Review – Public ICS Disclosures – Week of 1-31-26 – Part 2

For Part 2 we have four additional vendor disclosures from Sick (3) and Zyxel. There are seven vendor updates from Broadcom (3), ELECOM (2), HPE, and Moxa. Finally, we have an exploit for products from MySCADA.

Advisories

Sick Advisory #1 - Sick published an advisory that describes 15 vulnerabilities in their TDC-X401GL telematic data collector.

Sick Advisory #2 - Sick published an advisory that describes 12 vulnerabilities
(one with publicly available exploit) in their Incoming Goods Suite.

Sick Advisory #3 - Sick published an advisory that discusses an out-of-bounds read vulnerability in their nanoScan3 and microScan3 products.

Zyxel Advisory - Zyxel published an advisory that describes an OS command injection vulnerability in their ZLD firewalls.

Updates

Broadcom Update #1 - Broadcom published an update for their Brocade Fabric advisory that was originally published on January 27^th, 2026.

Broadcom Update #2 - Broadcom published an update for their Brocade Fabric OS advisory that was originally published on January 27^th, 2026.

Broadcom Update #3 - Broadcom published an update for their Brocade Fabric OS advisory that was originally published on January 27^th, 2026.

ELECOM Update #1 - JPCERT published an update for their ELECOM wireless LAN routers advisory that was originally published on August 27^th, 2024, and most recently updated on February 12^th, 2025.

ELECOM Update #2 - JPCERT published an update for their ELECOM wireless LAN routers advisory that was originally published on March 26^th, 2024, and most recently updated on November 26^th, 2024.

HPE Update - HPE published an update for their HPE ProLiant DL/ML/XD, Alletra, and Synergy Servers advisory that was originally published on December 12^th, 2025, and most recently updated on January 5^th, 2026.

Moxa Update - Moxa published an update for their Diffie-Hellman Key Exchange Protocol advisory that was originally published on June 2^nd, 2025, and most recently updated on January 5^th, 2026.

Exploits

MySCADA Exploit - Indoushka published an exploit for an OS command injection vulnerability in the MySCADA MyPRO Manager product.

Review – Public ICS Disclosures – Week of 2-8-25 – Part 3

For Part 3 we have eight additional vendor disclosures from ABB, Schneider (4) and WatchGuard (3). We also have 25 vendor updates from Broadcom (9), Elecom (3), FortiGuard (2), Schneider (2), and Siemens (9). There are 11 researcher reports of vulnerabilities in products from ABB (9), CMU-CERT, and Wattsense. Finally, we have three exploits for vulnerabilities in products from ABB (2) and mySCADA.

Advisories

ABB Advisory - ABB published an advisory that describes three vulnerabilities (one with publicly available exploit) in their FLXeon Controllers.

Schneider Advisory #1 - Schneider published an advisory that describes four vulnerabilities in their ASCO 5310 / 5350 Remote Annunciator.

Schneider Advisory #2 - Schneider published an advisory that describes an improper input validation vulnerability in their Uni-Telway driver.

Schneider Advisory #3 - Schneider published an advisory that describes an improper privilege management vulnerability in their EcoStruxure Process Expert products.

Schneider Advisory #4 - Schneider published an advisory that describes three improper input validation vulnerabilities in their Enerlin’X IFE and eIFE ethernet connectors for circuit breakers.

WatchGuard Advisory #1 - WatchGuard published an advisory that describes an improper input validation vulnerability in their Fireware OS.

WatchGuard Advisory #2 - WatchGuard published an advisory that describes a cross-site scripting vulnerability in their Fireware OS.

WatchGuard Advisory #3 - WatchGuard published an advisory that describes a cross-site scripting vulnerability in their Fireware OS.

Updates

Broadcom Update #1 - Broadcom published an update for their SNMP commands advisory that was originally published on July 30^th, 2024.

Broadcom Update #2 - Broadcom published an update for their SNMP passwords advisory that was originally published on July 30^th, 2024, and most recently updated on September 3^rd, 2024.

Broadcom Update #3 - Broadcom published an update for their third-party SANnav vulnerabilities advisory that was originally published on October 14^th, 2024, and most recently updated on January 7^th, 2025.

Broadcom Update #4 - Broadcom published an update for their third-party Brocade Fabric OS advisory that was originally published on September 26^th, 2024, and most recently updated on November 12^th, 2024.

Broadcom Update #5 - Broadcom published an update for their OpenSSH advisory that was originally published on December 9^th, 2024, and most recently updated on January 7^th, 2025.

Broadcom Update #6 - Broadcom published an update for their third-party Brocade ASCG vulnerabilities advisory that was originally published on January 7^th, 2025.

Broadcom Update #7 - Broadcom published an update for their OpenSSL file names advisory that was originally published on August 1^st 2024.

Broadcom Update #8 - Broadcom published an update for their regreSSHion advisory that was originally published on July 15^th, 2024.

Broadcom Update #9 - Broadcom published an update for their LESSCLOSE advisory that was originally published on November 12^th, 2024.

Elecom Update #1 - JP-CERT published an update for the Elecom wireless LAN router advisory that was originally published on July 30^th, 2024, and most recently updated on August 27^th, 2024.

Elecom Update #2 - JP-CERT published an update for the Elecom and LOGITEC network devices advisory that was originally published on August 10^th, 2023, and most recently updated on August 27^th, 2024.

Elecom Update #3 - JP-CERT published an update for the Elecom wireless LAN routers advisory that was originally published on August 27^th, 2024, and most recently updated on November 26^th, 2024.

FortiGuard Update #1 - FortiGuard published an update for their regreSSHion advisory that was originally published on July 9^th, 2024, and most recently updated on December 19^th, 2024.

FortiGuard Update #2 - FortiGuard published an update for their authentication bypass in Node.js advisory that was originally published on January 14^th, 2025, and most recently updated on January 24^th, 2025.

Schneider Update #1 - Schneider published an update for their FlexNet Publisher advisory that was originally published on January 14^th, 2025.

Schneider Update #2 - Schneider published an update for their Modicon Controllers advisory that was originally published on May 14^th, 2019, and most recently updated on July 9^th, 2024.

Siemens Update #1 - Siemens published an update for their FortiGate NGFW advisory that was originally published on March 12^th, 2024, and most recently updated on September 10^th, 2024.

Siemens Update #2 - Siemens published an update for their OpenSSL (CVE-2022-0778) advisory that was originally published on June 14^th, 2022, and most recently updated on July 9^th, 2024.

Siemens Update #3 - Siemens published an update for their FortiGate NGFW advisory that was originally published on July 9^th, 2024, and most recently updated on December 10^th, 2024.

Siemens Update #4 - Siemens published an update for their TCP Event Service advisory that was originally published on October 11^th, 2022, and most recently updated on March 14^th, 2024.

Siemens Update #5 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on December 12^th, 2023, and most recently updated on January 14^th, 2025.

Siemens Update #6 - Siemens published an update for their Palo Alto Networks PAN-OS advisory that was originally published on November 22^nd, 2024.

Siemens Update #7 - Siemens published an update for their Industrial Real-Time Devices advisory that was originally published on October 8^th, 2019, and most recently updated on September 10^th, 2024.

Siemens Update #8 - Siemens published an update for their SINEC Traffic Analyzer advisory that was originally published on June 11^th, 2025.

Siemens Update #9 - Siemens published an update for their Filesystem Access advisory that was originally published on January 14^th, 2025.

Researcher Reports

ABB Reports - Zero Science published seven reports about vulnerabilities in the ABB Cylon FLXeon building energy management system.

CMU-CERT Report - Zero Science published a report about a stored cross-site scripting vulnerability in CMU-CERT’s Vulnerability Information and Coordination Environment (VINCE).

Wattsense Report - SEC Consult published a report that describes four vulnerabilities in the Wattsense Bridge.

Exploits

ABB Exploit #1 – LiquidWorm published an exploit for a session fixation vulnerability in the ABB Cylon Aspect building energy management system.

ABB Exploit #2 - LiquidWorm published an exploit for a uncontrolled resource consumption vulnerability in the ABB Cylon FLXeon building automation system.

mySCADA Exploit - Michael Heinzl published an exploit for an OS command injection vulnerability in the mySCADA myPRO Manager.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-b1d - subscription required. 

Review – 6 Advisories Published – 1-23-25

Today CISA’s NCCIC-ICS published six control system security advisories for products from HMS, Schneider (3), Hitachi Energy, and mySCADA.

Advisories

HMS Advisory - This advisory describes a cleartext transmission of sensitive information vulnerability in the HMS EWON Flexy 202 IIoT data gateway.

Schneider Advisory #1 - This advisory describes an improper restriction of operations within the bounds of a memory buffer vulnerability in the Schneider EcoStruxure Power Build Rapsody.

Schneider Advisory #2 - This advisory describes an improper privilege-management vulnerability in the Schneider Easergy Studio products.

Schneider Advisory #3 - This advisory describes a cleartext storage of sensitive information vulnerability in the Schneider EVlink Home Smart and Schneider Charge charging stations.

Hitachi Energy Advisory - This advisory describes an improperly implemented security check for standard vulnerability in the Hitachi Energy RTU500 series products.

MySCADA Advisory - This advisory describes two OS command injection vulnerabilities in the mySCADA myPRO products.

 

For more information on these vulnerabilities (four of which have been previously reported here), including a down-the-rabbit-hole look at the coordination process, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-published-1-23-25 - subscription required.

Review – 7 Advisories Published – 11-21-24

Today, CISA’s NCCIC-ICS published seven control system security advisories for products from mySCADA, Schneider (4), CODESYS, and Carrier.

Advisories

mySCADA Advisory - This advisory describes five vulnerabilities in the mySCADA myPRO Manager products.

Schneider Advisory #1 - This advisory describes an uncontrolled resource consumption vulnerability in the Schneider PowerLogic PM5300 series energy meters.

Schneider Advisory #2 - This advisory describes a missing authentication vulnerability in the Schneider EcoStruxure IT Gateway.

Schneider Advisory #3 - This advisory describes an improper input validation vulnerability in the Schneider Modicon M340, MC80, and Momentum Unity M1E products.

CODESYS Advisory - This advisory describes an out-of-bounds read vulnerability in the CODESYS OSCAT Basic Library.

Carrier Advisory - This advisory describes two vulnerabilities in the Carrier (Automated Logic subsidiary) WebCTRL Premium Server.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-published-11-21-24 - subscription required.

Review – Public ICS Disclosures – Week of 8-27-24

This week we have six vendor disclosures for the regreSSHion vulnerability from Cisco, Eaton, Helmholtz, HPE, Moxa, and Red Lion. We have nine additional vendor disclosures from ABB, Broadcom (4), HP, HPE (2), and Western Digital. There are also four vendor updates from Broadcom, Cisco, Hitachi Energy, and HPE. We also have two researcher reports for products from FortiGuard and Pioneer. Finally, we have an exploit for products from mySCADA.

RegreSSHion Advisories

Cisco published an update for their regreSSHion advisory that was originally published on July 2^nd, 2024 and most recently updated on July 26^th, 2024.

Eaton published an advisory that announces that Eaton is investigating the vulnerability, but notes that for most Eaton products, SSH service is disable by default.

Helmholtz – CERT-VDE published an advisory that provides a list of affected products and fixed versions.

HPE published an update for their regreSSHion advisory that was originally published on July 10^th, 2024.

Moxa published an advisory that provides a list of affected and fixed products.

Red Lion Europe – CERT-VDE published an advisory that provides a list of affected products and fixed versions.

Advisories

ABB Advisory - ABB published an advisory that discusses an insufficiently protected credentials vulnerability in their Automation Builder product.

Broadcom Advisory #1 - Broadcom published an advisory that discusses five vulnerabilities (3 with exploits available) in their Brocade Fabric OS.

Broadcom Advisory #2 - Broadcom published an advisory that discusses nine vulnerabilities (2 with exploit code available) in multiple Broadcom products.

Broadcom Advisory #3 - Broadcom published an advisory that describes a command injection vulnerability in their Brocade 6547 (FC5022) embedded switches.

Broadcom Advisory #4 - Broadcom published an advisory that describes a plain-text storage of passwords vulnerability in their Brocade FabricOS.

HMS Advisory - HMS published an advisory that describes six vulnerabilities in their Cosy+ product line.

HP Advisory - HP published an advisory that discusses 214 vulnerabilities in their ThinPro products.

HPE Advisory #1 - HPE published an advisory that discusses 16 vulnerabilities (5 with publicly available exploits) in their Fiber Channel and SAN Switches.

HPE Advisory #2 - HPE published an advisory that discusses four vulnerabilities (one with publicly available exploits) in their Aruba ClearPass Policy Manager product.

Western Digital Advisory - Western Digital published an advisory that describes a code injection vulnerability in their Discovery Desktop App.

Updates

Broadcom Update - Broadcom published an update for their Azul Zulu advisory that was originally published on July 26^th, 2024.

Cisco Update - Cisco published an update for their RADIUS Protocol Spoofing advisory that was originally published on July 10^th, 2024 and most recently updated on July 29^th, 2024.

Hitachi Energy Update - Hitachi Energy published an update for their IED ConnPacks advisory that was originally published on November 15^th, 2022 and most recently updated on June 25^th, 2024.

HPE Update - HPE published an update for their Telecommunication Management Information Platform advisory that was originally published on December 12^th, 2024.

Researcher Reports

FortiGuard Report - IOActive published a report describing a cross-site scripting vulnerability in the FortiGuard SSL VPN web UI.

Pioneer Report - ZDI published three reports of individual vulnerabilities in the Pioneer DMH-WT7600NEX automotive media center.

Exploits

MySCADA Exploit - Michael Heinzl published a Metasploit module for an OS command injection vulnerability in the mySCADA MyPro product.

 

For more details about these disclosures, including links to 3rd party vendors, see my article at CFSN Detailed analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-dae - subscription required.

Review – 3 Advisories and 4 Updates Published

Today, CISA’s NCCIC-ICS published three control system security advisories for products from ICONICS, mySCADA, and Johnson Controls. They also updated advisories for products from Johnson Controls.

Advisories

ICONICS Advisory - This advisory discusses five vulnerabilities (one with known exploit) in the ICONICS product suite.

mySCADA Advisory - This advisory describes a use of hard-coded credentials vulnerability in the mySCADA myPRO product.

Johnson Controls Advisory - This advisory describes an exposure of sensitive information to an unauthorized actor vulnerability in the Johnson Controls Kantech KT series door controllers.

Updates

Johnson Controls Update #1 - This update provides additional information on the Johnson Controls Illustra Essentials Gen 4 advisory that was originally published on June 27^th, 2024.

Johnson Controls Update #2 - This update provides additional information on the Johnson Controls Illustra Essentials Gen 4 advisory that was originally published on June 27^th, 2024.

Johnson Controls update #3 - This update provides additional information on the Johnson Controls Illustra Essentials Gen 4 advisory that was originally published on June 27^th, 2024.

Johnson Controls Update #4 - This update provides additional information on the Johnson Controls Illustra Essentials Gen 4 advisory that was originally published on June 27^th, 2024.

 

For more information on these advisories, including links to 3^rd party advisories, exploits, and a brief look at the timing of the Johnson Controls updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-4-updates-published-026 - subscription required.

Review - 6 Advisories and 1 Update Published – 4-6-23

Today, CISA’s NCCIC-ICS published six control system security advisories for products from mySCADA Technologies, Hitachi Energy, Korenix, JTEKT (2), and Industrial Control Links. They also updated an advisory for products from Rockwell Automation.

Advisories

mySCADA Advisory - This advisory describes five OS command injection vulnerabilities in the mySCADA myPRO products.

Hitachi Energy Advisory - This advisory describes five vulnerabilities in their MicroSCADA System Data Manager SDM600 Product.

Korenix Advisory - This advisory describes three vulnerabilities in the Korenix Jetwave industrial wireless gateways.

JTEKT Advisory #1 - This advisory describes three vulnerabilities in the JTEKT Kostac PLC Programming Software.

JTEKT Advisory #2 - This advisory describes seven vulnerabilities in the JTEKT Screen Creator Advance product.

Industrial Control Link Advisory - This advisory describes an external control of file name or path vulnerability in the ICL ScadaFlex II SCADA Controller SC-1 and SC-2 devices.

NOTE: I previously reported on the vulnerabilities listed in five of the six advisories

Updates

Rockwell Update - This update provides additional information on an advisory that was originally published on February 20^th, 2020.

 

For more details on these advisories, including links to my earlier reports, vendor advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-1-update-published-7aa - subscription required.

Review – Public ICS Disclosures – Week of 9-3-22

This week we have twelve vendor disclosures from Aruba Networks, Helmholz (2), Hitachi, Hitachi Energy (3), HP, MB Connect (2), QNAP and Wireshark. We also have ten vendor updates from HPE (2), MB Connect, and Schneider (7). Finally, we have four researcher reports for products from mySCADA, Berghof, Honeywell, and Tesla.

Aruba Advisory - Aruba published an advisory that describes fourteen vulnerabilities in their ClearPass Policy Manager.

Helmholz Advisory #1 - CERT-VDE published an advisory that describes an observable response discrepancy vulnerability in the Helmholz myREX24 and myREX24.virtual servers.

Helmholz Advisory #2 - CERT-VDE published an advisory that discusses twenty vulnerabilities in the Helmholz myREX24 and myREX24.virtual servers.

Hitachi Advisory - Hitachi published an advisory that discusses 39 vulnerabilities in their Disk Array Systems.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that describes five vulnerabilities in their MicroSCADA Pro/X SYS600 Products.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that discusses two vulnerabilities in their MicroSCADA Pro/X SYS600 Products.

Hitachi Energy Advisory #3 - Hitachi Energy published an advisory that discusses a classic buffer overflow vulnerability in their AFS660/AFS665 series switches.

HP Advisory - HP published an advisory that describes a DLL hijacking vulnerability in their Support Assistant product.

MB Connect Advisory #1- MB Connect published an advisory that describes a user enumeration vulnerability in their mbCONNECT24/mymbCONNECT24 products.

MB Connect Advisory #2 - MB Connect published an advisory that describes an information disclosure vulnerability in their mbCONNECT24/mymbCONNECT24 products.

Wireshark Advisory - Wireshark published an advisory that describes an infinite loop vulnerability in their F5 Ethernet Trailer dissector.

QNAP Advisory - QNAP published an advisory that describes an externally controlled reference to a resource in another sphere vulnerability in their NAS running Photo Station.

HPE Update #1 - HPE published an update for their HPE Superdome Flex advisory that was originally published on June 7^th, 2022 and most recently updated on July 7^th, 2022.

HPE Update #2 - HPE published an update for their Integrated Lights-Out advisory that was originally published on July 28^th, 2022 and most recently updated on August 17^th, 2022.

MB Connect Update #1 - CERT-VDE published an update for their mbCONNECT24 advisory that was originally published on February 16^th, 2021.

MB Connect Update #2 - CERT-VDE published an update for their mbCONNECT24 advisory that was originally published on August 2^nd, 2022.

Schneider Update #1 - Schneider published an update for their FTP Server advisory that was originally published on March 22^nd, 2018 and most recently updated on August 9^th, 2022.

Schneider Update #2 - Schneider published an update for their Modicon Controllers advisory that was originally published on September 26^th, 2019 and most recently updated on August 9^th, 2022.

Schneider Update #3 - Schneider published an update for their EcoStruxure Control Expert advisory that was originally published on July 13^th, 2021 and most recently updated on August 9^th, 2022.

Schneider Update #4 - Schneider published an update for their EcoStruxure Control Expert advisory that was originally published on August 9^th, 2022.

Schneider Update #5 - Schneider published an update for their Modicon PAC Controllers advisory that was originally published on August 9^th, 2022.

Schneider Update #6 - Schneider published an update for their Modicon PAC Controllers advisory that was originally published on August 9^th, 2022.

Schneider Update #7 - Schneider published an update for their Modicon PAC Controllers advisory that originally published on August 10^th, 2021 and most recently updated on August 9^th, 2022.

MySCADA Report - AWESEC published a report with proof-of-concept code on a command injection vulnerability in the mySCADA myPRO HMI/SCADA systems.

Berghof Report - OTORIO published a report discussing a recent hack of Berghoff PLC’s by “a hacktivist group ‘GhostSec’”.

Honeywell Report - SCADAfence published a report describing four vulnerabilities in the Honeywell Alerton Ascent Control Module.

Tesla Report - The Zero Day Initiative published a report about an arbitrary code execution vulnerability in affected Tesla vehicles.

 

For more details about these disclosures, including links to researcher reports and 3rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-5a0 - subscription required.

Review – 2 Advisories Published – 3-24-22

Today, CISA’s NCCIC-ICS published two control system security advisories for products from mySCADA and Yokogawa.

mySCADA Advisory - This advisory describes a command injection vulnerability in the mySCADA myPRO HMI /SCADA products.

Yokogawa Advisory - This advisory describes ten vulnerabilities in the Yokogawa CENTUM and Exaopc products.

NOTE: This advisory is based upon an advisory that was originally published by Yokogawa on January 7^th, 2022 and subsequently updated on February 9^th, 2022.

 

For more details on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-published-3-24-22 - subscription required.

Review - 5 Advisories and 1 Update Published – 12-21-21

Today, CISA’s NCCIC-ICS published four control system security advisories for products from Emerson, WECON, Horner Automation, and mySCADA. They published one medical device security advisory for products from Fresenius Kabi. They also updated a control system security advisory from Schneider.

Emerson Advisory - This advisory describes two vulnerabilities in the Emerson DeltaV distributed control system.

WECON Advisory - This advisory describes two vulnerabilities in the WECON LeviStudioU HMI programming software.

Horner Advisory - This advisory describes an improper input validation vulnerability in the Horner Cscape EnvisionRV remote viewing software.

mySCADA Advisory - This advisory describes eight vulnerabilities in the mySCADA myPRO HMI/SCADA.

Fresenius Advisory -  This medical device advisory describes thirteen vulnerabilities in the Fresenius Kabi Agilia Connect Infusion System.

Schneider Update - This update provides additional information on an advisory that was originally published on December 14^th, 2021.

For more details about these advisories, including an exploit link, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-1-update-published - subscription required.

Review - 7 Advisories and 1 Update Published – 11-9-21

Today, CISA’s NCCIC-ICS published six control system security advisories for products from OSIsoft (2), mySCADA, Siemens, and Schneider (2). They also published one update for an advisory for products from Advantech and one medical device security advisory for products from Philips.

Siemens published 12 other advisories and 10 updates today. I expect that some of those may be addressed by NCCIC-ICS on Thursday. I will address any remaining advisories and updates this weekend.

Schneider published five other advisories and three updates today. It is unlikely that any will be addressed by NCCIC-ICS on Thursday. I will address any remaining advisories and updates this weekend.

OSIsoft Advisory #1 - This advisory describes a cross-site scripting vulnerability in the OSIsoft PI Web API.

OSIsoft Advisory #2 - This advisory describes two vulnerabilities in the OSIsoft PI Vision data management platform.

mySCADA Advisory - This advisory describes a relative path traversal vulnerability in the mySCADA myDESIGNER.

Siemens Advisory - This advisory describes 13 vulnerabilities in the Siemens Nucleus RTOS TCP/IP Stack.

Schneider Advisory #1 - This advisory describes three vulnerabilities in the Schneider GUIcon software.

Schneider Advisory #2 - This advisory describes six vulnerabilities in the Schneider Network Management Cards (NMC) and NMC Embedded Devices.

Philips Advisory - This advisory describes three vulnerabilities in the Philips MRI 1.5T and 3T.

Advantech Update - This update provides additional information for an advisory that was originally published on June 22^nd, 2021.

For more details on the advisories, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-1-update-published - subscription required.

Review - 4 Advisories Published – 8-5-21

Advantech Advisory - This advisory describes three vulnerabilities in the Advantech WebAccess/SCADA software package.

mySCADA Advisory - This advisory describes four vulnerabilities in the mySCADA myPRO product.

FATEK Advisory - This advisory describes three vulnerabilities in the FATEK FvDesigner software tool.

HCC Advisory - This advisory describes 14 vulnerabilities in the HCC Embedded InterNiche TCP/IP stack product.

For more details about the above advisories, including links to the INFRA:HALT report, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-8-5-21 - subscription required.

Public ICS Disclosure – Week of 5-19-18

This week we have one vendor disclosure from Philips, six exploits for previously disclosed vulnerabilities and two exploits for previously undisclosed vulnerabilities.

Philips Disclosure

The Philips security web page mentions vulnerabilities in its EncoreAnywhere hosted web application. No real details available beyond the explanation that a successful exploit could result in “unencrypted communication and improper disclosure of sensitive data”. The page does note that ICS-CERT has been notified, so we may see an advisor from ICS-CERT next week.

t4rkd3vilz Exploits

Researcher t4rkd3vlz has published six new exploits on ExploitDB.com for previously disclosed vulnerabilities. As usual these are mentioned here because ICS-CERT does not update their advisories to reflect new publicly available exploits.

• Siemens SIMATIC S7-1200 CSRF Vulnerability – ICS-CERT reported;

• Schneider Electric PLCs Vulnerabilities – ICS-CERT reported;

• Siemens SIMATIC S7-1200 CPU Web Vulnerabilities – ICS-CERT reported;

• Siemens SIMATIC S7-1500 CPU Denial of Service – ICS-CERT reported;

• Siemens SCALANCE S613 Denial-of-Service Vulnerability – ICS-CERT reported; and

• Honeywell FALCON XLWeb Controllers Vulnerabilities – ICS-CERT reported;

New Exploits

Researcher t4kd3vlz published an additional exploit on ExploitDB.com that appears to be for a previously undisclosed information disclosure vulnerability in the Honeywell Scada System (sic). He (she?, not making assumptions here) usually includes CVE numbers in his description for previously disclosed vulnerabilities and there is none here.

Emre ÖVÜNÇ published an exploit on ExploitDB.com for a hardcoded username and password in the mySCADA myPRO 7.

ICS-CERT Publishes Two Advisories

Yesterday the DHS ICS-CERT published two advisories. One was a medical device security advisory for products from Philips. The other was a control system advisory for products from mySCADA.

Philips Advisory

This advisory describes two vulnerabilities in the Philips IntelliVue MX40 Patient Worn Monitor. The vulnerabilities are self-reported. There are no FDA Safety Communications about these vulnerabilities. Philips has issued an update that mitigates one of the vulnerabilities; another update is due later this year.

The two reported vulnerabilities are:

• Improper cleanup on thrown exception - CVE-2017-9657; and

• Improper handling of exceptional conditions - CVE-2017-9658

ICS-CERT reports that a relatively low skilled attacker with access to an adjacent network could exploit these vulnerabilities to issue 802.11 Wi-Fi management commands that can impact reporting availability of MX40 device local monitoring to a central monitoring station.

mySCADA Advisory

This advisory describes an unquoted search path or element vulnerability in the mySCADA myPRO HMI/SCADA management platform. The vulnerability was reported by Karn Ganeshen, who publicly disclosed the vulnerability on 7-28-17. mySCADA has produced a new version that mitigates the vulnerability. There is no indication that Ganeshen was provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low skilled attacker but authenticated attacker to execute arbitrary code with elevated privileges.

NOTE: Karn is pretty well known for his coordinated disclosure, so this public disclosure is unusual. There are no explanations on either the ICS-CERT or the iPositiveSecurity web site explaining why the early disclosure was made. It would be interesting to know ‘the rest of the story’.