Review – Public ICS Disclosures – Week of 12-10-21 – Part 1

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

This week I am going to have to do a three-part report instead of the standard two-part for the weekend following 2nd Tuesday. Part 3 will deal with just Log4Shell advisories. So, for Part 1, we have 17 vendor advisories from Braun (2), Draeger, FANUC, Hitachi Energy (4), HPE, Mitsubishi Electric, Moxa, Rockwell Automation, QNAP (3), Sick, and VMware (2).

Braun Advisory #1 – Braun (USA) published an advisory discussing the NUCLEUS:13 vulnerabilities.

Braun Advisory #2 – Braun (USA) published an advisory discussing the INFRA:HALT vulnerabilities.

Draeger Advisory – Draeger published an advisory describing a privilege escalation vulnerability in their Service Connect Gateway.

FANUC Advisory – FANUC published an advisory describing two vulnerabilities in their Robot Controllers.

Hitachi Energy Advisory #1 – Hitachi Energy published an advisory discussing the BadAlloc vulnerabilities in their PWC600 controller.

Hitachi Energy Advisory #2 – Hitachi Energy published an advisory discussing the BadAlloc vulnerabilities in their GMS600 monitoring device.

Hitachi Energy Advisory #3 – Hitachi Energy published an advisory discussing the BadAlloc vulnerabilities in their Relion REB500 intelligent electronic devices (IEDs).

Hitachi Energy Advisory #4 – Hitachi Energy published an advisory discussing the BadAlloc vulnerabilities in their Relion 670, 650 series and SAM600-IO IEDs.

HPE Advisory – HPE published an advisory describing a buffer overflow vulnerability in their HPE Gen10 and Gen10 Plus Servers.

Mitsubishi Advisory – Mitsubishi published an advisory discussing three of the INFRA:HALT vulnerabilities in their MELSEC Series Remote I/O.

Moxa Advisory – Moxa published an advisory describing a command injection vulnerability in their NPort W2150A/W2250A Series Serial Device Servers.

Rockwell Advisory – Rockwell published an advisory discussing two vulnerabilities in their 1783 network address translation router (NATR).

QNAP Advisory #1 – QNAP published an advisory describing a stack-based buffer overflow vulnerability in their Surveillance Station.

QNAP Advisory #2 – QNAP published an advisory describing a reflected XSS vulnerability in their Kazoo Server.

QNAP Advisory #3 – QNAP published an advisory describing an improper authentication vulnerability in their Qfile for Android application.

Sick Advisory – Sick published an advisory describing three vulnerabilities in their SOPAS ET software.

VMware Advisory #1 – VMware published an advisory describing a

Read more