Saturday, August 28, 2021

Review - Public ICS Disclosures – Week of 8-21-27

This week we have six vendor disclosures from B&R, OPC Foundation, HPE, Red Lion, VMware (2). We also have one update from Mitsubishi. We also have one researcher report for products from Braun.

B&R Advisory - B&R published an advisory discussing the INFRA:HALT vulnerabilities.

OPC Foundation Advisory - The OPC Foundation published an advisory describing an access of memory location after end of buffer vulnerability in their Local Discovery Server (LDS).

HPE Advisory - HPE published an advisory describing five vulnerabilities in their FlexNetworking, Flexfabric, and MSR switches and routers.

Red Lion Advisory - Red Lion published an advisory describing an SSH port forwarding vulnerability in their DA50A and DA70A modular gateways.

VMware Advisory #1 - VMware published an advisory describing a cross-site scripting vulnerability in their vRealize Log Insight.

VMware Advisory #2 - VMware published an advisory describing six vulnerabilities in their vRealize Operations product.

Mitsubishi Update - Mitsubishi published an update for their TCP Protocol Stack advisory that was originally published on September 1st, 2020 and most recently updated on May 18th, 2021

Braun Report - McAffee published a report describing five vulnerabilities in the B Braun Infusomat Space Large Volume Pump.


For more details on these advisories, including links to third-party advisories and exploits, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */