This week we have four vendor disclosures from Bosch (2), Dell, and VMware. There is an update from CODESYS. We also have three researcher reports for products from Rockwell Automation and Softing (2). Finally, we have an exploit for ScadaBR.
Bosch Advisories
Bosch published an
advisory describing a stack-based buffer overflow in their Rexroth
ActiveMover product using Ethernet IP. This is a third-party (Hilscher)
vulnerability. Bosch has a newer version that mitigates the vulnerabilty.
Bosch published an advisory describing a stack-based buffer overflow in their Rexroth ActiveMover using Profinet. This is a third-party (Hilscher) vulnerability. Bosch provides generic workarounds to mitigate the vulnerability.
Dell Advisory
Dell published an advisory describing a configuration vulnerability in their Wyse ThinOS. The vulnerability was reported by Emanuel Rodrigues. Dell has new versions that mitigate the vulnerability. There is no indication that Rodrigues has been provided an opportunity to verify the efficacy of the fix.
VMware Advisory
VMware has published an advisory describing two vulnerabilities in their vRealize Operations product. The vulnerabilities were reported by Egor Dimitrenko of Positive Technologies. VMware has updates that mitigate the vulnerabilities. There is no indication that Dimitrenko has been provided an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Server-side request forgery - CVE-2021-21975,
and
• Arbitrary file write - CVE-2021-21983
NOTE: Tenable has published a report on these vulnerabilities.
CODESYS Update
CODESYS published an update [.PDF download link] for their Control V3 password handling advisory that was originally published on August 1st, 2019 and most recently updated on May 14th, 2020. The new information includes:
• Enabling online user management by
default,
• Adding additional JIRA reference CDS-73742,
and
• Extending available software updates by V3.5.17.0 update
NOTE: The NCCIC-ICS advisory (ICSA-19-213-04) has not yet been updated.
Rockwell Report
Claroty published a report on the Rockwell FactoryTalk AssetCentre vulnerabilities that were announced earlier this week.
Softing Reports
Gruppo Tim published two reports for vulnerabilities in the Softing AG OPC Toolbox. The reports contain proof of concept code. There is no indication that Softing has been contacted.
The two reported vulnerabilities are:
• Cross-site scripting - CVE-2021-29661,
and
• Cross-site request forgery - CVE-2021-29660
ScadaBR Exploit
Fellipe Oiveira published an exploit for an
arbitrary file upload vulnerability in the ScadaBR. There are no CVEs or
indications that the vendor has been contacted. This may be a 0-day exploit.
No comments:
Post a Comment