Merry Christmas. This has been another busy week for ICS disclosures. Part 1 today will be normal vulnerabilities and Part 2 (probably tomorrow) will be Log4Shell disclosures.
This week we have six vendor disclosures from ABB, IDEC Corporation, QNAP, Hitachi Energy (2), and Johnson Controls. We also have twelve researcher reports for products from Garrett (7) and Open Design Alliance (5).
ABB Advisory - ABB published an
advisory describing an MMS file transfer vulnerability in their Distribution
Automation products.
IDEC Advisory - JPCERT published an advisory [link added 18:40 EST 1-6-22] for four
vulnerabilities in the IDEC PLCs.
QNAP Advisory - JPCERT published an advisory
describing two vulnerabilities in the QNAP VioStar series NVR.
Hitachi Energy Advisory #1 - Hitachi Energy published
an
advisory describing four vulnerabilities in their LinkOne product.
Hitachi Energy Advisory #2 - Hitachi Energy published
an
advisor discussing seven vulnerabilities in their Data Manager (SDM600)
product.
Johnson Controls Advisory - Johnson Controls
published an
advisory describing an unspecified vulnerability in their American Dynamics
VideoEdge NVR.
NOTE: It looks like this has been reported to NCCIC-ICS, so
we may see an advisory from them next week
Garrett Reports - Talos published seven reports covering
nine vulnerabilities in the Garrett Metal Detectors used for security
screening.
ODA Reports - The Zero Day Initiative published five reports covering vulnerabilities in the ODA Drawings Explorer product.
For more details on these advisories, including links to
third-party advisories, see my report at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-12
- subscription required.
Posts
No comments:
Post a Comment