This week we have ten vendor disclosures from Advantech, Hitachi, Hitachi Energy (2), Moxa (2), QNAP (2), and VMware. There is also an update from Mitsubishi. Additionally, we have two researcher reports for vulnerabilities for products from PerFact and Philips. Finally, we have an exploit for a product from ModbusTools.
Advantech Advisory - Advantech published an
advisory describing five sets of vulnerabilities (each set corresponding to
a separate Talos report containing multiple vulnerabilities) in their R-SeeNet
application.
Hitachi Advisory - Hitachi published an
advisory discussing 24 vulnerabilities in their Disk Array Systems.
Hitachi Energy Advisory #1 - Hitachi Energy published
an
advisory describing two vulnerabilities in their XMC20 product.
Hitachi Energy Advisory #2 - Hitachi Energy published
an
advisory describing two vulnerabilities in their FOX61x product.
Moxa Advisory #1 - Moxa published an
advisory describing eleven vulnerabilities in their ioLogik E2200 Series
Controllers and I/Os.
Moxa Advisory #2 - Moxa published an
advisory describing three vulnerabilities in their NPort IAW5000A-I/O
Series Servers.
QNAP Advisory #1 - QNAP published an advisory
describing an improper authentication vulnerability in their VS Series NVR.
QNAP Advisory #2 - QNAP published an advisory
describing a command injection vulnerability in their VS Series NVR.
VMware Advisory - VMware published an advisory
describing two vulnerabilities in their vCenter Server.
Mitsubishi Update - Mitsubishi published an
update for their GENESIS64 and MC Works64 advisory that was originally
published on October 21st, 2021.
PerFact Report - Claroty published a
report describing vulnerabilities in VPN products in use in industrial
applications including a previously unpublished server-side request forgery
vulnerability in products from PerFact.
Philips Report - Nozomi Networks published a report describing five vulnerabilities
in patient monitoring products from Philips.
ModbusTools Exploit - Yehia Elghaly published an exploit for an improper restriction of operations within the bounds of a memory buffer vulnerabilty in the Modbus Slave tool from ModbusTools.
For more details on these advisories, updates, reports and
exploits, including links to supporting third-party vulnerabilities, researcher
reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-857
- subscription required.
Posts
No comments:
Post a Comment