This week we have a two-part posting with the 2nd part being a continued look at the response to the Log4Shell vulnerabilities. For Part 1, we have five vendor disclosures from Advantech, Bosch, B&R Industrial Automation, Hitachi Energy, and VMware. We also have an update from HPE. Finally, there are five researcher reports of vulnerabilities in products from OpenBMCS.
Advantech Advisory - Incibe-Cert published an
advisory describing incorrect default permissions vulnerabilities in four
separate Advantech products.
Bosch Advisory - Bosch published an
advisory describing two vulnerabilities in their AMC2 (Access Modular
Controller).
B&R Advisory - B&R published an
advisory describing RCE through project upload from target vulnerability in
their Automation Studio product.
Hitachi Energy Advisory - Hitachi Energy published an
advisory describing nine vulnerabilities in their MicroSCADA Pro/X SYS600
Products.
VMware Advisory - VMware published an
advisory describing a denial-of-service vulnerability in their VMware
Workstation and Horizon Client products.
HPE Update - HPE published an
update their HPE ProLiant and ProLiant Server Blades advisory that was originally
published on November 10th, 2021.
OpenBMCS Reports - Zero Science published five reports
about vulnerabilities in building management system products from OpenBMCS.
For more details on these disclosures, including links to
3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-8d9
- subscription required.
Posts
No comments:
Post a Comment