Review – Public ICS Disclosures – Week of 5-21-22 – Part 1

This has been a fairly busy disclosure week which will require two parts to list completely. For Part 1 we have seventeen vendor disclosures from ABB, CONTEC, Fuji Electric (2), HPE (2), Meinberg, Open Automation, QNAP (2), VMware (2), Western Digital, Xylem (3), and Yokogawa.

ABB Advisory – ABB published an advisory that describes two vulnerabilities in their e-Design product.

CONTEC Advisory – JP CERT published an advisory that describes an OS command injection vulnerability (with publicly available exploit) in the CONTEC SolarView Compact.

Fuji Advisory #1 – JP CERT published an advisory that describes five vulnerabilities in the Fuji V-SFT product.

Fuji Advisory #2 – JP CERT published an advisory that describes three vulnerabilities in the Fuji V-SFT, V-Server and V-Server Lite products.

HPE Advisory #1 – HPE published an advisory that describes an escalation of privilege vulnerability in their Version Control Repository Manager Installer.

HPE Advisory #2 – HPE published an advisory that discusses the Psychic Signatures vulnerability in their IceWall Products.

NOTE: This is going to be an interesting third-party vulnerability. The researcher report is well worth reading.

Meinberg Advisory – Meinberg published an advisory that discusses two vulnerabilities (one with publicly available exploit) in their LANTIME Firmware.

Open Automation Advisory – Incibe CERT published an advisory that describes eight vulnerabilities in the Open Automation Software OAS Platform.

QNAP Advisory #1 – QNAP published an advisory that describes a cross-site request forgery vulnerability in their NAS running Proxy Server.

QNAP Advisory #2 – QNAP published an

Read more

Explore the site

More from the blog

Latest News