Saturday, October 9, 2021

Review – Public ICS Disclosures – Week of 10-2-21

This week we have six vendor disclosures from Aruba Networks, Bosch, Lenze, ENDRESS+HAUSER, HPE (2), and WIBU. There is also one researcher report on products from Johnson Controls.

Aruba Advisory - Aruba published an advisory describing six vulnerabilities in their Aruba Instant Access Points product.

Bosch Advisory - Bosch published an advisory describing four vulnerabilities in their Rexroth IndraMotion MLC and IndraLogic XLC products.

Lenze Advisory - CERT-VDE published an advisory discussing three vulnerabilities in a range of products from Lenze.

ENDRESS+HAUSER Advisory - CERT-VDE published an advisory discussing a stack-based buffer overflow vulnerability in the ENDRESS+HAUSER Promass 83 product.

HPE Advisory #1 - HPE published an advisory describing two vulnerabilities in their NonStop SSL Toolkit.

HPE Advisory #2 - HPE published an advisory describing an arbitrary code execution vulnerability in their HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage Arrays products.

WIBU Advisory - WIBU published an advisory describing a denial-of-service vulnerability in their CodeMeter Runtime for Windows product.

Johnson Controls Report - Tenable published a report about two vulnerabilities in the Johnson Controls exacqVision products.

For more details about these advisories, including links to third-party advisories, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */