Today I am taking an out-of-band look at ICS vendor disclosures for the Log4Shell vulnerability. I have not looked at my list of medical device vendors for this post, I may look at those later this week. For this post we have 20 vendor disclosures from Aruba, Broadcom, CODESYS, Dell, GE (2), HMS (5), HPE, Hitachi Energy, Johnson Controls, QNAP, Rockwell, Ruckus, SonicWall (update), VMware and Wind River. I am using a slightly different format for this post, separating advisories into four groups; not affected, still looking, affected products list, and mitigation.
Not Affected
CODESYS published a notice that
none of their products are affected.
HMS published an
advisory reporting that their Argos and HMS Hub web services are not affected.
HMS published an advisory reporting that their Ixxat products are not affected.
Vendors Still Looking at the Vulnerability
GE published a generic
Log4Shell advisory.
GE published an
advisory.
HMS published an
advisory for their Anybus product line.
HMS published an
advisory for their WEBfactory product line.
Hitachi Energy published an
advisory.
Meinberg published an
advisory.
QNAP published an advisory.
Johnson Controls published an advisory.
Vendors With Affected Product Lists
Aruba published an
advisory.
HPE published an
advisory.
Ruckus published an
advisory.
SonicWall published an
update for an advisory that was originally
published on December 10th, 2021.
Wind River published an advisory.
Vendors With Mitigation Measures
Broadcom published an
advisory.
Dell published an
advisory for their Dell Wyse Management Suite.
HMS published an
advisory for their EWON products.
Rockwell published an
advisory.
VMware published an update for their advisory was originally published on December 10th, 2021.
For more details about these advisories, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-log4shell
- subscription required.
Posts
No comments:
Post a Comment