This week we have seventeen vendor disclosures from ABB, Bosch, Dell, Eaton (2), Hitachi Energy, HP, HPE (2), Moxa, QNAP (3), Siemens, Sick, Software Toolbox, and Tanzu. We also have two vendor updates from Johnson Controls and VMware. Finally, there is a researcher report on vulnerabilities in products from Jinan USR IOT.
ABB Advisory - ABB Published an
advisory discussing the INCONTROLLER ICS
attack tools.
Bosch Advisory - Bosch published an
advisory discussing 25 3rd-party vulnerabilities (six with known
exploits) in their ctrlX CORE XCR applications.
Dell Advisory - Dell published an
advisory discussing two 3rd-party vulnerabilities (1 known
exploit) in their Wyse Management Suite (WMS) and Dell Wyse Management Suite
Repository products.
Eaton Advisory #1 - Eaton published an
advisory discussing the SpringShell vulnerabilities.
Eaton Advisory #2 - Eaton published an
advisory discussing the INCONTROLLER ICS attack tools.
Hitachi Energy Advisory - Hitachi Energy published an
advisory describing an input validation vulnerability in their RTU500
series.
HP Advisory - HP published an
advisory discussing the BrakTooth vulnerabilities in
a variety of their notebook and laptop products.
HPE Advisory #1 - HPE published an
advisory describing a security bypass vulnerability in their Nimble Storage
flash arrays.
HPE Advisory #2 - HPE published an
advisory describing an infinite loop vulnerability in their IceWall
Products.
Moxa Advisory - Moxa published an
advisory discussing the SpringShell vulnerability.
QNAP Advisory #1 - QNAP published an advisory discussing
two vulnerabilities in their QNAP NAS products.
QNAP Advisory #2 - QNAP published an advisory discussing
four recently
reported Internet Services Consortium (ISC) Bend vulnerabilities.
QNAP Advisory #3 - QNAP published an advisory discussing
two recently
reported Apache Struts vulnerabilities.
Siemens Advisory - Siemens published an
advisory discussing the SpringShell vulnerability.
Sick Advisory - Sick published an
advisory discussing two 3rd-party, improper input validation vulnerabilities
in their MARSIC300 ship emissions measuring device.
Software Toolbox Advisory - Software Toolbox
published an
advisory discussing the INCONTROLLER ICS attack tools.
Tanzu Advisory - Tanzu published an advisory
describing a resource exhaustion vulnerability in their Spring Security OAuth.
Johnson Controls Update - Johnson Controls published an
update for their Log4Shell advisory.
VMware Update - VMware published an update
for their VMware Horizon Agent advisory that was originally
published on April 6th, 2022.
Jinan USR IOT Report - Zero Science published a report on a root backdoor vulnerability (exploit available) in the Jinan USR IOT 4G LTE Industrial Cellular VPN Router.
For more details on these disclosures, including links to 3rd-party
advisories, researcher reports, and exploits, see my article at CFSN Detailed
Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-28f
- subscription required.
No comments:
Post a Comment