory - Rockwell published an advisory that describes two vulnerabilities in their ThinManager product.

SEL Advisory #1 - SEL published a software update notice that includes cybersecurity enhancements for their SEL-5032 acSELerator Architect Software.

SEL Advisory #2 - SEL published a software update notice that includes cybersecurity enhancements for their SEL-5702 Synchrowave Operations product.

SEL Advisory #3 - SEL published a software update notice that includes cybersecurity enhancements for their SEL-5231 SEL Configuration API.

WAGO Advisory - CERT-VDE published an advisory that discusses the Year 2038 problem.

Updates

Broadcom Update - Broadcom published an update for their Fabric OS advisory that was originally published on September 26^th, 2034, and most recently updated on February 27^th, 2025.

Siemens Update - Siemens published an update for their Industrial Edge Device Kit advisory that was originally published on April 8^th, 2025.

Researcher Reports

Eclipse Reports - Cisco Talos published three reports about individual vulnerabilities in the Eclipse ThreadX NetX Duo HTTP server.

Exploits

Ruckus Exploit - Korelogic published an exploit for an undocumented backdoor vulnerability in the Ruckus IoT Controller.

FortiGuard Exploit - Zach Hanley published a Metasploit module for an improper authentication vulnerability (listed in CISA’s KEV catalog) in multiple FortiGuard products.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-971 - subscription required.

Review – Public ICS Disclosures – Week of 11-25-23

This week we have 15 vendor disclosures from Festo, Hitachi Energy (3), HPE, Medtronic, Red Lion, Ruckus, SEL, Sierra Wireless, Synology (2), WatchGuard, and Zyxel (2). There are nine vendor updates from Hitachi Energy (7), HPE, and VMware. There is also a researcher report describing vulnerabilities in products from SEL. Finally, we have two exploits for products from Loytec.

Advisories

Festo Advisory - CERT-VDE published an advisory that discusses an out-of-bounds write vulnerability in multiple Festo products.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that describes three vulnerabilities in their RTU500 series products.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that discusses an off-by-one error vulnerability in their SDM600 series products.

Hitachi Energy Advisory #3 - Hitachi Energy published an advisory that describes an improper input validation vulnerability in their s Relion® 670/650/SAM600-IO series products.

HPE Advisory - HPE published an advisory that discusses two improper initialization vulnerabilities in their Cray Servers and ProLiant DL/XL Servers.

Medtronic Advisory - Medtronic published an advisory that discusses two vulnerabilities in their Mainspring Data Express, and Vital Sync Virtual Patient Monitoring Platform products.

Red Lion Advisory - Red Lion published an advisory that describes an improper neutralization of special elements vulnerability in their Crimson 3.2 software.

Ruckus Advisory - Ruckus published an advisory that describes a cross-site scripting vulnerability in multiple Ruckus products.

SEL Advisory - SEL published a cybersecurity notice for their Blueframe OS product.

Sierra Wireless Advisory - Sierra Wireless published an advisory that describes eight vulnerabilities in their ALEOS, the operating system used in certain Sierra Wireless AirLink Routers.

Synology Advisory #1 - Synology published an advisory that describes an arbitrary code execution vulnerability in their Synology Camera BC500 and Synology Camera TC500.

Synology Advisory #2 - Synology published an advisory that describes a man-in-the-middle vulnerability in their Router Manager.

WatchGuard Advisory - WatchGuard published an advisory that discusses the heap buffer overflow in libwebp WebP Codec vulnerability that is listed in the CISA Known Exploited Vulnerabilities catalog.

Zyxel Advisory #1 - Zyxel published an advisory that describes nine vulnerabilities in multiple Zyxel firewall and access point (AP) products.

Zyxel Advisory #2 - Zyxel published an advisory that describes the six vulnerabilities in their NAS326 and NAS542 products.

Updates

Hitachi Energy Updates - Hitachi Energy published seven updates for the purpose of rebranding the advisories from “Hitachi/ABB Power Grids” to “Hitachi Energy”.

HPE Update - HPE published an update for their OneView advisory that was originally published on October 25^th, 2023.

VMware Update - VMware published an update for their Cloud Director Appliance advisory that was originally published on November 14^th, 2023.

Researcher Reports

SEL Report - Nozomi Networks published a report describing five vulnerabilities in the SEL-451 substation bay control  device.

Exploits

Loytec Exploit #1 - Chizuru Toyama published an exploit for three vulnerabilities in the Loytec LINX Configurator.

Loytec Exploit #2 - Chizuru Toyama published an exploit for a four vulnerabilities in the Loytec LINX Configurator.

 

For more details about these disclosures, including links to researcher reports, 3^rd party advisories, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-7e2 - subscription required.

Review – Public ICS Disclosures – Week of 10-14-23 – Part 2

For Part 2 we have 43 more vendor disclosures from Moxa, NI, Philips, QNAP, Rockwell Automation, Ruckus Wireless, Synology, Tanzu (31), VMware (2), WAGO, and Yokogawa. We have three vendor updates for products from Broadcom, HPE, and Moxa. Finally, we have two researcher reports for vulnerabilities in products from Synology and Tideworks.

Advisories

Moxa Advisory #1 - Moxa published an advisory that describes eight vulnerabilities in their TN-5900 and TN-4900 Series Web Server.

NI Advisory - NI published an advisory that describes a stack-based buffer overflow vulnerability in their NI System Configuration product.

Philips Advisory - Philips published an advisory that discusses the Cisco IOS XE Software Web UI privilege escalation vulnerability that was recently added to CISA’s Known Exploited Vulnerabilities Catalog.

QNAP Advisory - QNAP published an advisory that describes an OS command injection vulnerability in their QUSBCam2.

Rockwell Advisory - Rockwell published an advisory that discusses Cisco IOS XE Software Web UI privilege escalation vulnerability.

Ruckus Advisory - Ruckus published an advisory that describes a cross-site scripting vulnerability in their Cloudpath product.

Synology Advisory - Synology published an advisory that discusses the HTTP2-Rapid-Reset vulnerability.

Tanzu Advisories - Tanzu published 31 advisories that discuss various third-party vulnerabilities.

VMware Advisory #1 - VMware published an advisory that describes two vulnerabilities in their Aria Operations for Logs product.

VMware Advisory #2 - VMware published an advisory that describes three vulnerabilities in their Workstation Pro/Player.

WAGO Advisory - CERT-VDE published an advisory that describes an externally controlled reference to a resource in another sphere.

Updates

Broadcom Update - Broadcom published an update for their Product Security Incident Response Team Contact Information advisory that was originally published on February 7^th, 2023.

HPE Update - PE published an update for their OneView advisory that was originally published on September 14^th, 2023.

Moxa Update - Moxa published an update for their TN-5900 and TN-5400 advisory that was originally published August 16^th, 2023, and most recently updated on September 4^th, 2023.

Reports

Synology Report - Claroty published a report that describes a use of insufficiently random values vulnerability in the Synology DiskStation Manager (DSM).

Tideworks Report - Black Lantern Security published a report that describes two vulnerabilities in the Tideworks Forecast product.

 

For more information about these disclosures, including links to 3^rd party advisories, and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-22c - subscription required.

Review – Public ICS Disclosures – Week of 8-12-23

This week we have 17 vendor disclosures from Aruba Networks, Broadcom, CODESYS, FortiGuard, GE Gas Power, Helmholz, HPE (2), Inductive Automation, Moxa (2), Palo Alto Networks, Red Lion, Rockwell, Ruckus Wireless, Wibu, and Zyxel.

Advisories

Aruba Advisory - Aruba published an advisory that describes two vulnerabilities in their Virtual Intranet Access (VIA) Windows Client.

Broadcom Advisory - Broadcom published an advisory that discusses a type confusion vulnerability in their Brocade Fabric OS product.

CODESYS Advisory - CODESYS published an advisory that discusses a heap-based buffer overflow vulnerability in multiple products.

FortiGuard Advisory - FortiGuard published an advisory that describes a stack-based buffer overflow vulnerability in their FortiOS product.

GE Gas Power - GE published an advisory that discusses a heap-based buffer overflow vulnerability in their CIMPLICITY product.

Helmholz Advisory - CERT-VDE published an advisory that discusses a cross-site scripting vulnerability in their REX 200 and REX 250 products.

HPE Advisory #1 - HPE published an advisory that discusses 13 vulnerabilities in their HP-UX Web Server Suite Software.

HPE Advisory #2 - HPE published an advisory that discusses two vulnerabilities in their SimpliVity Servers.

Inductive Automation Advisory - Inductive Automation published an advisory that describes six vulnerabilities in their Ignition product.

Moxa Advisory #1 - Moxa published an advisory that describes a use of hard-coded credentials vulnerability in their NPort IAW5000A-I/O Series.

Moxa Advisory #2 - Moxa published an advisory that describes eight vulnerabilities in their TN-5900 and TN-4900 Series Web Server.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that discusses the TunnelCrack vulnerabilities.

Red Lion Europe Advisory - CERT-VDE published an advisory that descries a cross-site scripting vulnerability in the Red Lion mbNET and mbNET/.rokey.

Rockwell Advisory - Rockwell published an advisory that describes three improper input validation vulnerabilities in their ThinManager ThinServer product.

Ruckus Advisory - Ruckus published an advisory that describes three cross-site scripting vulnerabilities in their ICX product line.

Wibu Advisory - Wibu published an advisory that describes a heap-based buffer overflow vulnerability in their CodeMeter Runtime product.

Zyxel Advisory #1 - Zyxel published an advisory that describes an improper handling of exceptions vulnerability in their XGS2220, XMG1930, and XS1930 series switches.

Zyxel Advisory #2 - Zyxel published an advisory that describes an OS command injection vulnerability in their NBG6604 home router.

 

For more information about the disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article on CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-810 - subscription required.

Review – Public ICS Disclosure – Week of 4-1-23

This week we have six vendor disclosures from ABB, Belden, GE Gas Power, Palo Alto Networks, Ruckus Wireless, and Yokogawa. We also have four vendor updates for products from Aruba Networks and CODESYS (3).

Advisories

ABB Advisory - ABB published an advisory that describes an insecure storage of sensitive information in their My Control System (on-premise).

Belden Advisory - Belden published an advisory that describes a privilege escalation vulnerability in their Hirschmann Industrial HiVision product.

GE Advisory – GE Gas Power published an advisory that discusses a path traversal vulnerability in multiple products. This is a third-party (Fortinet) vulnerability.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that discusses the DLL side loading vulnerability utilized by the Rorschach ransomware.

Ruckus Advisory - Ruckus published an advisory that discusses the  Framing Frames vulnerability.

Yokogawa Advisory - Yokogawa published an advisory that describes an elevation of privilege vulnerability in their CENTUM Authentication Mode.

Updates

Aruba Update - Aruba published an update for their Framing Frames advisory that was originally published on March 30^th, 2023.

CODESYS Update #1 - CODESYS published an update for their runtime system V3 communication server advisory that provides additional information that was originally published on February 23^rd, 2023 and most recently updated on March 8^th, 2023.

CODESYS Update #2 - CODESYS published an update that provides additional information for their Control V3 advisory that was originally published on February 23^rd, 2023 and most recently updated on March 8^th, 2023.

CODESYS Update #3 - CODESYS published an update that provides additional information for their Control V3 file access advisory that was originally published on February 23^rd, 2023 and most recently updated on March 8^th, 2023.

Reports

AMD Reports - Binarily published three reports about vulnerabilities in the SMM Driver On AMD-Based Gigabyte Devices.

 

For more details on these disclosures, including links to 3rd party advisories and a brief description of changes made in the updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-4-1 - subscription required.

Review – Public ICS Disclosures – Week of 2-4-23

This week we have eleven vendor disclosures from ABB, Baicells, Dahua, Palo Alto Networks (5), Ruckus, and Zyxel Networks (2). We also have three vendor updates from CONTEC, HPE, and Moxa. Finally, we have thirteen researcher reports on products from Siemens, and Open Design Alliance (12).

NOTE: There have been problems with the NIST NVD CVE listings this morning. They have been slow to load or have not been found. Hopefully this will be corrected in the near future.

Vendor Disclosures

Baicells Advisory - Baicells published an advisory that describes a cross-site scripting vulnerability in their Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices.

Dahua Advisory - Dahua published an advisory that describes an unauthorized modification of device timestamp vulnerability in some of their embedded products.

Palo Alto Networks Advisory #1 - Palo Alto Networks published an advisory that discusses an improper privilege management vulnerability in SUDO.

Palo Alto Networks Advisory #2 - Palo Alto Networks published an advisory that discusses the OpenSSL vulnerabilities disclosed Feb 7, 2023.

Palo Alto Networks Advisory #3 - Palo Alto Networks published an advisory that describes a protection mechanism failure vulnerability in their Cortex XDR agent.

Palo Alto Networks Advisory #4 - Palo Alto Networks published an advisory that describes an information disclosure vulnerability in their Cortex XDR agent.

Palo Alto Networks Advisory #5 - Palo Alto Networks published an advisory that describes a file disclosure vulnerability in their Cortex XSOAR server.

Ruckus Advisory - Ruckus published an advisory that describes a cross-site request forgery vulnerability in multiple products using their AP Web application.

NOTE: Multiple end-of-life products are listed as being affected by this vulnerability.

Zyxel Advisory #1 - Zyxel published an advisory that describes a command injection vulnerability in their firewalls.

Zyxel Advisory #2 - Zyxel published an advisory that describes an improper check for unusual or exceptional conditions vulnerability in their Aps.

Vendor Updates

CONTEC Update - JP CERT published an update for their Solar View Compact advisory that was originally published on May 26^th, 2022 and most recently updated on December 13^th, 2022.

HPE Update - HPE published an update for their OneView advisory that was originally published on January 31^st, 2023.

Moxa Update - Moxa published an update for their UC Series advisory that was originally published on November 29^th, 2023.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-22-333-04) for this new information.

Researcher Reports

Siemens Report - Otorio published a report describing two vulnerabilities in the Siemens Automation License Manager.

ODA Report #1 - The Zero Day Initiative published a report that describes a memory corruption vulnerability in the ODA Drawing SDK.

ODA Report #2 - ZDI published a report that describes a memory corruption vulnerability in the ODA Drawing SDK.

ODA Report #3 - ZDI published a report that describes an out-of-bounds write vulnerability in the ODA Drawing SDK.

ODA Report # 4 - ZDI published a report that describes an out-of-bounds write vulnerability in the ODA Drawing SDK.

ODA Report #5 - ZDI published a report that describes a heap-based buffer overflow vulnerability in the ODA Drawing SDK.

ODA Report #6 - ZDI published a report that describes an out-of-bounds write vulnerability in the ODA Drawing SDK.

ODA Report #7 - ZDI published a report that describes an out-of-bounds write vulnerability in the ODA Drawing SDK.

ODA Report #8 - ZDI published a report that describes an out-of-bounds write vulnerability in the ODA Drawing SDK.

ODA Report # 9 - ZDI published a report that describes an out-of-bounds write vulnerability in the ODA Drawing SDK.

ODA Report #10 - ZDI published a report that describes an out-of-bounds write vulnerability in the ODA Drawing SDK.

ODA Report #11 - ZDI published a report that describes a heap-based buffer overflow vulnerability in the ODA Drawing SDK.

ODA Report #12 - ZDI published a report that describes a use-after-free vulnerability in the ODA Drawing SDK.

 

For more details about these disclosures, including links to third-party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-6e9 - subscription required.

Review – Public ICS Disclosures – Week of 11-12-22

This week we have two new OpenSSL 3.0 vendor disclosures from Eurotech, Ruckus Wireless. There are 24 other vendor disclosures from ABB, BD (2), Genetec, Hitachi Energy (2), HPE (2), Inductive Automation, Insyde (8), Mitsubishi, Moxa, OPC Foundation, Phoenix Contact, Sick (2), and Siemens Healthineers. There are three vendor updates from HPE, Mitsubishi (2), Palo Alto Networks. Finally, we have an exploit for products from Siemens.

OpenSSL 3.0 Vendor Disclosures

Eurotech published an OpenSSL 3.0 advisory. Eurotech reports that none of their products are affected.

Ruckus Wireless published an OpenSSL 3.0 advisory. Ruckus reports that none of their products are affected.

Vendor Disclosures

ABB Advisory - ABB published an advisory that describes a clear-text storage of credentials vulnerability in their PCM600 tool.

BD Advisory #1 - BD published an advisory that discusses an authentication bypass vulnerability with known exploit in their Kiestra products.

BD Advisory #2 - BD published a Third-Party Software Component End of Support notice for their Alaris products (products available in US are not affected).

Genetec published an advisory that discusses an improper authentication vulnerability in their Sipelia and Mission Control products (and various plugins).

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that discusses a clear-text storage of credentials vulnerability in their IED Connectivity Packages (IED ConnPacks) and PCM600 Products.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that describes an input validation vulnerability in their MicroSCADA Pro/X SYS600 products.

HPE Advisory #1 - HPE published an advisory that describes an unauthorized access vulnerability in their NetBatch-Plus software.

HPE Advisory #2 - HPE published an advisory that describes an authentication bypass vulnerability in their OfficeConnect network switches.

Inductive Automation Advisory - Inductive Automation published an advisory that discusses the Text4Shell vulnerability.

Insyde Advisory #1 - Insyde published an advisory that describes an untrusted pointer vulnerability in their UsbCoreDxe file.

Insyde Advisory #2 - Insyde published an advisory that describes an untrusted input vulnerability in their AhciBusDxe file.

Insyde Advisory #3 - Insyde published an advisory that describes an incorrect pointer check vulnerability in their FwBlockServiceSmm driver.

Insyde Advisory #4 - Insyde published an advisory that describes an incorrect pointer check vulnerability in their NvmExpressDxe driver.

Insyde Advisory #5 - Insyde published an advisory that describes an untrusted pointer vulnerability in their SdHostDriver and SdMmcDevice.

Insyde Advisory #6 - Insyde published an advisory that describes a race condition vulnerability in their UsbCoreDxe.

Insyde Advisory #7 - Insyde published an advisory that describes an initialization function vulnerability in their PnpSmm file.

Insyde Advisory #8 - Insyde published an advisory that describes an input address manipulation vulnerability in their PnpSmm function 0x52 file.

Mitsubishi Advisory - Mitsubishi published an advisory that discusses a denial-of-service vulnerability in multiple consumer products.

Moxa Advisory - Moxa published an advisory that describes an improper authentication vulnerability in their NE-4100T Series.

OPC Foundation Advisory - The OPC Foundation published an advisory that describes a privilege escalation advisory in their local discovery server.

Phoenix Contact Advisory - Phoenix Contact published an advisory that describes a denial-of-service vulnerability in their FL MGUARD and TC MGUARD devices.

Sick Advisory #1 - Sick published an advisory that describes an improper authorization vulnerability in their FlexiCompact products.

Sick Advisory #2 - Sick published an advisory that describes six missing authentication for critical function vulnerabilities in their SIM products.

Siemens Healthineers - Siemens published an advisory that describes seven vulnerabilities in their syngo Dynamics servers.

Vendor Updates

HPE Update - HPE published an update for their B-series SAN Switches advisory that was originally published on November 11^th, 2022.

Mitsubishi Update #1 - Mitsubishi published an update for their Multiple FA Engineering Software Products advisory that was originally published on July 30^th, 2020 and most recently updated on July 28^th, 2022.

Mitsubishi Update #2 - Mitsubishi published an update for their Multiple FA Engineering Software Products advisory that was originally published on February 18^th, 2021 and most recently updated on July 28^th, 2021.

Palo Alto Networks Update - Palo Alto Networks published an update for their Cortex XSOAR advisory that was originally published on November 9^th, 2022.

Exploits

Siemens Exploit - Mr me published an Metasploit module for a remote code execution vulnerability in the VMware NSX Manager XStream.

For more information on these disclosures, including links to researcher reports, 3^rd party advisories, exploits, and one Russian commentary, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-f60 - subscription required.

Review - Public ICS Disclosures - Log4Shell Advisories – 12-14-21

Today I am taking an out-of-band look at ICS vendor disclosures for the Log4Shell vulnerability. I have not looked at my list of medical device vendors for this post, I may look at those later this week. For this post we have 20 vendor disclosures from Aruba, Broadcom, CODESYS, Dell, GE (2), HMS (5), HPE, Hitachi Energy, Johnson Controls, QNAP, Rockwell, Ruckus, SonicWall (update), VMware and Wind River. I am using a slightly different format for this post, separating advisories into four groups; not affected, still looking, affected products list, and mitigation.

Not Affected

CODESYS published a notice that none of their products are affected.

HMS published an advisory reporting that their Argos and HMS Hub web services are not affected.

HMS published an advisory reporting that their Ixxat products are not affected.

Vendors Still Looking at the Vulnerability

GE published a generic Log4Shell advisory.

GE published an advisory.

HMS published an advisory for their Anybus product line.

HMS published an advisory for their WEBfactory product line.

Hitachi Energy published an advisory.

Meinberg published an advisory.

QNAP published an advisory.

Johnson Controls published an advisory.

Vendors With Affected Product Lists

Aruba published an advisory.

HPE published an advisory.

Ruckus published an advisory.  

SonicWall published an update for an advisory that was originally published on December 10^th, 2021.

Wind River published an advisory.

Vendors With Mitigation Measures

Broadcom published an advisory.

Dell published an advisory for their Dell Wyse Management Suite.

HMS published an advisory for their EWON products.

Rockwell published an advisory.

VMware published an update for their advisory was originally published on December 10^th, 2021.

For more details about these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-log4shell - subscription required.

Review - Public ICS Disclosures – Week of 7-17-21

This week we have seven vendor disclosures from MB connect (3), CODESYS, Dell (2) and Ruckus. We have five researcher reports for products from Schneider Electric, Advantech, and KevinLAB (3).

MB connect Advisory #1 - CERT-VDE published an advisory describing two vulnerabilities in the MB connect mymbCONNECT24, mbCONNECT24 products.

MB connect Advisory #2 - CERT-VDE published an advisory discussing two vulnerabilities in the MB connect mymbCONNECT24, mbCONNECT24 products.

MB connect Advisory #3 - CERT-VDE published an advisory describing two vulnerabilities in the MB connect mbDIALUP product.

CODESYS Advisory - CODESYS published an advisory describing a null pointer dereference vulnerability in their EtherNetIP protocol stack.

Dell Advisory #1 - Dell published an advisory discussing a null pointer dereference vulnerability in their Wyse ThinOS product line.

Dell Advisory #2 - Dell published an advisory describing two sensitive item disclosure vulnerabilities in their Wyse ThinOS product line.

Ruckus Advisory - Ruckus published an advisory describing an improper handling of an error condition vulnerability in their SmartZone Controller.

Schneider Report - SEC Consult published a report describing two vulnerabilities in the Schneider Electric EVlink product.

Advantech Report - The Zero Day Initiative published a report describing a lack of authentication vulnerability for the Advantech WebAccess/NMS.

KevinLAB Report #1 - Zero Science published a report describing a path traversal information disclosure vulnerability in the KevinLab Building Energy Management System (BEMS) product.

KevinLAB Report #2 - Zero Science published a report describing an SQL injection vulnerability in the KevinLAB BEMS product.

KevinLAB Report #3 - Zero Science published a report describing a back-door account vulnerability in the KevinLAB BEMS product.

For more details on the vulnerability reports and links to exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-c10 - subscription required.

Public ICS Disclosures – Week of 5-8-21, Part 1

This is a busier week than normal, even for a ‘Second Tuesday’ week. We have three vendor notifications for the FragAttacks WiFi vulnerabilities from Aruba, Ruckus, and Texas Instruments. We have two vendor notifications for the two OPC UA vulnerabilities reported this week by NCCIC-ICS from Beckhoff, Belden. We also have twelve other vendor notifications from Braun, SITEL (4), PEPPERL+FUCHS, CODESYS (3), Dell, and PulseSecure (2).

There will be a similarly lengthy list in Part 2 tomorrow.

FragAttacks Advisories

Aruba published an advisory discussing the FragAttacks vulnerabilities. Aruba provides a list of affected products and has new versions that mitigate the vulnerabilities.

Ruckus published an advisory discussing the FragAttacks vulnerabilities. Ruckus provides a list of affected products and has updates that mitigate the vulnerabilities.

TI published an advisory discussing the FragAttacks vulnerabilities. TI provides a list of affected products and has new versions that mitigate the vulnerabilities.

OPC UA Advisories

Beckhoff published an advisory discussing the OPC UA advisories. Beckhoff provides a list of affected products and has new versions that mitigate the vulnerabilities.

Belden published an advisory discussing the OPC UA advisories. Belden provides a list of affected products and has new versions that mitigate the vulnerabilities.

Braun Advisory

Braun published an advisory describing four vulnerabilities in a number of their products. The vulnerabilities were reported by McAfee Advanced Threat Research. Braun has new versions that mitigate the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The four reported vulnerabilities are:

• Insufficient verification of data authenticity,

• Missing authentication for critical function,

• Clear-text transmission of sensitive information, and

• Unrestricted upload of file with dangerous type.

SITEL Advisories

Incibe-Cert published an advisory describing a hard-coded credentials vulnerability in the SITEL CAP/PRX products. The vulnerability was reported by S21sec. SITEL has a new firmware version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Incibe-Cert published an advisory describing an exposure of sensitive information to an unauthorized actor vulnerability in the SITEL CAP/PRX products. The vulnerability was reported by S21sec. SITEL has a new firmware version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Incibe-Cert published an advisory describing a clear-text transmission of sensitive information vulnerability in the SITEL CAP/PRX products. The vulnerability was reported by S21sec. SITEL has a new firmware version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Incibe-Cert published an advisory describing an uncontrolled resource consumption vulnerability in the SITEL CAP/PRX products. The vulnerability was reported by S21sec. SITEL has a new firmware version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

PEPPERL+FUCHS Advisory

CERT-VDE published an advisory describing four vulnerabilities in the PEPPERL+FUCHS ICE1 Ethernet IO Modules. These are third-party (Hilscher) vulnerabilities. PEPPERL+FUCHS has provided generic mitigation measures.

The four reported vulnerabilities are:

• Out-of-bounds write (2) - CVE-2021-20987 and CVE-2021-20986,

• Improper restriction of operations within the bounds of a memory buffer - CVE-2021-20988, and

• Exposure of sensitive information to an unauthorized actor - CVE-2019-18222 (Mbed TLS)

CODESYS Advisories

CODESYS published an advisory describing three vulnerabilities in their CODESYS V2 runtime systems. The vulnerabilities were reported by Yossi Reuven of SCADAfence and Sergey Fedonin and Denis Goryushev of Positive Technologies. CODESYS has updates that mitigate the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The three reported vulnerabilities are:

• Heap-based buffer overflow - CVE-2021-30186,

• Stack-based buffer overflow - CVE-2021-30188, and

• Improper input validation - CVE-2021-30195

CODESYS published an advisory describing six vulnerabilities in their V2 web server. The vulnerabilities were reported by Vyacheslav Moskvin, Sergey Fedonin and Anton Dorfman of Positive

Technologies. CODESYS has a new version that mitigates the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The six reported vulnerabilities are:

• Stack-based buffer overflow - CVE-2021-30189,

• Improper access control - CVE-2021-30190,

• Buffer copy without checking size of input - CVE-2021-30191,

• Improperly implemented security check - CVE-2021-30192,

• Out-of-bounds write - CVE-2021-30193, and

• Out-of-bounds read - CVE-2021-30194

CODESYS published an advisory describing an improper neutralization of special elements used in an OS command vulnerability in their CODESYS V2 Runtime Toolkit 32. This is a Linux implementation vulnerability. The vulnerability was reported by van Kurnakov and Sergey Fedonin of Positive Technologies. CODESYS has a new version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Dell Advisory

Dell published an advisory describing an improper authorization vulnerability in their Dell Wyse Windows Embedded System. The vulnerability was reported by Alessandro Baldini and Alessio D'Anastasio. Dell has updates that mitigate the vulnerability.

PulseSecure Advisories

PulseSecure published an advisory describing an HTTP request smuggling vulnerability in their Virtual Traffic Manager (vTM). The vulnerability was reported by James Kettle from PortSwigger Web Security.  PulseSecure has new versions that mitigate the vulnerability. There is no indication that Kettle has been provided an opportunity to verify the efficacy of the fix.

PulseSecure published an advisory describing a buffer overflow vulnerability in their Pulse Connect Secure. PulseSecure provides a work around pending development of a new version that will mitigate the vulnerability.