Saturday, December 4, 2021

Review - Public ICS Disclosures – Week of 11-27-21

This week we have eight vendor disclosures from B&R Automation (2), CODESYS, Moxa (3), Tanzu, and Wireshark. We also have a vendor update from CODESYS. Finally, we have 26 researcher reports of vulnerabilities in products from Open Design Alliance.

B&R Advisory #1 - B&R published an advisory discussing the NUMBER:JACK vulnerabilities.

B&R Advisory #2 - B&R published an advisory describing two vulnerabilities in their Automation Studio and PVI Windows Services.

CODESYS Advisory - CODESYS published an advisory describing an improper certificate validation vulnerability in their Git distributed version control system.

Moxa Advisory #1 - Moxa published an advisory describing four vulnerabilities in their ioPAC 8500 and ioPAC 8600 Series (IEC Models) Controllers.

Moxa Advisory #2 - Moxa published an advisory discussing the recently reported Realtek SDK Router vulnerabilities.

Moxa Advisory #3 - Moxa published an advisory discussing the INFRA:HALT vulnerabilities.

Tanzu Advisory - Tanzu published an advisory describing an out-of-memory error vulnerability in their Spring AMQP product.

Wireshark Advisory - Wireshark published an advisory describing a NULL pointer dereference vulnerability in their Modbuss dissector.

CODESYS Update - CODESYS published an update for their Gateway V3 advisory that was originally published on March 29th, 2021  and most recently updated on November 18th, 2021.

ODA Reports - The Zero Day Initiative published 26 reports about vulnerabilities in 12 separate CVEs in the ODA viewer.

For more details about these advisories, updates and reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-195 - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */