This week we have 14 vendor disclosures from ABB, AUMA
Riester, Broadcom, Eclipse, HPE, Philips, Phoenix Contact, Siemens (2), SMA, VMware
(2), Weidmueller, and Wiesemann & Theis.
Advisories
ABB Advisory - ABB
published an
advisory that describes 32 vulnerabilities (all with publicly available
exploits) in their ASPECT Enterprise, NEXUS Series, and Matrix series products.
AUMA Advisory - CERT-VDE published an advisory that describes
a classic buffer overflow vulnerability in multiple AUMA Riester products.
Broadcom Advisory -
Broadcom published an
advisory that discusses two vulnerabilities in multiple Brocade products.
Eclipse Advisory -
Eclipse published an
advisory that describes an XML external entity reference vulnerability in
the Eclipse.
HPE Advisory - HPE
published an
advisory that discusses 13 vulnerabilities (one with publicly available
exploit) in their NonStop servers.
Philips Advisory -
Philips published an
advisory that discusses two vulnerabilities (both listed in CISA’s KEV
catalog) in their 860343 - ST80i product (applicable to software only products).
Phoenix Contact Advisory
- Phoenix Contact published an
advisory that describes an allocation of resources without limit or throttling
vulnerability in AXL F BK and IL BK bus couplers.
Siemens Advisory #1 - Siemens published an
advisory that describes an improper verification of cryptographic signature
vulnerability in their SiPass integrated AC5102 / ACC-G2 and ACC-AP products.
Siemens Advisory #2 - Siemens published an
advisory that describes an out-of-bounds read vulnerability in their SiPass
integrated products.
SMA Advisory - CERT-VDE
published an advisory
that describes an incorrect resource transfer between spheres vulnerability in
the SMA Classic Portal.
VMware Advisory #1 - Broadcom published an
advisory that describes three vulnerabilities in the VMware Cloud
Foundation product.
VMware Advisory #2 - Broadcom published an advisory that
describes four vulnerabilities in multiple VMware products.
Weidmueller Advisory - CERT-VDE published an advisory that discusses
an uncontrolled resource consumption vulnerability in the Weidmueller ResMa
product.
Wiesemann Advisory - CERT-VDE published an advisory that discusses
a cross-site scripting vulnerability (with known public exploits) in multiple
Wiesemann & Theis products.
For more information on these disclosures, including links to 3rd
party advisories, researcher reports, and exploits, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-19e
- subscription required.