Multiple critical vulnerabilities have been disclosed this week affecting various industrial control systems (ICS) products. Hitachi has issued an advisory regarding 29 vulnerabilities discovered in their Disk Array Systems. Palo Alto Networks is addressing an improper check vulnerability in multiple of their products which could cause a denial of service. Philips has also announced a critical vulnerability concerning an Apache Struts unrestricted file upload issue which could potentially lead to remote code execution.
Additionally, independent security researchers have uncovered several flaws in products by ABB and HMS. Zero Science reported multiple vulnerabilities with publicly available exploits in the ABB Cylon Aspect building energy management product. CyberDanube disclosed a code injection vulnerability, again with a publicly available exploit, in the HMS Ewon Flexy 205. These disclosures highlight the ongoing security challenges in the ICS sector, with vulnerabilities being found across different vendors and product lines.