This week we have sixteen vendor disclosures from ABB, Aruba Networks, Baxter, WAGO (3), Hitachi ABB Power Grids, Hewlett Packard Enterprise, Mitsubishi (2), Moxa (2), OPC Foundation, Philips, and QNAP (2). We also have three vendor updates from CODESYS. There are also 20 researcher reports for products from Fuji Electric. Finally, we have an exploit for products from Geutebruck.
ABB Advisory - ABB published an
advisory describing a remote code execution vulnerability in their Base
Software for SoftControl product.
Aruba Advisory - Aruba published an advisory describing
15 vulnerabilities in their ArubaOS product.
Baxter Advisory - Baxter published an
advisory discussing the PrintNightmare vulnerability.
WAGO Advisory #1 - CERT VDE published an advisory
describing an improper authentication and access control vulnerability in the WAGO
750-36X and WAGO 750-8XX products.
WAGO Advisory #2 - CERT VDE published an advisory discussing
two out-of-bounds read vulnerabilities in the e!COCKPIT and WAGO-I/O-Pro products.
WAGO Advisory #3 - CERT VDE published an advisory describing
a missing release of resources after effective lifetime vulnerability in WAGO
PLCs.
Hitachi ABB Advisory - Hitachi ABB published an
advisory describing a clear-text storage of sensitive information
vulnerability in their System Data Manager – SDM600 products.
HPE Advisory - HPE published an
advisory discussing two vulnerabilities in the SGI UV 300/3000 and HPE
Integrity MC990 X Servers.
Mitsubishi Advisory #1 - Mitsubishi published an
advisory discussing the FragAttacks WiFi
vulnerabilities.
Mitsubishi Advisory #2 - Mitsubishi published an
advisory discussing the BadAlloc vulnerabilities
(Amazon FreeRTOS is the specific product involved here).
Moxa Advisory #1 - Moxa published an
advisory describing 59 vulnerabilities in their TAP-323, WAC-1001, and
WAC-2004 Series Wireless AP/Bridge/Client.
Moxa Advisory #2 - Moxa published an
advisory describing 59 vulnerabilities in their OnCell G3470A-LTE and
WDR-3124A Series Cellular Gateways/Router.
OPC Foundation - OPC Foundation published an
advisory describing an access of memory location after end-of-buffer
vulnerability in their Local Discovery Server.
Philips Advisory - Philips published an advisory
discussing the HiveNightmare
vulnerability.
QNAP Advisory #1 - QNAP published an advisory
describing two vulnerabilities in their QNAP NAS running HBS 3.
QNAP Advisory #2 - QNAP published an advisory
describing an out-of-bounds read vulnerability in their QNAP NAS running QTS,
QuTS hero, and QuTScloud.
CODESYS Update #1 - CODESYS published an
update for their V3 web server advisory that was originally
published on May 19th, 2021 and most
recently updated on July 22nd, 2021.
CODESYS Update #2 - CODESYS published an
update for their V3 web server that was that was originally
published on July 15th, 2021.
CODESYS Update #3 - CODESYS published an
update for their Gateway V3 advisory that was originally
published on July 15th, 2021.
Fuji Electric Reports - The Zero Day Initiative published 20 reports describing 0-day vulnerabilities
in the Fuji Tellus Lite V-Simulator.
Geutebruck Exploit - Titouan Lazard, Sebastien
Charbonnier, and Ibrahim Ayadhi published a Metasploit
module for eight previously
reported vulnerabilities in the Geutebruck G-Cam EEC-2xxx and G-Code
EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices.
For more details on the advisories and reports, including
links to third-party reports and exploits, see my article at CFSN Detailed Analysis
- https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8
- subscription required.
Posts
No comments:
Post a Comment