This week we have two vendor disclosures for products from Bosch
and Schneider and an update from Schneider.
Bosch Advisory
Bosch published an advisory
describing three vulnerabilities in their ProSyst mBS SDK and Bosch IoT Gateway
Software. The vulnerabilities are being self-reported. Bosch has new versions
that mitigate the vulnerabilities.
The three reported vulnerabilities are:
• Path traversal - CVE-2019-11601;
• Server-side request forgery - CVE-2019-11897; and
• Information exposure through an error message - CVE-2019-11602
Schneider Advisory
Schneider published an advisory
for the latest Microsoft® Remote Desktop Services (DejaBlue)
vulnerabilities in their products running on machines using various MS
operating systems. Generic mitigations are provided. Schneider does provide the
following warning about applying the MS patches that should mitigate these vulnerabilities:
“Please note that as of the date of
this publication, it is unclear how Microsoft’s patches and updates will affect
systems performance. Therefore, customers should proceed with caution when
applying these patches to critical operating systems and/or
performance-constrained systems. We strongly recommend evaluating the impact of
these patches in a Test and Development environment or on an offline
infrastructure.”
NOTE: This advisory has already been updated twice.
Schneider Update
Schneider published an
update for their advisory on the Wind River VxWorks vulnerabilities in
their products. They changed the affected products list by:
• Removin Modicon M580 Ethernet / Serial RTU Module;
and
• Adding Modicon eX80 - BMEAHI0812 HART Analog Input
Module
Posts
No comments:
Post a Comment