This week we have two vendor disclosures from Moxa and
Meinberg Global.
Moxa Advisory
Moxa published an
advisory describing a command injection vulnerability in their MGate
5105-MB-EIP Series Protocol Gateways. The vulnerability was reported by Dove
Chiu, Philippe Lin, Charles Perine, Marco Balduzzi, Ryan Flores, and Rainer
Vosseler of Trend Micro. Moxa has a new firmware version that mitigates the vulnerability.
There is no indication that the researchers have been provided an opportunity
to verify the efficacy of the fix.
Meinberg Advisory
Meinberg published an
advisory describing an default SSH keys vulnerability in their SyncBox
PTP/PTPv2. The vulnerability was reported by Simon Winter. Meinberg has a
firmware update tool that allows for the replacement of the SSH keys. There is
no indication that Winter was provided an opportunity to verify the efficacy of
the fix.
NOTE: This advisory contains a surprising amount of detail.
Posts
No comments:
Post a Comment