This week we have twelve vendor disclosures from ABB, Beckhoff, Broadcom (2), B&R Automation, Delta Industrial Automation, Gerbv, OMRON, PcVue Solutions, Tanzu (2), and VMware. We also have two end-of-life notices from We have one researcher report for products from Swift Sensors. Finally, we have four exploits reported for products from WAGO, Hikvision, Axis, and the PwnKit vulnerability.
ABB Advisory - ABB published an
advisory describing a denial of service vulnerability in their AC 800M MMS.
Beckhoff Advisory - Beckhoff published an
advisory discussing a NULL pointer dereference vulnerability in their products
with OPC UA technology.
NOTE: This vulnerability may be found in other vendor
products utilizing OPC UA technology.
Broadcom Advisory #1 - Broadcom published an advisory
discussing the LOGBACK-1591
vulnerability in their Brocade Fibre Channel Products.
Broadcom Advisory #2 - Broadcom published an
advisory discussing the Log4Shell vulnerabilities.
B&R Advisory - B&R published an
advisory discussing a deserialization of untrusted data vulnerability in
their B&R APROL product line.
NOTE: This vulnerability may affect other vendor products
that use Apache Chainsaw.
Delta Advisory - Incibe CERT published an
advisory describing four vulnerabilities in the Delta CNCSoft ScreenEditor,
and DIAEnergie products.
Gerbv Advisory - Incibe CERT published an
advisory discussing seven vulnerabilities in the Gerbv file view.
Omron Advisory - JP CERT published an advisory describing
five vulnerabilities in the OMRON CX-Programmer.
PcVue Advisory - PcVue published a
notice discussing four vulnerabilities in their Dream Report products.
Tanzu Advisory #1 - Tanzu published an advisory
describing an improper privilege management vulnerability in their Spring Cloud
Gateway.
Tanzu Advisory #2 - Tanzu published an advisory
describing a code injection vulnerability in their Spring Cloud Gateway.
VMware Advisory - VMware published an advisory
describing an uncontrolled search path vulnerability in their VMware Tools for
Windows.
Swift Sensor Report - Cisco Talos published a
report describing an authentication bypass vulnerability in the Swift
Sensor Gateway.
Braun End-of-Life Notices - Braun USA published end-of-life
notices for their Dialog+
Version 8 and Dia70
Portable RO products.
WAGO Exploit - Momen Eldawakhly published an exploit for a privilege
escalation vulnerability in the WAGO 750-8212 PFC200 G2 2ETH RS.
Hikvision Exploit - Bashis published a Metasploit module for a
command injection vulnerability in unspecified Hikvision IP Camera.
Axis Exploit - Jbaines-r7 published a Metasploit module for an
unrestricted upload of applications ‘feature’ in unspecified Axis IP cameras.
PwnKit Exploit - Qualys Security published a Metasploit
module for the PwnKit vulnerability.
For more details about these disclosures, including links to
third-party reports, researcher reports and exploits, see my article at CFSN
Detailed Analysis - - subscription required.
No comments:
Post a Comment