Saturday, July 24, 2021

Review - Public ICS Disclosures – Week of 7-17-21

This week we have seven vendor disclosures from MB connect (3), CODESYS, Dell (2) and Ruckus. We have five researcher reports for products from Schneider Electric, Advantech, and KevinLAB (3).

MB connect Advisory #1 - CERT-VDE published an advisory describing two vulnerabilities in the MB connect mymbCONNECT24, mbCONNECT24 products.

MB connect Advisory #2 - CERT-VDE published an advisory discussing two vulnerabilities in the MB connect mymbCONNECT24, mbCONNECT24 products.

MB connect Advisory #3 - CERT-VDE published an advisory describing two vulnerabilities in the MB connect mbDIALUP product.

CODESYS Advisory - CODESYS published an advisory describing a null pointer dereference vulnerability in their EtherNetIP protocol stack.

Dell Advisory #1 - Dell published an advisory discussing a null pointer dereference vulnerability in their Wyse ThinOS product line.

Dell Advisory #2 - Dell published an advisory describing two sensitive item disclosure vulnerabilities in their Wyse ThinOS product line.

Ruckus Advisory - Ruckus published an advisory describing an improper handling of an error condition vulnerability in their SmartZone Controller.

Schneider Report - SEC Consult published a report describing two vulnerabilities in the Schneider Electric EVlink product.

Advantech Report - The Zero Day Initiative published a report describing a lack of authentication vulnerability for the Advantech WebAccess/NMS.

KevinLAB Report #1 - Zero Science published a report describing a path traversal information disclosure vulnerability in the KevinLab Building Energy Management System (BEMS) product.

KevinLAB Report #2 - Zero Science published a report describing an SQL injection vulnerability in the KevinLAB BEMS product.

KevinLAB Report #3 - Zero Science published a report describing a back-door account vulnerability in the KevinLAB BEMS product.

For more details on the vulnerability reports and links to exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-c10 - subscription required.

Posted by at
Labels: , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */