Saturday, October 16, 2021

Review - Public ICS Disclosures – Week of 10-9-21 – Part 1

This week we have nine vendor disclosures from Aruba Networks, Braun, DrayTek, Omron, Hitachi, SonicWall, and VMware (3). We also have an update from Yokogawa. Finally, there are four researcher reports for products from Fuji Electric.

Aruba Advisory - Aruba published an advisory describing 18 vulnerabilities in their ClearPass Policy Manager product.

Braun Advisory - Braun published an advisory discussing the Ripple20 vulnerabilities.

DrayTek Advisory - DrayTek published an advisory describing two vulnerabilities in their VigorConnect software.

Omron Advisory - JPCERT published an advisory describing an out-of-bounds read vulnerability in the Omron CX-Supervisor.

Hitachi Advisory - Hitachi published an advisory discussing 30 vulnerabilities in their Disk Array Systems.

SonicWall Advisory - SonicWall published an advisory describing a host header redirection vulnerability in their SonicOS product.

VMware Advisory #1 - VMware published an advisory describing a server side request forgery in their vRealize Operations products.

VMware Advisory #2 - VMware published an advisory describing a CSV injection vulnerability in their vRealize Log Insight product.

VMware Advisory #3 - VMware published an advisory describing an open redirect vulnerability in their vRealize Orchestrator product.

Yokogawa Update - Yokogawa published an update for their Ripple20 advisory that was originally published on May 31st, 2021.

Fuji Reports - The Zero Day Initiative published four reports of 0-day vulnerabilities in the Alpha5 Servo Operator product from Fuji Electric.

For more details on this disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-61d - subscription required.


No comments:

 
/* Use this with templates/template-twocol.html */