Happy Saturday after 2nd Tuesday. It is another busy week in ICS disclosures. In Part 1 we have 25 vendor disclosures from Hitachi, Hitachi Energy (2), HP (7), HPE (11), InHand Networks, and Palo Alto Networks (4). There are lots of Intel vulnerabilities lurking here.
Hitachi Advisory - Hitachi published an
advisory that discusses 69 vulnerabilities in their Disk Array Systems.
Hitachi Energy Advisory #1 - Hitachi Energy published
an
advisory that discusses an off-by-one error vulnerability (with multiple
exploits available) in their TXpert Hub CoreTec 4 product.
Hitachi Energy Advisory #2 – Hitachi Energy published
an
advisory that describes three vulnerabilities in their TXpert Hub CoreTec 4
product.
HP Advisory #1 - HP published an
advisory that discusses 28 vulnerabilities in a variety of HP products that
utilize the AMD Client UEFI Firmware.
HP Advisory #2 - HP published an
advisory that describes a privilege escalation vulnerability in their Jumpstart
software in a variety of HP products.
HP Advisory #3 - HP published an
advisory that discusses 8 vulnerabilities in a variety of HP products that
utilize Intel® Solid State Drive (SSD) or Intel Optane™ SSD products.
HP Advisory #4 - HP published an advisory that discusses
a privilege escalation vulnerability in a variety of HP products that utilize Intel®
Boot Guard or Intel® Trusted Execution Technology (TXT).
HP Advisory #5 - HP published an
advisory that discusses 15 vulnerabilities in a variety of HP products that
utilize the Intel 2022.1 IPU BIOS.
HP Advisory #6 - HP published an
advisory that describes two vulnerabilities in a variety of HP products
that utilize the HP PC BIOS.
HP Advisory #7 - HP published an
advisory that describes five vulnerabilities in their UEFI Firmware used in
a variety of HP products.
HPE Advisory #1 - HPE published an
advisory that describes eleven vulnerabilities in their HPE ProLiant and
Apollo Servers.
HPE Advisory #2 - HPE published an
advisory that discusses a disclosure of information vulnerability in their ProLiant
DL/ML/MicroServer Servers.
HPE Advisory #3 - HPE published an
advisory that discusses two vulnerabilities in their PE ProLiant
BL/DL/ML/XL and Apollo Servers.
HPE Advisory #4 - HPE published an
advisory that discusses a disclosure of information vulnerability in their HPE
ProLiant ML/DL/MicroServer Servers.
HPE Advisory #5 - HPE published an
advisory that discusses eleven vulnerabilities in their Synergy Servers.
HPE Advisory #6 - HPE published an
advisory that discusses an improver validation of array index vulnerability
(with publicly available exploit) in their Nimble Storage product.
HPE Advisory #7 - HPE published an
advisory that discusses two vulnerabilities in their Synergy Servers.
HPE Advisory #8 - HPE published an
advisory that discusses eleven vulnerabilities in their ProLiant DX Servers.
HPE Advisory #9 - HPE published an
advisory that discusses two vulnerabilities in their ProLiant DX Servers.
HPE Advisory #10 - HPE published an
advisory that discusses two vulnerabilities in various HPE storage
products.
HPE Advisory #11 - HPE published an
advisory that discusses eleven vulnerabilities in various HPE storage
products.
InHand Advisory - InHand published an
advisory that describes 17 vulnerabilities in their e Industrial Router IR302.
Palo Alto Advisory #1 - Palo Alto published an advisory that
describes an improper neutralization of special elements vulnerability in their
PAN-OS.
Palo Alto Advisory #2 - Palo Alto published an advisory that
describes an uncontrolled search path element vulnerability in their Cortex XDR
Agent.
Palo Alto Advisory #3 - Palo Alto published an advisory that
describes a privilege escalation vulnerability in their Cortex XDR Agent.
Palo Alto Advisory #4 - Palo Alto published an advisory that
describes an incorrect authorization vulnerability in their Cortex XSOAR.
For more details about these disclosures, including links to
third-party advisories, researcher reports and exploits, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5
- subscription required.
Posts
No comments:
Post a Comment