This week we have two new vendor notifications for products
from Schneider Electric and PTC. We also have a vendor update from BD.
Schneider Advisory
This advisory
describes an insufficient verification of data authenticity vulnerability in
the Schneider Modicon M221. The vulnerability was reported by Eran Goldstein of
CRITIFENCE. Schneider reports on workarounds to mitigate the vulnerability.
There is no indication that Goldstein has been provided an opportunity to
verify the efficacy of the fix.
PTC Advisory
This advisory describes
three vulnerabilities in the PTC ThingWorx Platform. The vulnerability was
reported by Matteo Tomaselli from the SEC
Consult Vulnerability Lab. PTC has new versions that mitigate the
vulnerabilities. There is no indication that Tomaselli has been provided an
opportunity to verify the efficacy of the fix.
The three reported vulnerabilities are:
• Disclosure of User Password
Hashes to Privileged Users - CVE-2018-17216;
• Disclosure of Encrypted
Credentials and Use of Hard-Coded Passwords - CVE-2018-17217; and
• Reflected Cross-Site Scripting - CVE-2018-17218
BD Update
This update
provides additional information on an advisory that was originally
published on May 22, 2018. The update provides previously promised
mitigation measures.
Posts
No comments:
Post a Comment