A busy week with lots of SpringShell and DirtyPipe disclosures, so there will be two parts this week. In this part we have 24 vendor disclosures from Aruba, Barco, Bentley (8), Braun, Broadcom (3), Carrier, Weidmueller, WAGO, CODESYS (6), and FANUC.
Aruba Advisory - Aruba published an advisory
discussing the SpringShell vulnerabilities.
Barco Advisory - Barco published an advisory
discussing the DirtyPipe vulnerability.
Bentley Advisory #1 - Bentley published an
advisory describing two use after free vulnerabilities in the Bentley MicroStation
and MicroStation-based applications.
Bentley Advisory #2 - Bentley published an
advisory describing three stack-based buffer overflow vulnerabilities in
the Bentley MicroStation and MicroStation-based applications.
Bentley Advisory #3 - Bentley published an
advisory describing an out-of-bounds write vulnerability in the Bentley MicroStation
and MicroStation-based applications.
Bentley Advisory #4 - Bentley published an
advisory describing eleven file parsing vulnerabilities in the Bentley MicroStation
and MicroStation-based applications.
Bentley Advisory #5 - Bentley published an
advisory describing two out-of-bounds read vulnerabilities in the Bentley MicroStation
and MicroStation-based applications.
Bentley Advisory #6 - Bentley published an
advisory describing five out-of-bounds vulnerabilities in the Bentley MicroStation
and MicroStation-based applications.
Bentley Advisory #7 - Bentley published an
advisory describing four out-of-bounds read vulnerabilities in the Bentley MicroStation
and MicroStation-based applications.
Bentley Advisory #8 - Bentley published an
advisory describing two unitialized variable vulnerabilities in the Bentley
MicroStation and MicroStation-based applications.
Braun Advisory - Braun published an
advisory discussing the Infusion
Pump Vulnerabilities article by Palo Alto Networks.
Broadcom Advisory #1 - Broadcom published an
advisory discussing one of the SpringShell vulnerabilities.
Broadcom Advisory #2 - Broadcom published an
advisory describing the other SpringShell vulnerability.
Broadcom Advisory #3 - Broadcom published an
advisory discussing an older Spring
Framework vulnerability reanimated by the SpringShell vulnerability.
Carrier Advisory - Carrier published an
advisory discussing the SpringShell vulnerabilities.
Weidmueller Advisory - CERT-VDE published an advisory discussing
nine vulnerabilities in two products using Modbus TCP/RTU Gateways.
WAGO Advisory - CERT-VDE published an advisory
discussing the DirtyPipe vulnerability in several WAGO products.
CODESYS Advisory #1 - CODESYS published an
advisory describing an exposure of resource to wrong sphere vulnerability
in the CODESYS Control V3 products.
CODESYS Advisory #2 - CODESYS published an
advisory describing an incorrect permission assignment for a critical
resource vulnerability in the CODESYS SysDrv3S.sys driver.
CODESYS Advisory #3 - CODESYS published an
advisory describing a small space of random values vulnerability in CODESYS
V3 products using the CODESYS communication protocol.
CODESYS Advisory #4 - CODESYS published an
advisory describing an incorrect user management vulnerability in the CODESYS Control V3 online user management
applications.
CODESYS Advisory #5 - CODESYS published an
advisory describing two vulnerabilities in CODESYS V3 products containing a
CODESYS communication server.
CODESYS Advisory #6 - CODESYS published an
advisory describing a buffer over read vulnerability in the CODESYS V3 web
server.
For more details on these disclosures, including links to 3rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/22-part-1 - subscription required.
Posts
No comments:
Post a Comment