Merge branch 'main' into main

docs/advisories/20240517001-D-Link-Known-Exploited.md

@@ -0,0 +1,26 @@
+# D-Link Known Exploited Vulnerabilities - 20240517001
+
+## Overview
+
+Recently added to CISA's Known Exploited Vulnerabilities Catalog, there are two D-Link router vulnerabilities that allow access to sensitive information or configurations. Though these are several years old, they have been observed by other organisations to have been exploited recently.
+
+## What is the vulnerability?
+
+| CVE                                                                     | Severity   | CVSS | Product(s) Affected                                         | Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | Dated                | CISA Published |
+| ----------------------------------------------------------------------- | ---------- | ---- | ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- | -------------- |
+| [**CVE-2021-40655**](https://nvd.nist.gov/vuln/detail/CVE-2021-40655)   | **High**   | 7.5  | D-LINK-DIR-605 B2 versions before Firmware Version : 2.01MT | An attacker can obtain a user name and password by forging a post request to the /getcfg.php page                                                                                                                                                                                                                                                                                                                                                                                             | 24th Septermber 2021 | 16th May 2024  |
+| [**CVE-2014-100005**](https://nvd.nist.gov/vuln/detail/CVE-2014-100005) | **Medium** | 6.8  | D-Link DIR-600 firmware before 2.16WW and lower             | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. | 1st January 2015     | 16th May 2024  |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing, however it is known to have been exploited in other organisations worldwide.
+
+## Recommendation
+
+The WA SOC recommends to apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
+
+## Additional Reference
+
+- [**DLink DIR-605**](https://legacy.us.dlink.com/pages/product.aspx?id=2b09e95d90ff4cb38830ecc04c89cee5)
+- [**DLink DIR-600**](https://legacy.us.dlink.com/pages/product.aspx?id=4587b63118524aec911191cc81605283)
+- [**CISA Known Exploited Catalog**](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

docs/advisories/20240517003-CISA-Releases-Seventeen-Industrial-Control-Systems-Advisories.md

@@ -0,0 +1,37 @@
+# CISA Releases Seventeen Industrial Control Systems Advisories - 20240517003
+
+## Overview
+
+CISA released seventeen Industrial Control Systems (ICS) advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
+
+## What is vulnerable?
+
+| Product(s) Affected                                                               | Vendor Advisory                                                                                                                                                    | Dated        |
+| --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ |
+| Siemens Parasolid                                                                 | [ICSA-24-137-01 Siemens Parasolid](https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-01)                                                                 | 16 May, 2024 |
+| Siemens SICAM Products                                                            | [ICSA-24-137-02 Siemens SICAM Products](https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-02)                                                            | 16 May, 2024 |
+| Siemens Teamcenter Visualization and JT2Go                                        | [ICSA-24-137-03 Siemens Teamcenter Visualization and JT2Go](https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-03)                                        | 16 May, 2024 |
+| Siemens Polarion ALM                                                              | [ICSA-24-137-04 Siemens Polarion ALM](https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-04)                                                              | 16 May, 2024 |
+| Siemens Simcenter Nastran                                                         | [ICSA-24-137-05 Siemens Simcenter Nastran](https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-05)                                                         | 16 May, 2024 |
+| Siemens SIMATIC CN 4100 Before V3.0                                               | [ICSA-24-137-06 Siemens SIMATIC CN 4100 Before V3.0](https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-06)                                               | 16 May, 2024 |
+| Siemens SIMATIC RTLS Locating Manager                                             | [ICSA-24-137-07 Siemens SIMATIC RTLS Locating Manager](https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-07)                                             | 16 May, 2024 |
+| Siemens PS/IGES Parasolid Translator Component                                    | [ICSA-24-137-08 Siemens PS/IGES Parasolid Translator Component](https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-08)                                    | 16 May, 2024 |
+| Siemens Solid Edge                                                                | [ICSA-24-137-09 Siemens Solid Edge](https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-09)                                                                | 16 May, 2024 |
+| Siemens RUGGEDCOM CROSSBOW                                                        | [ICSA-24-137-10 Siemens RUGGEDCOM CROSSBOW](https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-10)                                                        | 16 May, 2024 |
+| Siemens RUGGEDCOM APE1808                                                         | [ICSA-24-137-11 Siemens RUGGEDCOM APE1808](https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-11)                                                         | 16 May, 2024 |
+| Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems         | [ICSA-24-137-12 Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems](https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-12)         | 16 May, 2024 |
+| Siemens Industrial Products                                                       | [ICSA-24-137-13 Siemens Industrial Products](https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-13)                                                       | 16 May, 2024 |
+| Rockwell Automation FactoryTalk View SE                                           | [ICSA-24-137-14 Rockwell Automation FactoryTalk View SE](https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-14)                                           | 16 May, 2024 |
+| Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU (Update A) | [ICSA-23-044-01 Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU (Update A)](https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01) | 16 May, 2024 |
+| Mitsubishi Electric MELSEC-Q/L Series (Update A)                                  | [ICSA-24-074-14 Mitsubishi Electric MELSEC-Q/L Series (Update A)](https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14)                                  | 16 May, 2024 |
+| GE Healthcare Ultrasound Products (Update A)                                      | [ICSMA-20-049-02 GE Healthcare Ultrasound Products (Update A)](https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-049-02)                            | 16 May, 2024 |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [CISA Releases Seventeen Industrial Control Systems Advisories](https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-releases-seventeen-industrial-control-systems-advisories)

docs/advisories/20240517005-Git-Patches-Critical-RCE-Vulnerabilities.md

@@ -0,0 +1,26 @@
+# Git Patches Critical RCE Vulnerabilities - 20240517005
+
+## Overview
+
+The Git project has recently addressed a series of critical security vulnerabilities that could expose users to remote code execution and unauthorized data manipulation.
+
+## What is vulnerable?
+
+| CVE                                                               | Severity     | CVSS | Product(s) Affected                                                            |
+| ----------------------------------------------------------------- | ------------ | ---- | ------------------------------------------------------------------------------ |
+| [CVE-2024-32002](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) | **Critical** | 9.0  | **versions before** 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4 |
+| [CVE-2024-32004](https://nvd.nist.gov/vuln/detail/CVE-2024-32004) | **High**     | 8.1  | **versions before** 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4 |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [**Git Security**](https://github.com/git/git/security)
+
+## Additional References
+
+- [Git Patches Critical RCE Vulnerabilities](https://securityonline.info/git-patches-critical-rce-vulnerabilities-cve-2024-32002-cve-2024-32004/)