This week we have two vendor disclosures for products from Moxa and Rockwell Automation.
Moxa Advisory
Moxa published an advisory discussing the Real Time Automation EtherNet/IP vulnerability. Moxa reports that none of their products are affected.
Rockwell Advisory
Rockwell published an advisory describing four vulnerabilities in their FactoryTalk Linx and FactoryTalk Services Platform. While the Rockwell advisory does not credit them with reporting the problems, Tenable has published a report discussing these same vulnerabilities and their disclosure timeline. Rockwell has provided generic mitigation measures.
The four reported vulnerabilities are:
• Unhandled exception (2) - CVE-2020-5801
and CVE-2020-5802, and
• Buffer overflow (2) - CVE-2020-5806 and CVE-2020-5807
NOTE: The Tenable report provides a GitHub
link for proof-of-concept code.
Posts
No comments:
Post a Comment