This week we have 29 vendor disclosures from Draeger, Festo, Flexera, GE Grid (19), HPE (3), Medtronic (2), Milestone, Moxa, Sick, and Siemens Healthineers. There are seven vendor updates from CODESYS, CONTEC, Fujitsu, HP (3), and HPE. There is also a researcher report for products from Carrier. Finally, we have two exploit reports for products from Korenix and Apache.
Draeger Advisory - Draeger published an
advisory that discusses an endless loop vulnerability in their Clinical
Assistance Package.
Festo Advisory - CERT-VDE published an advisory that
describes four command injection vulnerabilities in the Festo controller
CECC-X-M1 product family.
Flexera Advisory - Flexera published an
advisory that discusses two vulnerabilities (one with known exploit) in
their FlexNet Publisher.
GE Grid Solutions - GE Grid Solutions published 19 advisories
for various products.
NOTE: Advisories are only available to registered owners.
HPE Advisory #1 - HPE published an
advisory that discusses four vulnerabilities in their HP-UX Common Internet
File System (CIFS) Client/Server software.
HPE Advisory #2 - HPE published an
advisory that discusses a privilege escalation vulnerability in their Superdome
Flex Servers.
HPE Advisory #3 - HPE published an
advisory that discusses two vulnerabilities in their Superdome Flex Servers.
Medtronic Advisory #1 - Medtronic published an
advisory that discusses a network amplification vulnerability (with known exploits)
in their Covidien Valleylab™ FX8 energy platform.
Medtronic Advisory #2 - Medtronic published an
advisory that discusses a network amplification vulnerability (with known exploits)
in their Covidien Valleylab™ FT10 energy platform.
Milestone Advisory - Milestone published an
advisory that describes a missing encryption vulnerability in their XProtect
VMS.
Moxa Advisory - Moxa published an
advisory that describes two out-of-bounds write vulnerabilities in their NPort
5110 Series products.
Sick Advisory - Sick published an
advisory that discusses three vulnerabilities (one with known exploit) in
their Package Analytics.
Siemens Healthineers Advisory - Siemens published an
advisory that describes a deserialization of untrusted data vulnerability
in their syngo imaging application used in multiple Healthineer products.
CODESYS Update - CODESYS published an
update for their Control V3 configuration file advisory that was originally
published on March 24th, 2022.
CONTEC Update - JP-CERT published an update for their CONTEC
SolarView Compact advisory that was originally
published on May 26th, 2022.
NOTE: I reported
last week on an exploit for one of the added vulnerabilities.
Fujitsu Update - Fujitsu published an update for their their
FUJITSU Network IPCOM advisory that was originally
published on May 19th,
2022 and most
recently updated on June 3rd, 2022.
HP Update #1 - HP published an
update for their BrakeTooth
advisory that was originally
published on April 14th, 2022.
HP Update #2 - HP published an
update for their IPU BIOS advisory that was originally published on
November 9th, 2021 and most
recently updated on April 6th, 2022.
HP Update #3 - HP published an
update for their IPU Bios advisory that was originally published on February
8th, 2022 and most recently updated on April 6th, 2022.
HPE Update - HPE published an
update for their OneView advisory that was originally
published on May 16th, 2022.
Carrier Report - Trellix published a
report that describes eight vulnerabilities in the Carrier LenelS2 HID
Mercury access control panels.
Korenix Exploit - T Weber published an
exploit for a default backdoor vulnerability in the Korenix JetPort 5601
product.
NOTE: This vulnerability has also been
reported in products from Westermo and Pepperl+Fuchs.
Apache Exploit - Vilius Povilaika published an
exploit for a path traversal vulnerability in Apache 2.4.50.
For more details about these disclosures, including links to
3rd party advisories, researcher reports and exploits, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6
- subscription required.
Posts
No comments:
Post a Comment