This week we have ten vendor disclosures from CODESYS (3), Dell, Endress+Hauser, Mitsubishi, Moxa, Software Toolbox (2), and T&D. We also have nine vendor updates from Aruba Networks, CODESYS, Fujitsu, HP, HPE (4), and Palo Alto Networks. There are also two researcher reports for products from Korenix, and Schneider Electric. Finally, we have three exploits published for products from SolarView, and Ingredient Stock Management System (2).
CODESYS Advisory #1 - CODESYS published an
advisory that describes two uncontrolled resource consumption vulnerabilities
in their CODESYS V3 products containing a CODESYS communication server.
CODESYS Advisory #2 - CODESYS published an
advisory that describes a plain-text storage of password vulnerability in
their OPC DA Server.
CODEESYS Advisory #3 - CODESYS published an
advisory that describes an observable response discrepancy in their Visualization
products.
Dell Advisory - Dell published an
advisory that describes three vulnerabilities in their Wyse Management
Suite (one is a third-party (JQuery) vulnerability.
Endress+Hauser Advisory - CERT VDE published an
advisory that discusses eight vulnerabilities in multiple products from
Endress +HYauser.
Moxa Advisory - Moxa published an
advisory that discusses the DirtyPipe vulnerability.
Software Toolbox Advisory #1 - Software Toolbox
published an
advisory that discusses a security feature bypass vulnerability in their OPC
Quick Client.
Software Toolbox Advisory #2 - Software Toolbox
published an
advisory that discusses a security feature bypass vulnerability for
customers using OPC Classic.
T&D Advisory - T&D published an advisory that describes
a directory traversal vulnerability in the T&D Data Server and THERMO
RECORDER DATA SERVER.
Aruba Update #1 - Aruba published an
update for their Expat XML advisory that was originally
published on May 17th, 2022.
Aruba Update #2 - Aruba published an
update for their OpenSSL advisory that was originally
published on May 4th, 2022.
Fujitsu Update - JP CERT published an update for their FUJITSU
Network IPCOM advisory that was originally
published on May 19th,
2022.
CODESYS Update - CODESYS published an
update for their Development System V3 advisory that was originally
published on July 15th, 2021 and most
recently updated on August 2nd, 2021.
HP Update - HP published an update
for their HP Print Products advisory that was originally published on March 21st,
2022, and most recently updated on May 3rd, 2022.
HPE Update #1 - HPE published an
update for their Intel Bios advisory that was originally
published on May 10th, 2022.
HPE Update #2 - HPE published an
update for their ProLiant DX Servers advisory that was originally
published on May 10th, 2022.
HPE Update #3 - HPE published an
update for their Synergy Servers advisory that was originally
published on May 10th, 2022.
HPE Update #4 - HPE published an
update for their ProLiant BL/DL/ML/XL/MicroServer that was originally
published on May 10th, 2022.
Palo Alto Networks Update - Palo Alto Networks
published an
update for their OpenSSL advisory that was originally
published on March 31st, 2022 and most recently updated on
May 12th, 2022.
Korenix Report - SEC Consult published a
report describing a backdoor account in the Korenix JetPort serial
converter.
Schneider Report - Zero Science published a report
describing a remote root exploit vulnerability (with exploit available) in the
Schneider C-Bus Automation Controller.
SolarView Exploit - Ahmed Alroky published an exploit for directory traversal
vulnerability in the SolarView Compact.
Ingredient Stock Management System Exploit #1 - Saud
Alenazi published an
exploit for an SQL injection vulnerability in the Ingredient Stock Management
System.
Ingredient Stock Management System Exploit #2 - Saud
Alenazi published an
exploit for an account takeover vulnerability in the Ingredient Stock Management
System.
For more details about these disclosures, including links to
3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-5-28
- subscription required.
Posts
No comments:
Post a Comment