Saturday, December 28, 2019

Public ICS Disclosures – Week of 12-21-19

This holiday week we had two vendor disclosures from HMS and Thales Group.

HMS Advisory

HMS published an advisory describing a cross-site scripting vulnerability in their Flexy and Cosy industrial routers. The vulnerability was reported by Ander Martínez from Titanium Industrial Security. HMS has a new firmware version that mitigates the vulnerability. There is no indication that Martinez has been provided an opportunity to verify the efficacy of the fix.

Thales Advisory

Gemalto published an advisory describing a vulnerability in their Sentinel LDK License Manager. Details about the vulnerability are restricted to registered customers only.

Happy Holidays

No comments:

/* Use this with templates/template-twocol.html */