This week we have two vendor disclosures from Drager and
Moxa. We also have two possible 0-day exploits for products from AVEVA.
Drager Advisory
Drager published an
advisory describing two vulnerabilities in their SC Monitoring product line.
The vulnerabilities were reported by Jeroen Slobbe and Max Grim. The products have
reached end-of-life and no mitigation measures are being offered by Drager.
The two reported vulnerabilities are:
• Denial of service; and
• Hard-coded credentials
Moxa Advisory
Moxa published an
advisory concerning the URGENT/11
vulnerabilities. They report that none of their products are affected.
AVEVA Exploits
Chuyreds published
exploit code for a denial of service vulnerability in the AVEVA InTouch Machine.
There is no report of a CVE number or vendor coordination in the document so
this may be a 0-day vulnerability.
Chuyreds published
exploit code for a denial of service vulnerability in the AVEVA InduSoft Web
Studio. There is no report of a CVE number or vendor coordination in the document
so this may be a 0-day vulnerability.
NOTE: The exploits look very similar, so this probably
reflects a common vulnerability in the two products. I do not see an AVEVA advisory
for the two products with a similar vulnerability.
Posts
No comments:
Post a Comment