This week we have four vendor disclosures related to the QNX RTOS vulnerability from Draeger, GE Healthcare, Medtronic, and Schneider Electric. We also have two vendor disclosures related to the PrintNightmare vulnerabilities from BD, Boston Scientific. We also have eight other vendor disclosures from BD, PEPPERL+FUCHS (2), Hitachi ABB Power Grids, Johnson Controls, Moxa, Siemens, and VMware. Finally, we have two researcher reports for vulnerabilities in products from Altus Sistemas de Automacao, and NetModule.
QNX Advisories
Draeger published an
advisory discussing the QNX RTOS vulnerability.
GE Healthcare published an advisory discussing
the QNX RTOS vulnerability.
Medtronic published an
advisory discussing the QNX RTOS vulnerability.
Schneider published an advisory discussing the QNX RTOS vulnerability.
PrintNightmare Advisories
BD published an
advisory discussing the PrintNightmare vulnerabilities.
Boston Scientific published an advisory discussing the PrintNightmare vulnerabilities.
Other Advisories
BD Advisory - BD published an
advisory discussing the URGENT/11
vulnerabilities.
PEPPERL+FUCHS Advisory #1 - CERT-VDE published
an advisory
describing 19 vulnerabilities in the PEPPERL+FUCHS WirelessHART-Gateway
products.
PEPPERL+FUCHS Advisory #2 - CERT-VDE published
an advisory discussing
the Ripple20
vulnerabilities in the PEPPERL+FUCHS VDM100-Distance Ethernet-IP sensors
Hitachi ABB Advisory - Hitachi ABB published an
advisory discussing the BadAlloc
vulnerabilities.
Johnson Controls
Advisory - Johnson Controls published an
advisory discussing the impact on the out-of-support status of the Window
CE OS on their Kantech KT-1 door controller.
Moxa Advisory - Moxa published an
advisory describing four vulnerabilities in their EDR-810 Series secure
router.
Siemens Advisory - Siemens published an out-of-zone
advisory describing an external control of system or configuration setting
vulnerability in their SINEMA Remote Connect Client.
VMware Advisory - VMware published an advisory describing a denial-of-service vulnerability in their Workspace ONE UEM console.
Researcher Reports
Altus Sistemas de Automacao Report - SEC Consult published
a
report describing three vulnerabilities in PLC products from Altus Sistemas
de Automacao.
NetModule Report - SEC Consult published a
report describing three vulnerabilities in the NetModule router software product.
For more information on the above advisories and reports,
including links to exploits, see my article at CFSN Detailed analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-2e0
- subscription required.
Posts
No comments:
Post a Comment