This week is busier than normal for a week that does not include 2nd Tuesday, so we are going with a two-part listing. For Part 1 we have ten vendor disclosures from B&R Automation (3), PEPPERL+FUCHS, MB Connect, CODESYS (4), and Dell.
B&R Advisory #1 - B&R published an
advisory describing a DLL hijacking vulnerability in their Automation Studio
product.
B&R Advisory #2 - B&R published an
advisory discussing the ZipSlip
directory traversal vulnerability in their Automation Studio Project Import
program.
B&R Advisory #3 - B&R published an
advisory describing a file handling vulnerability in their Automation
Studio program.
PEPPERL+FUCHS Advisory - CERT VDE published an advisory discussing
an improper restriction of XML external entity reference vulnerability in the
PEPPERL+FUCHS DTM and VisuNet product lines.
MB Connect Advisory - CERT VDE published an
advisory describing an observable response discrepancy vulnerability in the
MB Connect mbCONNECT24 and mymbCONNECT24 products.
CODESYS Advisory #1 - CODESYS published an
advisory describing three vulnerabilities in their V2 runtime systems
product line.
CODESYS Advisory #2 - CODESYS published an
advisory describing four vulnerabilities in their V2 Web Server.
CODESYS Advisory #3 - CODESYS published an
advisory describing an improper handling of exceptional conditions
vulnerability in their V2 runtime systems containing the CODESYS TCP/IP
communication driver.
CODESYS Advisory #4 - CODESY published an
advisory describing two vulnerabilities in their Control V2 product line.
Dell Advisory - Dell published an advisory discussing an out-of-bounds read vulnerability in their Dell Wyse Device Agent for Windows 10 IoT Enterprise product.
For additional information on these advisories, including
links to third-party advisories and researcher reports, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-d18
- subscription required.
Posts
No comments:
Post a Comment