Saturday, October 30, 2021

Review - Public ICS Disclosures – Week of 10-23-21 – Part 1

This week is busier than normal for a week that does not include 2nd Tuesday, so we are going with a two-part listing. For Part 1 we have ten vendor disclosures from B&R Automation (3), PEPPERL+FUCHS, MB Connect, CODESYS (4), and Dell.

B&R Advisory #1 - B&R published an advisory describing a DLL hijacking vulnerability in their Automation Studio product.

B&R Advisory #2 - B&R published an advisory discussing the ZipSlip directory traversal vulnerability in their Automation Studio Project Import program.

B&R Advisory #3 - B&R published an advisory describing a file handling vulnerability in their Automation Studio program.

PEPPERL+FUCHS Advisory - CERT VDE published an advisory discussing an improper restriction of XML external entity reference vulnerability in the PEPPERL+FUCHS DTM and VisuNet product lines.

MB Connect Advisory - CERT VDE published an advisory describing an observable response discrepancy vulnerability in the MB Connect mbCONNECT24 and mymbCONNECT24 products.

CODESYS Advisory #1 - CODESYS published an advisory describing three vulnerabilities in their V2 runtime systems product line.

CODESYS Advisory #2 - CODESYS published an advisory describing four vulnerabilities in their V2 Web Server.

CODESYS Advisory #3 - CODESYS published an advisory describing an improper handling of exceptional conditions vulnerability in their V2 runtime systems containing the CODESYS TCP/IP communication driver.

CODESYS Advisory #4 - CODESY published an advisory describing two vulnerabilities in their Control V2 product line.

Dell Advisory - Dell published an advisory discussing an out-of-bounds read vulnerability in their Dell Wyse Device Agent for Windows 10 IoT Enterprise product.

For additional information on these advisories, including links to third-party advisories and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-d18 - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */