Sunday, May 1, 2022

Review – Public ICS Disclosures – Week of 4-23-22 – Part 2

This week for Part 2 we have two additional vendor disclosures from Dell and Johnson Controls. There are also seven vendor updates from Bayer, FANUC, HP, Palo Alto Networks, QNAP, Siemens, and Yokogawa. Finally, there are four researcher reports for products from Delta Industrial (3) and Santesoft,

Dell Advisory - Dell published an advisory discussing an infinite loop vulnerability in their Wyse ThinOS products.

Johnson Controls Advisory - Johnson Controls published an advisory discussing the SpringShell vulnerabilities.

Bayer Update - Bayer published an update for their Log4Shell and Access:7 advisory that was originally published on March 8th, 2022.

FANUC Update - FANUC published an update for their ROBOGUIDE advisory that was originally published on April 8th, 2022.

HP Update - HP published an update for their Expat Library advisory for their PCoIP products that was originally published on April 11th, 2022.

Johnson Controls Update - Johnson Controls published an update for their SpringShell advisory that was originally published on April 19th, 2022.

Palo Alto Networks Update - Palo Alto Networks published an update for their Cortex XDR Agent advisory that was originally published on April 13th, 2022

QNAP Update - QNAP published an update for their Apache HTTP server advisory that was originally published on April 20th, 2022.

Siemens Update - Siemens published an update for their SpringShell advisory that was originally published on April 19th, 2022.

Yokogawa Update - Yokogawa published an update for their Centum advisory that was originally published on January 14th, 2022 and most recently updated on March 16th, 2022.

Delta Reports - The Zero Day Initiative published three 0-day reports about vulnerabilities from Delta Industrial.

Santesoft - ZDI published a report describing an out-of-bounds write vulnerability in the Santesoft DICOM Viewer Pro.

 

For more details about these advisories and updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-239  - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */