From 6f2913f7c7fe9e2ea6d23a50121c5cca678b86b5 Mon Sep 17 00:00:00 2001
From: Thiago C <119277395+thiagoai1@users.noreply.github.com>
Date: Fri, 22 Nov 2024 12:06:10 +0800
Subject: [PATCH 1/9] Please review Advisory 20241122002

---
 .../20241122002-New-ICS-Advisories.md         | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 docs/advisories/20241122002-New-ICS-Advisories.md

diff --git a/docs/advisories/20241122002-New-ICS-Advisories.md b/docs/advisories/20241122002-New-ICS-Advisories.md
new file mode 100644
index 00000000..6d934ca4
--- /dev/null
+++ b/docs/advisories/20241122002-New-ICS-Advisories.md
@@ -0,0 +1,20 @@
+# New ICS Advisories - 20241122002
+
+## Overview
+
+CISA has released multiple advisories for Industrial Control Systems (ICS) related vendors.
+
+## What is vulnerable?
+
+| Vendor  |
+| ------- |
+| Automated Logic |
+| CODESYS |
+| Schneider Electric |
+| mySCADA |
+
+## Recommendation
+
+The WA SOC recommends administrators review relevant advisories and apply the recommended actions to all affected devices.
+
+- CISA: https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-releases-seven-industrial-control-systems-advisories

From e7e559802036309e5e85e32d492a6b08c2dbfd2e Mon Sep 17 00:00:00 2001
From: thiagoai1 <thiagoai1@users.noreply.github.com>
Date: Fri, 22 Nov 2024 04:06:57 +0000
Subject: [PATCH 2/9] Format markdown docs

---
 docs/advisories/20241122002-New-ICS-Advisories.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/advisories/20241122002-New-ICS-Advisories.md b/docs/advisories/20241122002-New-ICS-Advisories.md
index 6d934ca4..f870057d 100644
--- a/docs/advisories/20241122002-New-ICS-Advisories.md
+++ b/docs/advisories/20241122002-New-ICS-Advisories.md
@@ -6,12 +6,12 @@ CISA has released multiple advisories for Industrial Control Systems (ICS) relat
 
 ## What is vulnerable?
 
-| Vendor  |
-| ------- |
-| Automated Logic |
-| CODESYS |
+| Vendor             |
+| ------------------ |
+| Automated Logic    |
+| CODESYS            |
 | Schneider Electric |
-| mySCADA |
+| mySCADA            |
 
 ## Recommendation
 

From dbdacefbeb915c381b4572b446e5131c6b080ada Mon Sep 17 00:00:00 2001
From: JadonWill <117053393+JadonWill@users.noreply.github.com>
Date: Fri, 22 Nov 2024 12:14:27 +0800
Subject: [PATCH 3/9] Update 20241122002

Hyperlink formatting
---
 docs/advisories/20241122002-New-ICS-Advisories.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/advisories/20241122002-New-ICS-Advisories.md b/docs/advisories/20241122002-New-ICS-Advisories.md
index f870057d..88b952e5 100644
--- a/docs/advisories/20241122002-New-ICS-Advisories.md
+++ b/docs/advisories/20241122002-New-ICS-Advisories.md
@@ -17,4 +17,4 @@ CISA has released multiple advisories for Industrial Control Systems (ICS) relat
 
 The WA SOC recommends administrators review relevant advisories and apply the recommended actions to all affected devices.
 
-- CISA: https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-releases-seven-industrial-control-systems-advisories
+- CISA: <https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-releases-seven-industrial-control-systems-advisories>

From 8861121045192e40fac5be2db6494f42d32b0d78 Mon Sep 17 00:00:00 2001
From: Thiago C <119277395+thiagoai1@users.noreply.github.com>
Date: Wed, 8 Jan 2025 13:38:59 +0800
Subject: [PATCH 4/9] Advisory 20250108001

---
 ...1-Oracle-WebLogic-Mitel-Vulnerabilities.md | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md

diff --git a/docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md b/docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md
new file mode 100644
index 00000000..0160b69b
--- /dev/null
+++ b/docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md
@@ -0,0 +1,34 @@
+# Known Exploited Oracle WebLogic and Mitel Vulnerabilities - 20250108001
+
+## Overview
+
+The WA SOC has been made aware of exploits released for a high vulnerabilities in Oracle WebLogic and Mitel products. 
+
+The Oracle vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability.
+
+The Mitel MiCollab vulnerability could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. 
+A successful exploit of this vulnerability could allow an attacker to gain unauthorised access, with potential impacts to the confidentiality, integrity, and availability of the system.
+
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s) | CVE                                                                                                                                      | CVSS         | Severity                                                       |
+| ------------------- | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------- |
+| Oracle WebLogic Server      | Version 10.3.6.0.0  <br> Version <=12.2.1.4.0  | [CVE-2020-2883](https://www.cve.org/CVERecord?id=CVE-2020-2883)                                                                        | 9.8          | **Critical**                                   |
+| Mitel MiCollab      | Version  9.8 SP1 FP2 (9.8.1.201) and earlier	  | [CVE-2024-41713](https://www.cve.org/CVERecord?id=CVE-2024-41713) <br> [CVE-2024-55550](https://www.cve.org/CVERecord?id=CVE-2024-55550) | 9.8 <br> 2.7 | **Critical** <br> Low |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Oracle: <https://www.oracle.com/security-alerts/cpuapr2020.html>
+- Mitel: <https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029>
+
+
+## Additional References
+
+- Zero Day Initiative: <https://www.zerodayinitiative.com/advisories/ZDI-20-504/

From b9902242eb6b2ef80a9262da9540800a5ce1c675 Mon Sep 17 00:00:00 2001
From: thiagoai1 <thiagoai1@users.noreply.github.com>
Date: Wed, 8 Jan 2025 05:39:38 +0000
Subject: [PATCH 5/9] Format markdown docs

---
 ...8001-Oracle-WebLogic-Mitel-Vulnerabilities.md | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md b/docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md
index 0160b69b..f9e07221 100644
--- a/docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md
+++ b/docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md
@@ -2,20 +2,19 @@
 
 ## Overview
 
-The WA SOC has been made aware of exploits released for a high vulnerabilities in Oracle WebLogic and Mitel products. 
+The WA SOC has been made aware of exploits released for a high vulnerabilities in Oracle WebLogic and Mitel products.
 
 The Oracle vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability.
 
-The Mitel MiCollab vulnerability could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. 
+The Mitel MiCollab vulnerability could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation.
 A successful exploit of this vulnerability could allow an attacker to gain unauthorised access, with potential impacts to the confidentiality, integrity, and availability of the system.
 
-
 ## What is vulnerable?
 
-| Product(s) Affected | Version(s) | CVE                                                                                                                                      | CVSS         | Severity                                                       |
-| ------------------- | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------- |
-| Oracle WebLogic Server      | Version 10.3.6.0.0  <br> Version <=12.2.1.4.0  | [CVE-2020-2883](https://www.cve.org/CVERecord?id=CVE-2020-2883)                                                                        | 9.8          | **Critical**                                   |
-| Mitel MiCollab      | Version  9.8 SP1 FP2 (9.8.1.201) and earlier	  | [CVE-2024-41713](https://www.cve.org/CVERecord?id=CVE-2024-41713) <br> [CVE-2024-55550](https://www.cve.org/CVERecord?id=CVE-2024-55550) | 9.8 <br> 2.7 | **Critical** <br> Low |
+| Product(s) Affected    | Version(s)                                    | CVE                                                                                                                                      | CVSS         | Severity              |
+| ---------------------- | --------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------- |
+| Oracle WebLogic Server | Version 10.3.6.0.0 <br> Version \<=12.2.1.4.0 | [CVE-2020-2883](https://www.cve.org/CVERecord?id=CVE-2020-2883)                                                                          | 9.8          | **Critical**          |
+| Mitel MiCollab         | Version 9.8 SP1 FP2 (9.8.1.201) and earlier   | [CVE-2024-41713](https://www.cve.org/CVERecord?id=CVE-2024-41713) <br> [CVE-2024-55550](https://www.cve.org/CVERecord?id=CVE-2024-55550) | 9.8 <br> 2.7 | **Critical** <br> Low |
 
 ## What has been observed?
 
@@ -28,7 +27,6 @@ The WA SOC recommends administrators apply the solutions as per vendor instructi
 - Oracle: <https://www.oracle.com/security-alerts/cpuapr2020.html>
 - Mitel: <https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029>
 
-
 ## Additional References
 
-- Zero Day Initiative: <https://www.zerodayinitiative.com/advisories/ZDI-20-504/
+- Zero Day Initiative: \<https://www.zerodayinitiative.com/advisories/ZDI-20-504/

From aaed6a197227f7aae7041e239ec7ad5811d6005d Mon Sep 17 00:00:00 2001
From: JadonWill <117053393+JadonWill@users.noreply.github.com>
Date: Wed, 8 Jan 2025 14:14:46 +0800
Subject: [PATCH 6/9] Update 20250108001

---
 .../20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md b/docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md
index f9e07221..89aef58a 100644
--- a/docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md
+++ b/docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md
@@ -29,4 +29,4 @@ The WA SOC recommends administrators apply the solutions as per vendor instructi
 
 ## Additional References
 
-- Zero Day Initiative: \<https://www.zerodayinitiative.com/advisories/ZDI-20-504/
+- Zero Day Initiative: <https://www.zerodayinitiative.com/advisories/ZDI-20-504/>

From e5148033a1b5aecb9526aa089c9d2f59685d9cda Mon Sep 17 00:00:00 2001
From: JadonWill <117053393+JadonWill@users.noreply.github.com>
Date: Wed, 8 Jan 2025 14:15:48 +0800
Subject: [PATCH 7/9] Rename 20250108001

---
 ...1-Oracle-WebLogic-Mitel-Vulnerabilities-Known-Exploitation.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename docs/advisories/{20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md => 20250108001-Oracle-WebLogic-Mitel-Vulnerabilities-Known-Exploitation.md} (100%)

diff --git a/docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md b/docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities-Known-Exploitation.md
similarity index 100%
rename from docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities.md
rename to docs/advisories/20250108001-Oracle-WebLogic-Mitel-Vulnerabilities-Known-Exploitation.md

From 1db3fc6c1c9d82894f5b0eba1192d1151c620d1f Mon Sep 17 00:00:00 2001
From: Thiago C <119277395+thiagoai1@users.noreply.github.com>
Date: Wed, 22 Jan 2025 10:51:06 +0800
Subject: [PATCH 8/9] Advisory 20250122003

---
 .../20250122003-CISA-ICS-Advisories.md        | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 docs/advisories/20250122003-CISA-ICS-Advisories.md

diff --git a/docs/advisories/20250122003-CISA-ICS-Advisories.md b/docs/advisories/20250122003-CISA-ICS-Advisories.md
new file mode 100644
index 00000000..23bc3f5c
--- /dev/null
+++ b/docs/advisories/20250122003-CISA-ICS-Advisories.md
@@ -0,0 +1,19 @@
+# CISA Releases New ICS Advisories - 20250122003
+
+## Overview
+
+CISA has released three advisories for Industrial Control Systems (ICS) related vendors.
+
+## What is vulnerable?
+
+| Vendor                |
+| --------------------- |
+| TCAS       |
+| Siemens               |
+| ZF                    |
+
+## Recommendation
+
+The WA SOC recommends administrators review relevant advisories and apply the recommended actions to all affected devices.
+
+- CISA: <https://www.cisa.gov/news-events/alerts/2025/01/21/cisa-releases-three-industrial-control-systems-advisories>

From 79028271817ea4e7171971bc9f5b2ff68f189c93 Mon Sep 17 00:00:00 2001
From: thiagoai1 <thiagoai1@users.noreply.github.com>
Date: Wed, 22 Jan 2025 02:51:45 +0000
Subject: [PATCH 9/9] Format markdown docs

---
 docs/advisories/20250122003-CISA-ICS-Advisories.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/advisories/20250122003-CISA-ICS-Advisories.md b/docs/advisories/20250122003-CISA-ICS-Advisories.md
index 23bc3f5c..a84655f0 100644
--- a/docs/advisories/20250122003-CISA-ICS-Advisories.md
+++ b/docs/advisories/20250122003-CISA-ICS-Advisories.md
@@ -6,11 +6,11 @@ CISA has released three advisories for Industrial Control Systems (ICS) related
 
 ## What is vulnerable?
 
-| Vendor                |
-| --------------------- |
-| TCAS       |
-| Siemens               |
-| ZF                    |
+| Vendor  |
+| ------- |
+| TCAS    |
+| Siemens |
+| ZF      |
 
 ## Recommendation