This week we have four vendor disclosures for products from
ABB, Schneider, Sick, and Yokogawa and
one vendor update for products from Schneider.
ABB Advisory
ABB published an
advisory reporting that two of the Wind River URGENT/11 vulnerabilities affected
their AC 800M controllers. ABB provides generic work arounds while it is
working on new versions to mitigate the vulnerabilities.
Schneider Advisory
Schneider published an
advisory describing the Microsoft Windows® DejaBlue vulnerabilities
in a list of Schneider products. Schneider recommends applying the appropriate
Windows updates for some products and provides generic workarounds for others.
Schneider Update
Schneider published an
update for their advisory on the effect of the BlueKeep {Microsoft® RDP
vulnerability (CVE-2019-0708)}
on a list of their products. They added “Conext Control” to list of affected
products.
Sick Advisory
Sick published an
advisory describing a buffer overflow vulnerability in the Sick FX0-GENT00000
and FX0-GPNT00000 safety controllers. The vulnerability was reported by the security-testlab
team of Fraunhofer IOSB. Sick has a new firmware version that mitigates the
vulnerability. There is no indication that the researchers have been provided
an opportunity to verify the efficacy of the fix.
Yokogawa Advisory
Yokogawa published an
advisory describing an unquoted service path vulnerability in a list of
their products. This vulnerability is self-reported. Yokogawa has new versions
and patches to mitigate the vulnerability.
Posts
No comments:
Post a Comment