Public ICS Disclosures – Week of 7-13-24
This week we have three vendor disclosures on the regreSSHion vulnerability from Bosch, Broadcom, HMS We have 14 additional vendor disclosures from ABB, Dell, Fujitsu, Hitachi, HP (4), HPE (3), Rockwell (2), and Wireshark. There are also five vendor updates from BD and HPE (4). Finally, we have four researcher reports about vulnerabilities in products from Asus, Synology, and Unitronics (2).
RegreSSHion Advisories
Bosch published an advisory that lists affected products and fixed versions.
Broadcom published an advisory that lists the products that are not affected.
HMS published an advisory that lists the affected products and announces that fixes have been applied.
ABB Advisory
ABB published an advisory that describes an unquoted search path or element vulnerability in their Mint Workbench product. The vulnerability was reported by Yoav Yehudai of Novartis. The latest version of the product mitigates the vulnerability. There is no indication that Yehudai has been provided an opportunity to verify the efficacy of the fix.
Dell Advisory
Dell published an advisory that lists a large number (nope, I am not counting them all) of 3rd party vulnerabilities in their ThinOS product. Dell has new versions that mitigate the vulnerabilities.
Fujitsu Advisory
JP-CERT published an advisory that describes a path traversal vulnerability in the Fujitsu Network Edgiot GW1500 product. The vulnerability was reported by Eddy HUYNH & Jonathan PAUC from LCIE - BUREAU VERITAS CPS. Fujitsu has a new version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.
Hitachi Advisory
Hitachi published an advisory that discusses 42 vulnerabilities in their Disc Array Systems products. These are third-party (Microsoft) vulnerabilities. Hitachi has new versions that mitigate the vulnerabilities.
HP Advisories
HP published an advisory that describes a buffer overflow vulnerability in multiple desk top computers. The vulnerability was reported by Ac1d. HP has SoftPaqs that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.
HP published an advisory that describes two privilege escalation vulnerabilities in their display control software. The vulnerabilities were reported by Lockheed Martin Red Team. HP has SoftPaqs that mitigate the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.
NOTE: The HP Security Bulletins page lists two additional advisories (here and here), but neither page currently opens.
HPE Advisories
HPE published an advisory that describes a remote bypass of a security restriction vulnerability in their 3PAR Service Processor Software. HPE has a new version that mitigates the vulnerability.
HPE published an advisory that discusses 17 vulnerabilities (one with known exploits) in their Unified OSS Console Assurance Monitoring (UOCAM) product. These are third-party vulnerabilities. HPE has a new version that mitigates the vulnerability.
The following vulnerability has publicly available exploits:
Out-of-bounds write - CVE-2022-48622 (contains Proof-of-Concept code)
HPE published an advisory that discusses two vulnerabilities in their ProLiant DL/ML/XL, Synergy, Edgeline and Alletra Servers. These are third-party (OpenSSL) vulnerabilities. HPE has new BIOS versions that mitigate the vulnerabilities.
The two reported vulnerabilities are:
NULL pointer dereference - CVE-2024-0727, and
Improper check for exceptional or unusual conditions - CVE-2023-5678
Rockwell Advisories
Rockwell published an advisory that describes an improper input validation vulnerability in their SequenceManager Server. Rockwell has a new version that mitigates the vulnerability.
Rockwell published an advisory that describes an improper input validation vulnerability in their 5015 – AENFTXT product. Rockwell has a new version that mitigates the vulnerability.
NOTE: These are the two advisories that I mentioned on Tuesday.
Wireshark Advisory
Wireshark published an advisory that describes a packet injection vulnerability in their SPRT dissector product. Wireshark has a new version that mitigates the vulnerability.
BD Update
BD published an update for their Third-Party ESET advisory that was originally published on March 29th, 2024. The new information includes announcing that an ESET update that mitigates the vulnerability has been automatically furnished to registered owners.
HPE Updates
HPE published an update for their Intel Thunderbolt Driver advisory that was originally published on May 14th, 2024 and most recently updated on June 17th, 2024. The new information includes updating SoftPaq information for some Desktop Workstations.
HPE published an update for their Intel PROSet/Wireless WiFi and Bluetooth advisory that was originally published on May 14th, 2024 and most recently updated on June 17th, 2024. The new information includes adding product list and update information for Desktop Workstation PCs.
HPE published an update for their Intel Chipset Device Software advisory that was originally published on June 28th, 2024. The new information includes updating version and SoftPaq information for some Business Notebooks, Business Desktops, and Point-of-Sales Systems.
HPE published an update for their Intel 2024.1 IPU - Chipset Software advisory that was originally published on March 13th, 2024 and most recently updated on April 10th, 2024. The new information includes:
Updating SoftPaq information for Business Notebooks, and
Changing Consumer Notebooks and Consumer Desktops status to not impacted.
Asus Report
BugProve published a report describing a stack-based buffer overflow vulnerability in the Asus RT-AC87U router. The report includes proof-of-concept code. This was a coordinated disclosure. Asus has a new version that BugProve confirmed fixed the vulnerability.
Synology Report
Claroty published a report that describes a classic buffer overflow vulnerability in the Synology BC 500 IP camera. The report includes proof-of-concept code. This was a coordinated disclosure and Synology previously disclosed the vulnerability.
Unitronics Reports
Claroty published two reports about individual vulnerabilities in the Unitronics Vision Plc. This was a coordinated disclosure and Unitronics has a new version that mitigates the vulnerabilities.
The two reported vulnerabilities are:
Use of potentially dangerous function - CVE-2024-38434, and
Improper check or handling of exceptional conditions - CVE-2024-38435