Review – Public ICS Disclosure – Week of 6-18-22

This week we have 27 vendor disclosures from ABB, Aruba Networks, Bosch, Broadcom (9), CODESYS, Hikvision, HPE (2), Moxa, Phoenix Contact, QNAP, Tanzu and WatchGuard (7). We also have six vendor updates from CODESYS (2), HPE (3), and Schneider. Finally, we have two exploits for products from Siemens and SolarView.

ABB Advisory - ABB published an advisory that describes an insufficient file access control vulnerability in their Relion REX640 protection and control relays.

Aruba Advisory - Aruba published an advisory that discusses the TLStorm2.0 vulnerabilities.

Bosch Advisory - Bosch published an advisory that describes 95 vulnerabilities in their PRA-ES8P2S Ethernet-Switch.

Broadcom Advisory #1 - Broadcom published an advisory that discusses a Java compromise vulnerability in their SANnav  products.

Broadcom Advisory #2 - Broadcom published an advisory that describes an insecure password storage vulnerability in the SANnav products.

Broadcom Advisory #3 - Broadcom published an advisory that discusses a Java compromise vulnerability in their SANnav  products.

Broadcom Advisory #4 - Broadcom published an advisory that discusses a Java compromise vulnerability in their SANnav  products.

Broadcom Advisory #5 - Broadcom published an advisory that describes an insecure password storage vulnerability in their SANnav products.

Broadcom Advisory #6 - Broadcom published an advisory that discusses an off-by-one error vulnerability in their SANnav  products.

Broadcom Advisory #7 - Broadcom published an advisory that discusses an observable discrepancy vulnerability in their SANnav  products.

Broadcom Advisory #8 - Broadcom published an advisory that describes a use of static key ciphers vulnerability in in their SANnav products.

Broadcom Advisory #9 - Broadcom published an advisory that discusses a Java compromise vulnerability in their SANnav  products.

CODESYS Advisory - CODESYS published an advisory that describes nine vulnerabilities in their V2 runtime systems.

Hikvision Advisory - Hikvision published an advisory that describes two insufficient input validation vulnerabilities in their Hybrid SAN/Cluster Storage products.

HPE Advisory #1 - HPE published an advisory that describes a disclosure of sensitive information vulnerability in their NonStop DSM/SCM products.

HPE Advisory #2 - HPE published an advisory that describes a weak key exchange vulnerability in their StoreOnce Software.

Moxa Advisory - Moxa published an advisory that discusses an expression language injection vulnerability in the third-party Apache Struts product.

Phoenix Contact Advisory - Phoenix Contact republished an advisory that describes a missing authentication for critical function vulnerability with a known exploit in their ProConOS/ProConOS eCLR PLC runtime system.

QNAP Advisory - QNAP published an advisory that discusses an out-of-bounds write vulnerability with a known exploit in their NAS product.

Tanzu Advisory - Tanzu published an advisory that describes an expression injection vulnerability in their Spring Data MongoDB application.

WatchGuard Advisory #1 - WatchGuard published an advisory that describes an arbitrary file read vulnerability in their Firebox and XTM appliances.

WatchGuard Advisory #2 - WatchGuard published an advisory that describes a cross-site scripting vulnerability in their Fireware OS.

Watch Guard Advisory #3 - WatchGuard published an advisory that describes a buffer overflow vulnerability in their Fireware OS.

WatchGuard Advisory #4 - WatchGuard published an advisory that describes a stack-based buffer overflow vulnerability in their Fireware OS.

WatchGuard Advisory #5 - WatchGuard published an advisory that describes an information disclosure vulnerability in their Fireware OS.

WatchGuard Advisory #6 - WatchGuard published an advisory that describes a privilege escalation vulnerability in their Fireware OS.

WatchGuard Advisory #7 - WatchGuard published an advisory that describes an argument injection vulnerability in their Fireware OS.

CODESYS Update #1 - CODESYS published an update for their V2 product advisory that was originally published on June 9^th, 2022.

CODESYS Update #2 - CODESYS published an update for their Control V2 product advisory that was originally published on June 9^th, 2022.

HPE Update #1 - HPE published an update for their ProLiant BL/DL/ML/XL/MicroServer advisory that was originally published on May 10^th, 2022 and most recently updated on May 31^st, 2022.

HPE Update #2 - HPE published an update for their Superdome Flex advisory that was originally published on June 14^th, 2022.

HPE Update #3 - HPE published an update for their Superdome Flex Server advisory that originally published on June 7^th, 2022.

Schneider Update - Schneider published an update for their IGSS advisory that was originally published on June 14^th, 2022.

Siemens Exploit - Steffen Robertz published an exploit for a cross-site scripting vulnerability in the Siemens SINEMA Remote Connect product.

 

For more details on these disclosures, including links to researcher reports, 3^rd party advisories, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-6-18 - subscription required.

Review – Public ICS Disclosure – Week of 5-28-22

This week we have ten vendor disclosures from CODESYS (3), Dell, Endress+Hauser, Mitsubishi, Moxa, Software Toolbox (2), and T&D. We also have nine vendor updates from Aruba Networks, CODESYS, Fujitsu, HP, HPE (4), and Palo Alto Networks. There are also two researcher reports for products from Korenix, and Schneider Electric. Finally, we have three exploits published for products from SolarView, and Ingredient Stock Management System (2).

CODESYS Advisory #1 - CODESYS published an advisory that describes two uncontrolled resource consumption vulnerabilities in their CODESYS V3 products containing a CODESYS communication server.

CODESYS Advisory #2 - CODESYS published an advisory that describes a plain-text storage of password vulnerability in their OPC DA Server.

CODEESYS Advisory #3 - CODESYS published an advisory that describes an observable response discrepancy in their Visualization products.

Dell Advisory - Dell published an advisory that describes three vulnerabilities in their Wyse Management Suite (one is a third-party (JQuery) vulnerability.

Endress+Hauser Advisory - CERT VDE published an advisory that discusses eight vulnerabilities in multiple products from Endress +HYauser.

Moxa Advisory - Moxa published an advisory that discusses the DirtyPipe vulnerability.

Software Toolbox Advisory #1 - Software Toolbox published an advisory that discusses a security feature bypass vulnerability in their OPC Quick Client.

Software Toolbox Advisory #2 - Software Toolbox published an advisory that discusses a security feature bypass vulnerability for customers using OPC Classic.

T&D Advisory - T&D published an advisory that describes a directory traversal vulnerability in the T&D Data Server and THERMO RECORDER DATA SERVER.

Aruba Update #1 - Aruba published an update for their Expat XML advisory that was originally published on May 17^th, 2022.

Aruba Update #2 - Aruba published an update for their OpenSSL advisory that was originally published on May 4^th, 2022.

Fujitsu Update - JP CERT published an update for their FUJITSU Network IPCOM advisory that was originally published on  May 19^th, 2022.

CODESYS Update - CODESYS published an update for their Development System V3 advisory that was originally published on July 15^th, 2021 and most recently updated on August 2^nd, 2021.

HP Update - HP published an update for their HP Print Products advisory that was originally published on March 21^st, 2022, and most recently updated on May 3^rd, 2022.

HPE Update #1 - HPE published an update for their Intel Bios advisory that was originally published on May 10^th, 2022.

HPE Update #2 - HPE published an update for their ProLiant DX Servers advisory that was originally published on May 10^th, 2022.

HPE Update #3 - HPE published an update for their Synergy Servers advisory that was originally published on May 10^th, 2022.

HPE Update #4 - HPE published an update for their ProLiant BL/DL/ML/XL/MicroServer that was originally published on May 10^th, 2022.

Palo Alto Networks Update - Palo Alto Networks published an update for their OpenSSL advisory that was originally published on March 31^st, 2022 and most recently updated on May 12^th, 2022.

Korenix Report - SEC Consult published a report describing a backdoor account in the Korenix JetPort serial converter.

Schneider Report - Zero Science published a report describing a remote root exploit vulnerability (with exploit available) in the Schneider C-Bus Automation Controller.

SolarView Exploit - Ahmed Alroky published an exploit for directory traversal vulnerability in the SolarView Compact.

Ingredient Stock Management System Exploit #1 - Saud Alenazi published an exploit for an SQL injection vulnerability in the Ingredient Stock Management System.

Ingredient Stock Management System Exploit #2 - Saud Alenazi published an exploit for an account takeover vulnerability in the Ingredient Stock Management System.

 

For more details about these disclosures, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-5-28 - subscription required.