For Part 2 we have 12 additional vendor disclosures from Hitachi Energy (3), JUMO, MB connect (2), METTLER TOLEDO, Moxa, NI, Phoenix Contact, and QNAP (2).
Advisories
Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that discusses two vulnerabilities (one with publicly available exploit) in their ITT600 Explorer product.
Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that describes a heap-based buffer overflow vulnerability in their MACH HiDraw product.
Hitachi Energy Advisory #3 - Hitachi Energy published an advisory that describes four vulnerabilities in their RTU500 product.
JUMO Advisory - CERT-VDE published an advisory that discusses an improper input validation vulnerability (with publicly available exploit) in multiple JUMO products.
MB connect Advisory #1 - MB connect published an advisory that describes an SQL injection vulnerability in their mbCONNECT24 and mymbCONNECT24 products.
MB connect Advisory #2 - MB connect published an advisory that describes two vulnerabilities in in their mbNET/mbNET.rokey and mbNET.mini products.
METTLER TOLEDO Advisory - CERT-VDE published an advisory that discusses two vulnerabilities (one with publicly available exploit) in their EVA Karl Fischer titrator software.
Moxa Advisory - Moxa published an advisory that discusses the Copy Fail and Dirty Frag vulnerabilities.
NI Advisory - NI published an advisory that describes a missing authentication for critical function vulnerability in their SystemLink Enterprise product.
Phoenix Contact Advisory - Phoenix Contact published an advisory that describes two vulnerabilities in their PLCnext firmware.
QNAP Advisory #1 - QNAP published an advisory that discusses the Dirty Frag vulnerabilities.
QNAP Advisory #2 - QNAP published an advisory that discusses the Copy Fail vulnerability.
For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-f0a - subscription required.
Posts
