This week we have four vendor disclosures for products from
Meinberg, Johnson Controls, Eaton and Boston Scientific. There is a researcher
report of vulnerabilities in products from Proscend. There are also two exploit
reports for products from Wago and Schneider.
Meinberg Advisory
Meinberg published an
advisory describing 21 vulnerabilities in their LANTIME firmware. The
vulnerabilities were reported by Michal
Bazyli and Jakub Palaczynski. Meinberg has new firmware versions that mitigate
the vulnerabilities. There is no indication that the researchers have been
provided an opportunity to verify the efficacy of the fix.
NOTE: Nope, not going to do it. See the advisory.
Johnson Controls Advisory
Johnson Controls published an
advisory [.docx download link] describing a third-party java script
vulnerability in their Metasys Server software. This vulnerability is
apparently self-reported. Johnson Controls recommends removing the Kibana service.
NOTE: There are a number of other vulnerabilities reported
for the same Kibana open source product on elastic web site.
Eaton Advisory
Eaton published an
advisory describing three vulnerabilities in their SMP Gateway. These
vulnerabilities are self-reported. Eaton has a new version that mitigates the
vulnerability.
The three reported vulnerabilities are:
• Heap-based buffer overflow - CVE-2017-2780
and CVE-2017-2781; and
• Integer overflow - CVE-2017-2782
NOTE: These vulnerabilities affect the processing of x509
certificates in establishing TLS or SSL connections.
Boston Scientific Advisory
Boston Scientific published an
advisory for the Windows
CryptoAPI vulnerability in their products. They report that they are
unaware of any of their products affected by this vulnerability.
Proscend Disclosure
xploited published a
report describing a remote code execution vulnerability in the Proscend
M302-L / M302-LG series are industrial-grade 4G LTE Cellular Routers. There is
no indication that xploited has notified Proscend of the vulnerability, so this
may be a 0-day vulnerability.
WAGO Exploit
0X483D published a Metasploit exploit for an authenticated
remote code execution vulnerability in the WAGO PFC200. There is no CVE
provided for the vulnerability and no indication that WAGO has been notified.
This may be a 0-day vulnerability.
Schneider Exploit
COSMIN CRACIUN published an exploit for an authenticated
command injection vulnerability in the Schneider U.Motion Builder. This
vulnerability was
reported by Schneider in April 2018.
Posts
No comments:
Post a Comment