CISA ICS Advisory: Vulnerabilities in WebCTRL, Vitogate, MOVEit, OpenSSL

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability ID and Date**: - Vulnerability ID: CARR-PSA-2024-04 - Release Date: November 21, 2024 2. **Affected Product**: - Product: Automated Logic WebCTRL & Carrier i-Vu 3. **Vulnerability Description**: - Vulnerability Type: Unrestricted File Upload and Open Redirect vulnerabilities 4. **CVE ID**: - CVE-2024-8525 - CVE-2024-8526 5. **ICSAC ID**: - ICSA-24-326-01 6. **Affected Product**: - Product: Viessmann Vitogate 300 7. **Vulnerability Description**: - Vulnerability Type: Viessmann Vitogate 300 vulnerabilities 8. **CVE ID**: - CVE-2023-5222 - CVE-2023-5702 - CVE-2023-45852 9. **Affected Product**: - Product: Progress Software MOVEit vulnerabilities 10. **Vulnerability Description**: - Vulnerability Type: Apache Shiro authentication bypass vulnerabilities 11. **CVE ID**: - Not Applicable 12. **Affected Product**: - Product: OpenSSL 3.0 vulnerabilities 13. **Vulnerability Description**: - Vulnerability Type: Text4Shell Remote code execution vulnerability 14. **CVE ID**: - Not Applicable 15. **Affected Product**: - Product: Spring4Shell Remote code execution vulnerability 16. **Vulnerability Description**: - Vulnerability Type: Okta - Lapsus$ Compromise summary 17. **CVE ID**: - Not Applicable 18. **Affected Product**: - Product: Log4j Remote code execution vulnerabilities 19. **Vulnerability Description**: - Vulnerability Type: Weak authentication and communication channel vulnerabilities 20. **CVE ID**: - Not Applicable 21. **Affected Product**: - Product: Automated Logic WebCTRL & Carrier i-Vu 22. **Vulnerability Description**: - Vulnerability Type: Open redirect vulnerability 23. **CVE ID**: - Not Applicable 24. **Affected Product**: - Product: Hills ComNav 25. **Vulnerability Description**: - Vulnerability Type: Weak authentication and communication channel vulnerabilities 26. **CVE ID**: - Not Applicable 27. **Affected Product**: - Product: Automated Logic WebCTRL & Carrier i-Vu 28. **Vulnerability Description**: - Vulnerability Type: Open redirect vulnerability 29. **CVE ID**: - Not Applicable 30. **Affected Product**: - Product: Hills ComNav 31. **Vulnerability Description**: - Vulnerability Type: Weak authentication and communication channel vulnerabilities 32. **CVE ID**: - Not Applicable 33. **Affected Product**: - Product: Automated Logic WebCTRL & Carrier i-Vu 34. **Vulnerability Description**: - Vulnerability Type: Open redirect vulnerability 35. **CVE ID**: - Not Applicable 36. **Affected Product**: - Product: Hills ComNav 37. **Vulnerability Description**: - Vulnerability Type: Weak authentication and communication channel vulnerabilities 38. **CVE ID**: - Not Applicable 39. **Affected Product**: - Product: Automated Logic WebCTRL & Carrier i-Vu 40. **Vulnerability Description**: - Vulnerability Type: Open redirect vulnerability 41. **CVE ID**: - Not Applicable 42. **Affected Product**: - Product: Hills ComNav 43. **Vulnerability Description**: - Vulnerability Type: Weak authentication and communication channel vulnerabilities 44. **CVE ID**: - Not Applicable 45. **Affected Product**: - Product: Automated Logic WebCTRL & Carrier i-Vu 46. **Vulnerability Description**: - Vulnerability Type: Open redirect vulnerability 47. **CVE ID**: - Not Applicable 48. **Affected Product**: - Product: Hills ComNav 49. **Vulnerability Description**: - Vulnerability Type: Weak authentication and communication channel vulnerabilities 50. **CVE ID**: - Not Applicable 51. **Affected Product**: - Product: Automated Logic WebCTRL & Carrier i-Vu 52. **Vulnerability Description**: - Vulnerability Type: Open redirect vulnerability 53. **CVE ID**: - Not Applicable 54. **Affected Product**: - Product: Hills ComNav 55. **Vulnerability Description**: - Vulnerability Type: Weak authentication and communication channel vulnerabilities 56. **CVE ID**: - Not Applicable 57. **Affected Product**: - Product: Automated Logic WebCTRL & Carrier i-Vu 58. **Vulnerability Description**: - Vulnerability Type: Open redirect vulnerability 59. **CVE ID**: - Not Applicable 60. **Affected Product**: - Product: Hills ComNav 61. **Vulnerability Description**: - Vulnerability Type: Weak authentication and communication channel vulnerabilities 62. **CVE ID**: - Not Applicable 63. **Affected Product**: - Product: Automated Logic WebCTRL & Carrier i-Vu 64. **Vulnerability Description**: - Vulnerability Type: Open redirect vulnerability 65. **CVE ID**: - Not Applicable 66. **Affected Product**: - Product: Hills ComNav 67. **Vulnerability Description**: - Vulnerability Type: Weak authentication and communication channel vulnerabilities 68. **CVE ID**: - Not Applicable 69. **Affected Product**: - Product: Automated Logic WebCTRL & Carrier i-Vu 70. **Vulnerability Description**: - Vulnerability Type: Open redirect vulnerability 71. **CVE ID**: - Not Applicable 72. **Affected Product**: - Product: Hills ComNav 73. **Vulnerability Description**: - Vul

Goal Reached Thanks to every supporter — we hit 100%!

CISA ICS Advisory: Vulnerabilities in WebCTRL, Vitogate, MOVEit, OpenSSL