This week we have four vendor disclosures from ABB, Belden, GE Digital, and Ruckus. There is also an update from Rockwell and Honeywell published an end-of-life notice.
ABB Advisory
ABB published an advisory describing a web-server denial of service vulnerability in their AC500 V2 products. The vulnerability was reported by Richard Thomas and Tom Chothia of the University of Birmingham. ABB has no mitigation measures for this vulnerability.
Belden Advisory
Belden published an advisory describing a denial of service vulnerability in the Hirschmann HiOS platform. The vulnerability was reported by the French Cybersecurity Agency (ANSSI). Belden has updates available that mitigate the vulnerability. There are no indications that the researchers have been provided an opportunity to verify the efficacy of the fix.
GE Advisory
GE published an advisory describing three unnamed vulnerabilities in their iFix HMI/SCADA product. The vulnerabilities were reported by Sharon Brizinov of Claroty and William Knowles with Applied Risk. GE has an upgrade that mitigates the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.
Ruckus Advisory
Ruckus published an advisory describing a CLI passphrase vulnerability in their AP and ZD products. The vulnerability is apparently self-reported. No mitigation measures are described.
Rockwell Update
Rockwell published an update for the AENT Flex I/O Series B advisory that was originally published on October 12th, 2020. The new information includes adding a sixth classic buffer overflow vulnerability, CVE-2020-6088.
NOTE: Talos published a report this week covering this vulnerability. It included proof-of-concept code.
Honeywell EOL Notice
Honeywell published an end-of-life
notice for their Maxpro VMS/NVR products.
No comments:
Post a Comment