This week we have eight vendor disclosures from B&R Automation (2), CODESYS, Moxa (3), Tanzu, and Wireshark. We also have a vendor update from CODESYS. Finally, we have 26 researcher reports of vulnerabilities in products from Open Design Alliance.
B&R Advisory #1 - B&R published an
advisory discussing the NUMBER:JACK
vulnerabilities.
B&R Advisory #2 - B&R published an
advisory describing two vulnerabilities in their Automation Studio and PVI
Windows Services.
CODESYS Advisory - CODESYS published an
advisory describing an improper certificate validation vulnerability in
their Git distributed version control system.
Moxa Advisory #1 - Moxa published an
advisory describing four vulnerabilities in their ioPAC 8500 and ioPAC 8600
Series (IEC Models) Controllers.
Moxa Advisory #2 - Moxa published an
advisory discussing the recently reported Realtek
SDK Router vulnerabilities.
Moxa Advisory #3 - Moxa published an advisory
discussing the INFRA:HALT
vulnerabilities.
Tanzu Advisory - Tanzu published an advisory
describing an out-of-memory error vulnerability in their Spring AMQP product.
Wireshark Advisory - Wireshark published an advisory
describing a NULL pointer dereference vulnerability in their Modbuss dissector.
CODESYS Update - CODESYS published an
update for their Gateway V3 advisory that was originally published on March
29th, 2021 and most
recently updated on November 18th, 2021.
ODA Reports - The Zero Day Initiative published 26 reports about vulnerabilities in 12 separate CVEs in the ODA viewer.
For more details about these advisories, updates and
reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-195
- subscription required.
Posts
No comments:
Post a Comment