This week we have four vendor disclosures for products from
Phoenix Contact, Philips, BD and Belden. We also have one researcher report on
products from Siemens.
Phoenix Contact Advisory
Phoenix Contact published an
advisory [.PDF download link] describing an unauthenticated web server access
vulnerability in their Emalytics Controllers ILC 2050 BI. The vulnerability was
reported by Anil Parmar. Phoenix Contact has a new version that mitigates the
vulnerability. There is no indication that Parmar has been provided an
opportunity to verify the efficacy of the fix.
Philips Advisory
Philips published an
advisory on the SweynTooth Bluetooth
vulnerabilities. Philips is looking to see if any of their products are
affected.
NOTE: The 12 disclosed vulnerabilities affect the Bluetooth
Low Energy chipsets sold by major SoC vendors, such as Texas Instruments, NXP,
Cypress, Dialog Semiconductors, Microchip,
STMicroelectronics and Telink Semiconductor.
BD Advisory
BD published an
advisory describing Windows® 32K graphics vulnerabilities (CVE-2019-1458
and CVE-2019-1468)
in their products using Windows operating systems. BD is currently working to
test and validate the Microsoft patch for BD products. Microsoft included fixes
for these vulnerabilities in their December 10th, 2019 updates.
Belden Advisory
Belden published an
advisory describing a buffer overflow vulnerability in their Hirschmann
HiOS and HiSecOS devices. The vulnerability was reported by Sebastian Krause
and Toralf Gimpel of GAI NetConsult. Belden has updates available that mitigate
the vulnerability. There is no indication that the researchers have been
provided an opportunity to verify the efficacy of the fix.
Siemens Report
Tenable published a report
describing a denial of service vulnerability in the Siemens TIA Portal. Siemens
published their
advisory on this vulnerability earlier this month. The Tenable report
includes proof of concept code.
Posts
No comments:
Post a Comment