Saturday, June 12, 2021

Review - Public ICS Disclosures – Week of 6-5-21 – Part 1

This week we have fifteen vendor disclosures from Bosch, Circutor (2), Dell, Gallagher (7), QNAP (3), and Xylem. We also have a researcher report for products from New Electronic Technologies. Finally we have exploits for products from VMware and Solar-Log (2).

Vendor Reports

Bosch published an advisory describing five vulnerabilities in their IP Cameras.

Incibe-CERT published an advisory describing an improper authentication vulnerability in the Circutor SGE-PLC1000 device.

Incibe-CERT published an advisory describing an OS command injection vulnerability in the Circutor SGE-PLC1000 device.

Dell published an advisory discussing the VMware vCenter Server vulnerabilities.

Gallagher Advisories - Gallagher published seven advisories describing vulnerabilities in the Command Centre Server.

QNAP published an advisory describing an improper access control vulnerability in their QNAP NAS Helpdesk products.

QNAP published an advisory describing an inclusion of sensitive information in QSS vulnerability in their QNAP Switches.

QNAP published an advisory describing an out-of-bounds read vulnerability in their QNAP Switches.

Xylem published an advisory discussing the Rockwell ISaGRAF Runtime vulnerabilities in their Flygt MultiSmart pump station management system.

Researcher Reports

The Russian BDU FSTEC published a report describing a privilege management vulnerability in the New Technologies Titanium CNC PLC module.

Exploits

Johnny Yu published an exploit for a heap-based buffer overflow vulnerability in the VMware vCenter Server.

Luca Chiou published an exploit for an unprotected storage of credentials vulnerability in the Solar-Log Energy Management System.

Luca Chiou published an exploit for an incorrect access control vulnerability in the Solar-Log Energy Management System.

For a more detailed look at these vulnerabilities, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-723 (subscription required).

No comments:

 
/* Use this with templates/template-twocol.html */