Saturday, January 22, 2022

Review - Public ICS Disclosures – Week of 1-15-22 – Part 1

This week we have a two-part posting with the 2nd part being a continued look at the response to the Log4Shell vulnerabilities. For Part 1, we have five vendor disclosures from Advantech, Bosch, B&R Industrial Automation, Hitachi Energy, and VMware. We also have an update from HPE. Finally, there are five researcher reports of vulnerabilities in products from OpenBMCS.

Advantech Advisory - Incibe-Cert published an advisory describing incorrect default permissions vulnerabilities in four separate Advantech products.

Bosch Advisory - Bosch published an advisory describing two vulnerabilities in their AMC2 (Access Modular Controller).

B&R Advisory - B&R published an advisory describing RCE through project upload from target vulnerability in their Automation Studio product.

Hitachi Energy Advisory - Hitachi Energy published an advisory describing nine vulnerabilities in their MicroSCADA Pro/X SYS600 Products.

VMware Advisory - VMware published an advisory describing a denial-of-service vulnerability in their VMware Workstation and Horizon Client products.

HPE Update - HPE published an update their HPE ProLiant and ProLiant Server Blades advisory that was originally published on November 10th, 2021.

OpenBMCS Reports - Zero Science published five reports about vulnerabilities in building management system products from OpenBMCS.


For more details on these disclosures, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */