Review – Public ICS Disclosures – Week of 7-26-25 – Part 1

This week we have 11 vendor disclosures from Helmholz, HP, HPE (6), MB Connect, Palo Alto Networks, and SonicWall.

 

Advisories

 

Helmholz Advisory - CERT-VDE published an advisory that describes an improper isolation or compartmentalization vulnerability in the Helmholz REX 200/250 and REX 300 products.

HP Advisory - HP published an advisory that describes an exposure of sensitive information to unauthorized actor vulnerability in their LaserJet Pro printers.

HPE Advisory #1 - HPE published an advisory that discusses 15 vulnerabilities in their HP-UX 11i v3 Tomcat-based Servlet Engine.

HPE Advisory #2 - HPE published an advisory that discusses an improper access control vulnerability in their Telco Intelligent Assurance product.

HPE Advisory #3 - HPE published an advisory that three vulnerabilities (one with publicly available exploit) in their Telco Service Activator. The first is a third-party vulnerability.

HPE Advisory #4 - HPE published an advisory that discusses 12 vulnerabilities (two with publicly available exploits) in their Telco IP Mediation product. These are third-party vulnerabilities.

HPE Advisory #5 - HPE published an advisory that discusses a use of insufficiently random values vulnerability in their Telco Service Orchestrator software.

HPE Advisory #6 - HPE published an advisory that describes ten vulnerabilities in their Private Cloud AI.

MB Connect Advisory - MB Connect published an advisory that describes an improper isolation or compartmentalization vulnerability in their mbNET/mbNET.rokey, and mbNET HW1 products.

Palo Alto Networks Advisory - PAN published an advisory that describes an incorrect privilege assignment vulnerability in their GlobalProtect App.

SonicWall Advisory - SonicWall published an advisory that discusses two vulnerabilities (one with publicly available exploit) in their SMA 100 Series Appliances.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-cd8 - subscription required.

Review – Public ICS Disclosures – Week of 7-28-25 – Part 2

For Part 2 we have three additional vendor disclosures from Fuji Electronic and Westermo (2). There are also seven vendor updates from Dell, Delta Electronics (3), Palo Alto Networks (2), and SonicWall. Finally, we have two researcher reports for vulnerabilities in products from Hikvision.

Advisories

Fuji Advisory - JP-CERT published an advisory that describes a heap-based buffer overflow vulnerability in the Fuji V-SFT and TELLUS products.

Westermo Advisory #1 - Westermo published an advisory that describes an OS command injection vulnerability in their WeOS 5 product.

Westermo Advisory #2 - Westermo published an advisory that describes an insertion of sensitive information into a log file vulnerability in their WeOS 5 product.

Updates

Dell Update - Dell published an update for their ThinOS advisory that was originally published on March 4^th, 2025, and most recently updated on April 7^th, 2025.

Delta Update #1 - Delta published an update for their mydeltasolar website advisory that was originally published on November 29^th, 2022.

Delta Update #2 - Delta published an update for their iacommunication web page advisory that was originally published on February 10^th, 2022.

Delta Update #3 - Delta published an update for their deltaww.com advisory that was originally published on March 9^th, 2023.

Palo Alto Networks Update #1 - PAN published an update for their Authenticated Admin Command Injection advisory that was originally published on June 11^th, 2025, and most recently updated on June 24^th, 2025.

Palo Alto Networks Update #2 -n PAN published an update for their Traffic Information Disclosure advisory that was originally published on June 11^th, 2025.

SonicWall Update - SonicWall published an update for their SMA100 SSL-VPN advisory that was originally published on December 4^th, 2024, and most recently updated on April 29^th, 2025.

Researcher Reports

Hikvision Report #1 - VulnCheck published a report about a deserialization of untrusted data vulnerability (with publicly available exploit) in the Hikvision HikCentral product.

Hikvision Report #2 - VulnCheck published a report about a path traversal vulnerability in the Hikvision Streaming Media Management Server.

 

For more information on these disclosures, including links to researcher reports and exploits – see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-ac5 - subscription required.

Review – Public ICS Disclosures – Week of 4-26-25 – Part 2

For Part 2 this week we have three additional vendor disclosures from Splunk, Western Digital, and Wiesemann and Theis. There are also two vendor updates from Hitachi Energy and Palo Alto Networks. We also have nine researcher reports about vulnerabilities in products from Daikin, HP Wolf, Tesla (6), and SonicWall.

Advisories

Splunk Advisory - Splunk published an advisory that discusses 13+ vulnerabilities (six with publicly available exploits) in their User Behavior Analytics product.

Western Digital Advisory - Western Digital published an advisory that discusses 12 vulnerabilities (six with publicly available exploits) in their My Cloud devices.

Wiesemann Advisory - CERT-VDE published an advisory that describes the use of a broken or risky cryptographic algorithm vulnerability in the Wiesemann and Theis Com-Server products.

Updates

Hitachi Energy Update - Hitachi Energy published an update that provides additional information on their RTU500 series advisory that was originally published on March 25^th, 2025.

Palo Alto Networks Update - Palo Alto Networks published an update for their GlobalProtect App advisory that was originally published on April 9^th, 2025, and most recently updated on April 21^st, 2025.

Researcher Reports

Daikin Report - Zero Science published a report that describes an insecure direct object reference vulnerability in the Daikin Security Gateway.

HP Wolf Report - SEC Consult published a report that describes a CSRF vulnerability in the HP Wolf Security Controller, as well as multiple misconfiguration issues.

Tesla Reports - ZDI published six reports about individual vulnerabilities in the Tesla Model S.

SonicWall Report - BishopFox published a report that describes a denial of service vulnerability in the SonicWall Sonic OS product.

 

For more information on these disclosures, including links to exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-d05 - subscription required.

CISA Adds SonicWall Vulnerability to KEV Catalog – 5-1-25

Today CISA added an OS command injection vulnerability in the SonicWall SMA100 Appliances to their Known Exploited Vulnerabilities (KEV) catalog. SonicWall previously disclosed this vulnerability and updated their advisory on Tuesday to note that:

“During further analysis, SonicWall and trusted security partners identified that 'CVE-2023-44221 - Post Authentication OS Command Injection' vulnerability is potentially being exploited in the wild.”

The vulnerability was originally reported by Wenjie Zhong (H4lo) Webin lab of DBappSecurity. SonicWall reported in 2023 that they had a new version available that mitigated the vulnerability. There are no publicly available exploits reported at NVD.NIST.gov for the vulnerability.

CISA has directed federal agencies using SMA100 Appliances (which includes SMA 200, 210, 400, 410, 500v, according to SonicWall) to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The deadline for accomplishing this has been set as May 22^nd, 2025.

Review – Public ICS Disclosures – Week of 4-19-25 – Part 2

For Part 2 we have two additional vendor disclosures from Trumpf, and Zyxel. There are five vendor updates from FortiGuard (2), HPE, Palo Alto Networks, and Rockwell Automation. There are six researcher reports for products from SonicWall and MedDream (5). Finally, we have an exploit for products from OpenSSH.

Advisories

Trumpf Advisory - CERT-VDE published an advisory that discusses an improper restriction of XML external entity reference vulnerability in multiple Trumpf products.

Zyxel Advisory - Zyxel published an advisory that describes two vulnerabilities in their USG FLEX H series firewalls.

Updates

FortiGuard Update #1 - FortiGuard published an update for their RADIUS Protocol advisory that was originally published on August 13^th, 2024, and most recently updated on March 14^th, 2025.

FortiGuard Update #2 - FortiGuard published an update for their fgfm connection advisory that was originally published on April 8^th, 2025, and most recently updated on April 11^th, 2025.

HPE Update - HPE published an update for their Cray Data Virtualization Service advisory that was originally published on April 18^th, 2025.

Palo Alto Networks Update - Palo Alto Networks published an update for their GlobalProtect App advisory that was originally published on April 9^th, 2025, and most recently updated on April 11^th, 2025.

Rockwell Update - Rockwell published an update for their ThinManager advisory that was originally published on April 15^th, 2025.

Researcher Reports

SonicWall Report - BishopFox published a report on a NULL pointer dereference vulnerability in the SonicWall Sonic OS product.

MedDream Reports - ZDI published five reports describing individual vulnerabilities in the MedDream PACS Server.

Exploits

OpenSSH Exploit - Milad Karimi published an exploit for a race condition vulnerability in the OpenSSH server.

 

For more information on these disclosures, including links to exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-d2e - subscription required.

CISA Adds SonicWall Vulnerability to KEV Catalog – 4-16-25

Today CISA announced that they had added an OS command injection vulnerability in the SonicWall SMA100 Appliances to their Known Exploited Vulnerability (KEV) catalog. SonicWall disclosed the vulnerability in September 2021 and updated the advisory earlier this week announcing that the vulnerability had reportedly been exploited in the wild, and has updated the summary and revised the CVSS score to 7.2. The vulnerability was originally reported to SonicWall by Wenxu Yin - Alpha Lab, Qihoo 360 Technology.

CISA is requiring federal agencies using the AMA100 appliances to apply “mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” They have provided a deadline of May 7^th, 2025.

CISA Adds PAN-OS and SonicOS Vulnerabilities to KEV Catalog – 2-18-25

Today CISA announced that it had added operating system vulnerabilities from Palo Alto Networks and SonicWall to their Known Exploited Vulnerabilities (KEV) catalog.

PAN-OS Vulnerability

The PAN-OS vulnerability is a missing authentication for critical function vulnerability. The vulnerability was previously reported by Palo Alto Networks, they have new versions that mitigate the vulnerability. The vulnerability was initially reported Adam Kues of Assetnote Security Research Team. GreyNoise reported seeing this vulnerability being exploited in the wild last week.

NOTE: I briefly discussed this vulnerability yesterday.

CISA has directed federal agencies to apply “mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.” The deadline for completing these actions is March 11^th, 2025.

SonicOS Vulnerability

The SonicOS vulnerability is an improper authentication vulnerability. The vulnerability was previously reported by SonicWall. The vulnerability was initially reported by Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security via the Zero Day Initiative. BishopFox published a technical report on the vulnerability which included proof-of-concept code.

NOTE: I briefly discussed this vulnerability on January 11^th, 2025.

CISA has directed federal agencies to apply “mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.” The deadline for completing these actions is March 11^th, 2025.

CISA Adds SonicWall Vulnerability to KEV Catalog – 1-24-25

Yesterday, CISA announced that it had added a deserialization of untrusted data vulnerability in the SonicWall SMA1000 Appliance Management Console to their Known Exploited Vulnerability (KEV) catalog. SonicWall reported the vulnerability earlier this week. SonicWall has a new version that mitigates the vulnerability. CISA has directed all federal agencies using the SMA1000 AMC to apply “mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.” The deadline for successfully taking this action is February 14^th, 2024.

Review – Public ICS Disclosures – Week of 1-18-25

This week we have seven vendor disclosures from Bosch, CODESYS, Delta Electronics, HPE, Palo Alto Networks, QNAP, and SonicWall. We also have five updates from ABB, FortiGuard (3) and HPE. Finally, we have an exploit for a vulnerability in a product from Forescout.

Advisories

Bosch Advisory - Bosch published an advisory that describes an unquoted service path enumeration vulnerability in their DIVAR IP all-in-one 7000 product.

CODESYS Advisory - CODESYS published an advisory that discusses an observable discrepancy vulnerability with publicly available exploit in the CODESYS Key USB dongle.

Delta Advisory - Delta published an advisory that describes a heap-based buffer overflow vulnerability in their CNCSoft-G2.

HPE Advisory - HPE published an advisory that discusses an inefficient regular expression complexity vulnerability in their Telco Service Orchestrator.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that discusses 20 vulnerabilities (11 with publicly available exploits) in their PAN-OS product.

QNAP Advisory - QNAP published an advisory that discusses six vulnerabilities in their HBS 3 Hybrid Backup Sync product.

SonicWall Advisory - SonicWall published an advisory that describes a deserialization of untrusted data vulnerability that is listed in the CISA Known Exploited Vulnerabilities catalog.

Updates

FortiGuard Advisory #1 - FortiGuard published an update for their Node.js websocket module advisory that was originally published on January 14^th, 2025.

FortiGuard Advisory #2 - FortiGuard published an update for their captive portal advisory that was originally published on February 27^th, 2024.

FortiGuard Advisory #3 - FortiGuard published an update for their multiple logic flaws advisor that was originally published on January 14^th, 2025.

HPE Update - HPE published an update for their RADIUS protocol advisory that was originally published on July 9^th, 2024, and most recently updated on October 9^th, 2024.

Exploits

Forescout Exploit - Nightsedge published an exploit for a creation of a temporary in directory with insecure permissions vulnerability in the Forescout SecureConnector.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-423 - subscription required.

Review – Public ICS Disclosures – Week of 1-4-25

This week we have 14 vendor disclosures from ABB, Broadcom, Eaton, HPE (3), ioCharger, Moxa, Palo Alto Networks (2), SonicWall, Splunk (2), and VMware. There are also five vendor updates from Broadcom, HP, and Moxa (3). We also have 13 researcher reports for vulnerabilities in products from ABB (12) and Illumina.

Advisories

ABB Advisory - ABB published an advisory that discusses five vulnerabilities in their AC500 V3 products.

Broadcom Advisory - Broadcom published an advisory that discusses an OS command injection vulnerability in multiple Brocade products.

Eaton Advisory - Eaton published an advisory that discusses the regreSSHion vulnerability.

HPE Advisory #1 - HPE published an advisory that discusses ten vulnerabilities (two with publicly available exploit code) in their SAN Switches.

HPE Advisory #2 - HPE published an advisory that describes two command injection vulnerabilities in their Aruba Networking 501 Wireless Client Bridge.

HPE Advisory #3 - HPE published an advisory that describes a traffic handling vulnerability in their Aruba CX 10000 Switch Series.

IoCharger Advisory - DIVD CERT published an advisory that describes 17 vulnerabilities in the ioCharger vehicle charging stations.

Moxa Advisory - Moxa published an advisory that provides security enhancement instructions for their PT-7528/7728/7828 Series products.

Palo Alto Networks Advisory #1 - Palo Alto Networks published an advisory that discusses six vulnerabilities in their Prisma Access Browser.

Palo Alto Networks Advisory #2 - Palo Alto Networks published an advisory that describes five vulnerabilities in their Expedition Migration Tool.

SonicWall Advisory - SonicWall published an advisory that describes four vulnerabilities in the SonicOS product.

Splunk Advisory #1 - Splunk published an advisory that discusses three vulnerabilities in their Splunk Add-on for JBoss.

Splunk Advisory #2 - Splunk published an advisory that describes an improper privilege management vulnerability in their Splunk App for SOAR.

VMware Advisory - Broadcom published an advisory that describes a server-side request forgery vulnerability in their Aria automation product.

Updates

Broadcom Update - Broadcom published an update for their OpenSSH advisory that was originally published on December 9^th, 2024.

HP Update - HP published an update for their Intel PROSet/Wireless Wi-Fi advisory that was originally published on November 12^th, 2024.

Moxa Update #1 - Moxa published an update for their cellular routers advisory that was originally published on January 3^rd, 2025.

Moxa Update #2 - Moxa published an update for their multiple switches advisory that was originally published on June 14^th, 2023, and most recently updated on August 2^nd, 2023.

Moxa Update #3 - Moxa published an update for their TN-5900 Series advisory that was originally published on October 4^th, 2024.

Researcher Reports

ABB Reports - Zero Science published 12 reports of individual vulnerabilities (with publicly available exploits) in the ABB Cylon Aspect building energy management product.

Illumina Report - Eclypsium published a report describing vulnerabilities in the iSeq 100 sequencer device from Illumina.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-f44 - subscription required.

CISA Adds SonicOS Vulnerability to KEV Catalog

Today, CISA added three vulnerabilities to their Known Exploited Vulnerabilities (KEV) Catalog, including CVE-2024-40766, an improper access control vulnerability in the SonicWall SonicOS operating system. SonicWall published their advisory for this vulnerability on August 22^nd, and most recently updated it on September 6^th, 2024. That update added the notification that “This vulnerability is potentially being exploited in the wild.” SonicWall has new versions that mitigate the vulnerability.

 

CISA is requiring federal agencies using SonicOS to: “Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.” This is required to be accomplished by September 30^th, 2024. All other organizations using the affected products should consider doing the same.

Review – Public ICS Disclosures – Week of 8-17-24

This week we have eleven vendor disclosures from Bosch, Dassault Systèmes (3), HPE, Palo Alto Networks, Moxa, Panasonic, Rockwell, SonicWall, and Welotec. There are also three vendor updates from Cisco and HPE.

Advisories

Bosch Advisory - Boach published an advisory that describes a missing authentication vulnerability in their CPP13 and CPP14 IP cameras.

Dassault Systèmes Advisory #1 – Dassault Systèmes published an advisory that describes an open redirect vulnerability in their 3DSwymer product.

Dassault Systèmes Advisory #2 – Dassault Systèmes published an advisory that describes a reflected cross-site scripting vulnerability in their ENOVIA Collaborative Industry Innovator product.

Dassault Systèmes Advisory #3 – Dassault Systèmes published an advisory that describes an open redirect vulnerability in their 3DSwymer product.

HPE Advisory - HPE published an advisory that discusses nine vulnerabilities in their HPE SimpliVity AMD Servers.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that discusses OpenSSL’s exposure of sensitive information to an unauthorized actor vulnerability.

Moxa Advisory - Moxa published an advisory that discusses the regreSSHion vulnerability. Moxa provides a list of the affected products.

Panasonic Advisory - Panasonic acknowledges a stack-based buffer overflow vulnerability in their Control FPWIN Pro product.

Rockwell Advisory - Rockwell published an advisory that describes three vulnerabilities in their ThinManager ThinServer product.

SonicWall Advisory - SonicWall published an advisory that describes an improper access control vulnerability in their SonicOS product.

Welotec Advisory - CERT-VDE published an advisory that discusses the regreSSHion vulnerability.

UPDATES

Cisco Update #1 - Cisco published an update for their regreSSHion advisory that was originally published on July 2^nd, 2024 and most recently updated on August 2^nd, 2024.

Cisco Update #2 - Cisco published an update for their Blast-Radius advisory that was originally published on July 10^th, 2024, and most recently updated on August 9^th, 2024.

HPE Update - HPE published an update for their ProLiant DL/ML/XL, Synergy, MicroServer, and Edgeline Servers that was originally published on August 13^th, 2024.

 

For more information on these disclosures, including links to 3^rd party advisories and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-e17 - subscription required. 

Review – Public ICS Disclosures – Week of 7-6-23 – Part 2

For Part 2 this week, we have 24 vendor updates from Schneider (3) and Siemens (21). There are three researcher reports for products from SonicWall, Synology, and TP-Link. There was one exploit published for products from VMware. Finally, we have an article from Siemens that should be of interest.

Updates

Schneider Update #1 - Schneider published an update for their SAGE RTU advisory that was originally published on June 11^th, 2024.

Schneider Update #2 - Schneider published an update for their EcoStruxure Control Expert advisory that was originally published on February 13^th, 2024.

Schneider Update #3 - Schneider published an update for their Modicon Controllers advisory that was originally published on December 8^th, 2020 and most recently updated on February 13th, 2020.

Siemens Update #1 - Siemens published an update for their SIMATIC IPCs advisory that was originally published on September 12^th, 2023 and most recently updated on November 14^th, 2023.

Siemens Update #2 - Siemens published an update for their Industrial Products advisory that was originally published on May 14^th, 2024.

Siemens Update #3 - Siemens published an update for their RUGGEDCOM APE1808 devices advisory that was originally published on March 12^th, 2024 and most recently updated on June 11^th, 2024.

Siemens Update #4 - Siemens published an update for their PROFINET Devices advisory that was originally published on February 11^th, 2020 and most recently updated on April 11^th, 2024.

Siemens Update #5 - Siemens published an update for their SIMATIC WinCC advisory that was originally published on February 13^th, 2024 and most recently updated on June 11^th, 2024.

Siemens Update #6 - Siemens published an update for their RUGGEDCOM APE1808 devices advisory that was originally published on April 19^th, 2024.

Siemens Update #7 - Siemens published an update for their SIMATIC WinCC advisory that was originally published on April 9^th, 2024.

Siemens Update #8 - Siemens published an update for their n OpenSSL (CVE-2022-0778) advisory that was originally published on June 14^th, 2022, and most recently updated on May 14^th, 2024.

Siemens Update #9 - Siemens published an update for their OPC UA Implementation advisory that was originally published on September 12^th, 2023, and most recently updated on June 11^th, 2024.

Siemens Update #10 - Siemens published an update for their Industrial Products using Intel CPUs advisory that was originally published on February 14^th, 2023, and most recently updated on August 8^th, 2023.

Siemens Update #11 - Siemens published an update for their SegmentSmack advisory that was originally published on April 14^th, 2020, and most recently updated on May 14^th, 2024.

Siemens Update #12 - Siemens published an update for their SINEMA Remote Connect Server advisory that was originally published on June 14^th, 2022.

Siemens Update #13 - Siemens published an update for their PROFINET Devices advisory that was originally published on October 8^th, 2018, and most recently updated on May 9^th, 2023.

Siemens Update #14 - Siemens published an update for their RUGGEDCOM APE1808 devices advisory that was originally published on April 9^th, 2024, and most recently updated on May 14^th, 2024.

Siemens Update #15 - Siemens published an update for their PROFINET Stack advisory that was originally published on April 12^th, 2022 and most recently updated on June 11^th, 2024.

Siemens Update #16 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on December 12^th, 2023, and most recently updated on June 11^th, 2024.

Siemens Update #17 - Siemens published an update for their SNMP Interface advisory that was originally published on November 23, 2017, and most recently updated on February 8^th, 2022.

Siemens Update #18 - Siemens published an update for their TIM 1531 IRC advisory that was originally published on June 11^th, 2024.

Siemens Update #19 - Siemens published an update for their PROFINET DCP Implementation advisory that was originally published on May 8^th, 2017, and most recently updated on February 8^th, 2022.

Siemens Update #20 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on April 9^th, 2024 and most recently updated on May 14^th, 2024.

Siemens Update #21 - Siemens published an update for their SINEC NMS advisory that was originally published on October 10^th, 2023.

Researcher Reports

SonicWall Report - SSD published a report that describes two vulnerabilities in the SonicWall SMA100 platform.

Synology Report - Claroty published a report that describes a classic buffer overflow vulnerability in the Synology BC500 cameras.

TP Link Report - Claroty published a report that describes three vulnerabilities in the TP-Link ER605 routers.

Exploits

VMware Exploit - Sina Kheirkhah published an exploit for a command injection vulnerability (that is listed in the CISA Known Exploited Vulnerability Catalog) in the VMware Aria Operations product.

Articles

Siemens Article - Siemens published an article on “RADIUS Advisory and the benefits of ProductCERT’s improved formats”.

 

For additional information about these disclosures, including a brief summary of the changes made in the updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-86f - subscription required.

Review – Public ICS Disclosures – Week of 3-30-24

This week we have five vendor disclosures about the XZ Utils vulnerability from Broadcom, Palo Alto Networks, Philips, QNAP, and WatchGuard. We have fourteen additional vendor disclosures from ABB, BD, Broadcom (2), Cisco, Hikvision, HP, HPE (4), Palo Alto Networks, Philips, and VMWare. There are four vendor updates from Eaton, HP (2), and HPE. We have five researcher reports for vulnerabilities in products from Open Automation Software (4) and Positron. Finally, we have an exploit for products from Petrol Pump.

XZ Utils Advisories

Broadcom published an advisory that discussed the XZ Utils vulnerability.

Palo Alto Networks published an advisory that discussed the XZ Utils vulnerability.

Philips published an advisory that discussed the XZ Utils vulnerability.

QNAP published an advisory that discussed the XZ Utils vulnerability.

WatchGuard published an advisory that discussed the XZ Utils vulnerability.

Advisories

ABB Advisory - ABB published an advisory that describes an improper input validation vulnerability in the Virtual PNI API in their S+ Engineering product.

BD Advisory - BD published an advisory that discusses an improper privilege management vulnerability in a number of their products.

Broadcom Advisory #1 - Broadcom published an advisory that describes an OS command injection vulnerability in their Brocade Fabric OS product.

Broadcom Advisory #2 - Broadcom published an advisory that describes an origin validation error vulnerability in their Brocade Fabric OS product.

Cisco Advisory - Cisco published an advisory that describes two vulnerabilities in their Emergency Responder product.

Hikvision Advisory - Hikvision published an advisory that describes three vulnerabilities in their NVR devices.

HP Advisory - HP published an advisory that describes an improper access control vulnerability in their CCX devices.

HPE Advisory #1 - HPE published an advisory that discusses eight vulnerabilities (three with known exploits) in their Unified OSS Console Assurance Monitoring product.

HPE Advisory #2 - HPE published an advisory that discusses ten vulnerabilities in their ProLiant DL/ML/SY/RL/XL/Edgeline Servers.

HPE Advisory #3 - HPE published an advisory that describes a privilege escalation vulnerability in their MSA SAN Storage VSS Provider and CAPI Proxy Software.

HPE Advisory #4 - HPE published an advisory that describes an unauthorized access to files vulnerability in their NonStop Web ViewPoint Enterprise software.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that discusses eight third-party vulnerabilities that could be associated with their Prisma SD-WAN ION product.

Philips Advisory - Philips published an advisory that discusses a use-after-free vulnerability in multiple Philips products.

VMware Advisory - VMware published an advisory that describes three vulnerabilities in their SD-WAN Edge and SD-WAN Orchestrator products.

Updates

Eaton Update - Eaton published an update for their Apache Log4j advisory that was originally published on December 14^th, 2021 and most recently updated on January 31^st, 2022.

HP Update #1 - HP published an update for their OfficeJet Pro advisory that was originally published on March 20^th, 2024.

HP Update #2 - HP published an update for their AMD Graphics Driver advisory that was originally published on November 21^st, 2023.

HPE Update - HPE published an update for their SimpliVity Servers advisory that was originally published on February 15^th, 2024.

Researcher Reports

Open Automation Software Reports - Talos published four reports for individual vulnerabilities in the OAS Platform product.

Positron Report - Zero Science published a report about an authentication bypass vulnerability in the Positron TRA7005 series broadcast signal processor.

Exploits

Petrol Pump Exploit - Sandeep Vishwakarma published an exploit for a file upload vulnerability in the Petrol Pump Management software.

 

For more information on these disclosures, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-671 - subscription required. 

Review – Public ICS Disclosures – Week of 6-13-24

This week we have 12 vendor disclosures from Broadcom, Dahua, Hitachi (4), HP, HPE, Insyde, SonicWall, Three R Solutions, and VMware. There are two vendor updates from Palo Alto Networks and Synology. We also have two researcher reports that describe vulnerabilities in products from Synology and Korenix.

Advisories

Broadcom Advisory - Broadcom published an advisory that discusses an out-of-bounds write vulnerabilities that is listed in the CISA Known Exploited Vulnerabilities Catalog in multiple Brocade products.

Dahua Advisory - JP-CERT published an advisory that describes an authentication bypass vulnerability in multiple Dahua products.

Hitachi Advisory #1 - Hitachi published an advisory that describes two vulnerabilities in their Device Manager.

Hitachi Advisory #2 - Hitachi published an advisory that discusses an allocation of resources without throttling or limits vulnerability in their Tuning Manager product.

Hitachi Advisory #3 - Hitachi published an advisory that discusses an out-of-bounds write vulnerability in multiple Hitachi products.

Hitachi Advisory #4 - Hitachi published an advisory that describes an incorrect default permissions vulnerability in their Tuning Manager product.

HP Advisory - HP published an advisory that discusses seven vulnerabilities in multiple HP products.

HPE Advisory - HPE published an advisory that discusses eight vulnerabilities in their  HP-UX Apache Web Server products.

Insyde Advisory - Insyde published an advisory that discusses nine vulnerabilities in their EDK2 NetworkPkg IP stack

SonicWall Advisory - SonicWall published an advisory that describes a stack-based buffer overflow vulnerability in their Capture Client and NetExtender Client Windows products.

Three R Solutions Advisory - JP-CERT published an advisory that describes an insufficient technical documentation vulnerability in the Three R Solutions Thermal camera TMC series products.

VMware Advisory - VMware published an advisory that describes a missing access control vulnerability in their Aria Automation products.

Updates

Palo Alto Networks Update - Palo Alto Networks published an update for their Terrapin-Attack vulnerability that was originally published on January 8^th, 2024.

Synology Update - Synology published an update for their DiskStation Manager advisory that was originally published on January 9^th, 2024.

Researcher Reports

Synology Report - Claroty published a report describing an inadequate data validation vulnerability in the Synology RT6600ax routers.

Korenix Report - CyberDanube published a report describing two vulnerabilities in the Korenix JetNet Series industrial switch.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-7a6 - subscription required. 

Review – Public ICS Disclosures – Week of 10-15-22

This week we have fourteen vendor disclosures from Bosch (2), Broadcom, GE Grid Solutions, HP, Meinberg, Milestone, Siemens, SonicWall, Tanzu, TRUMPF, WAGO (2), and Yokogawa Test and Measurement. We also have a vendor update from HPE. Finally, we have an exploit for products from Tanzu.

Bosch Advisory #1 - Bosch published an advisory that discusses an improper validation of integrity check value vulnerability in their Bosch DSA E2800 products.

Bosch Advisory #2 - Bosch published an advisory that describes two cross-site scripting vulnerabilities in their VIDEOJET multi 4000.

Broadcom Advisory - Broadcom published an advisory that discusses the Text4Shell vulnerability.

GE Grid Solutions Advisory - GE Grid Solutions published an advisory that describes vulnerabilities in their MS 3000 Transformers monitoring system.

HP Advisory - HP published an advisory that discusses a PCR measurement vulnerability in multiple HP products.

Meinberg Advisory - Meinberg published an advisory that discusses two vulnerabilities (both with publicly available exploits) in their LANTIME firmware.

Milestone Advisory - Milestone published an advisory that discusses an authentication bypass vulnerability in their Mobile Server.

Siemens Advisory - Siemens published an advisory that describes an authentication bypass vulnerability in their Siveillance Video Mobile Server.

SonicWall Advisory - SonicWall published an advisory that discusses the Text4Shell vulnerability.

Tanzu Advisory #1 - Tanzu published an advisory that describes an HTTP request forgery vulnerability in their Spring Data REST.

Tanzu Advisory #2 - Tanzu published an advisory that describes an information disclosure vulnerability in their Reactor Netty HTTP Server.

TRUMPF Advisory - CERT-VDE published an advisory that describes an improper access control vulnerability in multiple TRUMPF products.

WAGO Advisory #1 - CERT-VDE published an advisory that discusses fourteen vulnerabilities in the WAGO 750 series controllers and WAGO-I/O-PRO.

WAGO Advisory #2 - CERT-VDE published an advisory that describes an expected behavior violation vulnerability in multiple WAGO products.

Yokogawa Advisory - Yokogawa Test and Measurement published an advisory that describes a buffer overflow vulnerability in their WTViewerE.

HPE Update - HPE published an update for their ProLiant Servers advisory that was originally published on May 18^th, 2022.

Tanzu Exploit - Ayan Saha published a Metasploit module for a code injection vulnerability in the Tanzu Spring Cloud Gateway.

 

For more details on these disclosures, including links to third-party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-1b0 - subscription required.

Review – Public ICS Disclosures – Week of 7-16-22

This week we have ten vendor disclosures from Dell, Eaton, Flexera, Honeywell, HP, HPE (2), Rockwell, and SonicWall. We also have four vendor updates from Aruba Networks (2), Fujitsu, and HP. Finally, we have one researcher report for products from Schneider Electric.

Dell Advisory - Dell published an advisory that discusses 28 vulnerabilities (two with known exploits) in their Wyse Management Suite.

Eaton Advisory - Eaton published an advisory that describes an unrestricted file upload vulnerability in their Foreseer software.

Flexera Advisory - Flexera published an advisory that discusses the log4j remote code execution vulnerability (CVE-2021-44832).

Honeywell Advisory - Honeywell published an end-of-life notice for their equIP® Series IP Cameras, Performance Series IP and HQA Cameras, and Performance Series NVRs, and DVR.

HP Advisory - HP published an advisory that discusses seven vulnerabilities in their UEFI Secure Boot Database.

HPE Advisory #1 - HPE published an advisory that describes a disclosure of sensitive information vulnerability in their OneView product.

HPE Advisory #2 - HPE published an advisory that discusses an endless loop vulnerability in their NonStop products.

Rockwell Advisory - Rockwell published an advisory that discusses the SpringShell vulnerability in their FactoryTalk Analytics DataView product.

SonicWall Advisory - SonicWall published an advisory that describes an SQL injection vulnerability in their GMS AND Analytics products.

Aruba Update #1 - Aruba published an update for their OpenSSL advisory that was originally published on May 4^th, 2022 and most recently updated on June 1^st, 2022.

Aruba Update #2 - Aruba published an update for their Expat XML advisory that was originally published on May 17^th, 2022 and most recently updated on July 7^th, 2022.

Fujitsu Update - Fujitsu published an update for their ETERNUS CS8000 advisory that originally published on June 1^st, 2022.

HP Update - HP published an update for their Jumpstart advisory that originally published on May 10^th, 2022.

Schneider Report - Zero Science Labs published a report describing an OS command injection vulnerability in the Schneider SpaceLogic C-Bus Home Automation System.

 

For more details on these disclosures, including links to third-party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-c9a - subscription required.

Review – Public ICS Disclosures – Week of 7-9-22 – Part 1

For a 2nd Tuesday weekend there is just a moderate number of disclosures, but I will still need to do two parts to keep these post sizes reasonable. So, for Part 1 this week we have 22 vendor disclosures from ABB, Bentley (7), Broadcom, Flexera, Hitachi Energy (2), Lenze, HP, QNAP, Rockwell Automation, Sonic Wall, VMware (3), and Western Digital (2).

NOTE: NVD.NIST.gov is now specifically identifying when a CVE is listed in CISA's Known Exploited Vulnerabilities Catalog

ABB Advisory - ABB published an advisory that describes a path traversal vulnerability in ABB flow computer and remote controller products.

Bentley Advisory #1 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-based applications.

Bentley Advisory #2 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-based applications.

Bentley Advisory #3 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-based applications.

Bentley Advisory #4 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-based applications.

Bentley Advisory #5 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-based applications.

Bentley Advisory #6 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-based applications.

Broadcom Advisory - Broadcom published an advisory that describes a deserialization of untrusted data vulnerability in their com.alibaba:fastjson JSON parser package.

Flexera Advisoyr - Flexera published an advisory that discusses two recent Microsoft vulnerabilities (CVE-2022-30190 and CVE-2022-30136).

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that discusses thirteen vulnerabilities (three with known exploits) in their MSM high-voltage switchgear monitoring system.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that describes two vulnerabilities in their MSM high-voltage switchgear monitoring system.

Lenze Advisory - CERT-VDE published an advisory that describes a missing critical step in authentication vulnerability in the Lenze machine controller.

HP Advisory - HP published an advisory that discusses the RETbleed vulnerabilities in their Wolf Security software.

QNAP Advisory - QNAP published an advisory that discusses the Checkmate ransomware that appears to be targeting QNAP products with SMB services exposed to the internet.

Rockwell Advisory - Rockwell published an advisory that discusses a CHROME type confusion vulnerability in multiple products.

SonicWall Advisory - SonicWall published an advisory that discusses an OS command injection vulnerability in their products.

VMware Advisory #1 - VMware published an advisory that describes a server-side request forgery vulnerability in their vCenter Server.

VMware Advisory #2 - VMware published an advisory that describes two cross-site scripting vulnerabilities in their vRealize Log Insight product.

VMware Advisory #3 - VMware published an advisory that describes four vulnerabilities in their ESXi and Cloud Foundation products.

Western Digital Advisory #1 - Western Digital published an advisory that discuses three NULL pointer dereference vulnerabilities in their EdgeRover application.

Western Digital Advisory #2 - Western Digital published an advisory that discusses 44 vulnerabilities in their My Cloud Home devices.

 

For more details on these disclosures, including links to third-party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-9bc  - [7-16-22 10:23 EDT, added link] subscription required. 

Review – Public ICS Disclosures – Week of 3-19-22

This week we have fourteen vendor disclosures from Baxter, Bosch, Endress+Hauser, HP (2), Moxa, Philips, Phoenix Contact (2), SonicWall, Splunk, VMware, and Western Digital (2). We also have five vendor updates from HP (2), Mitsubishi, Spacelabs, and Yokogawa. Finally, we have two researcher reports for vulnerabilities in products from Integrated Control Technology (2).

Baxter Advisory - Baxter published an advisory discussing the Access:7 vulnerabilities.

Bosch Advisory - Bosch published an advisory discussing an improper restriction of XML external entity reference vulnerability in their Fire Monitoring System products.

Endress+Hauser Advisory - CERT VDE published an advisory discussing an out-of-bounds write vulnerability in a number of Endress+Hauser products.

HP Advisory #1 - HP published an advisory discussing a denial-of-service/RCE vulnerability in a number of their corporate printer products.

HP Advisory #2 - HP published an advisory describing a buffer overflow vulnerability in a number of their corporate printer products.

Moxa Advisory - Moxa published an advisory discussing a default password vulnerability in unnamed products.

Philips Advisory - Philips published an advisory discussing a Windows® IKE Extension vulnerability.

Phoenix Contact Advisory #1 - Phoenix Contact published an advisory discussing two vulnerabilities with publicly available exploits in their PLCnext Technology Toolchain and FL Network Manager products.

Phoenix Contact Advisory #2 - Phoenix Contact published an advisory discussing fifteen vulnerabilities with publicly available exploits in their PROFINET software development kit (SDK).

SonicWall Advisory - SonicWall published an advisory describing a stack-based buffer overflow vulnerability in their SonicOS.

Splunk Advisory - Splunk published an advisory describing an out-of-bounds read vulnerability in their Enterprise products.

Commentary – It seems like Claroty is going to continue to look at vulnerabilities in the cybertools used by security researchers. Their first report in this area was on vulnerabilities in Wireshark products though they did not publicly report on those vulnerabilities. It seems that the folks developing security tools are subject to the same software development problems that researchers find in industrial control systems.

VMware Advisory - VMware published an advisory describing two vulnerabilities in their Carbon Black App Control.

Western Digital Advisory #1 - Western Digital published an advisory discussing an out-of-bounds read/write vulnerability with publicly available exploits in their My Cloud OS 5 devices.

Western Digital Advisory #2 - Western Digital published an advisory discussing seven vulnerabilities (including 1 publicly available exploit) in their My Cloud products.

HP Update #1 - HP published an update for their UEFI firmware advisory that was originally published on February 2^nd, 2022.

HP Update #2 - HP published an update for the PC BIOS advisory that was originally published on March 8^th, 2022.

Mitsubishi Update - Mitsubishi published an update for their FragAttacks advisory that was originally published on September 2^nd, 2021.

Spacelabs Update - Spacelabs published an update for their Access:7 advisory that was originally published on March 15^th, 2021.

Yokogawa Update - Yokogawa published an update for their license function advisory that was originally published on January 14^th, 2022.

ICT Reports - Zero Science published two reports about vulnerabilities (with publicly available exploits) in the ICT Protege GX integrated access control, intrusion detection and building automation solution.

 

For more details about these disclosures, including links to 3rd party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-db0 - subscription required.

Review - Public ICS Disclosure – Week of 1-8-22 – Part 1

This week, as we have come to expect for the Saturday after 2^nd Tuesday, we have a full slate of ICS disclosures, including more Log4Shell disclosures, that will take multiple posts to deal with. In Part 1 we have fourteen vendor disclosures from Belden, Blackberry, Dynalite, Hitachi Energy, HPE, Moxa, Palo Alto Networks (4), QNAP (3), and Yokogawa. There is also an update from HPE. There were also two researcher reports for products from IDEMIA and ODA. Finally, we have an exploit for products from SonicWall.

Part 2 of this post will address the Schneider advisories and updates that were published on Tuesday as well as the Siemens updates that were not addressed by NCCIC-ICS this week.

Belden Advisory - Belden published an advisory describing six vulnerabilities in their Tofino and Eagle products.

BlackBerry Advisory - BlackBerry published an advisory describing an elevation of privilege vulnerability in their QNX Neutrino Kernel.

Dynalite Advisory - Dynalite published an advisory discussing two vulnerabilities in their DDNG-BACnet gateway and in Niagara SOFTJACE products.

Hitachi Energy Advisory - Hitachi Energy published an advisory discussing four vulnerabilities in their e-mesh™ Energy Management System (EMS) Product.

HPE Advisory HPE published an advisory describing a remote access vulnerability in their Ezmeral Data Fabric.

Moxa Advisory - Moxa published an advisory describing four vulnerabilities in their VPort 06EC-2V Series and VPort 461A Series IP Cameras and Video Servers.

Palo Alto Advisory #1 - Palo Alto published an advisory describes an uncontrolled search path element vulnerability in their Cortex XDR Agent.

Palo Alto Advisory #2 - Palo Alto published an advisory describes an untrusted search path element vulnerability in their Cortex XDR Agent.

Palo Alto Advisory #3 - Palo Alto published an advisory describing a link following vulnerability in their Cortex XDR Agent.

Palo Alto Advisory #4 - Palo Alto published an advisory describing a file and directory information exposure vulnerability in their Cortex XDR Agent.

Phoenix Contact Advisory - Phoenix Contact published an advisory discussing the NUCLEUS:13 vulnerabilities in their BLUEMARK X1 / LED / CLED printers.

QNAP Advisory #1 - QNAP published an advisory describing a remote code execution vulnerability in their QTS and QuTS hero products.

QNAP Advisory #2 - QNAP published an advisory describing five separate classic buffer overflow vulnerabilities in their QVR Elite, QVR Pro, and QVR Guard products.

QNAP Advisory #3 - QNAP published an advisor describing two vulnerabilities in their QcalAgent.

Yokogawa Advisor - Yokogawa published an advisory discussing a link following vulnerability in the license function in Yokogawa products.

HPE Update - HPE published an update for their Integrated Lights-out 4 advisory that was originally published  on August 23^rd, 2017.

IDEMIA Report - Positive Technologies published a report of a TLS bypass vulnerability in biometric identification vulnerabilities in products from IDEMIA.

ODA Report - ZDI published a report describing a JPG File Parsing Memory Corruption in the Open Design Alliance (ODA) Drawings Explorer.

SonicWall Exploit - jbaines-r7 published Metasploit module for a command injection vulnerability in the SonicWall SMA 100 Series.

For more details on the above disclosures, including links to 3^rd party advisories and vulnerability exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-1-8 - subscription required.