This is another busy second-Tuesday disclosure week. For Part 1 we have 23 vendor disclosures from ABB, AUMA, Genetec, Hitachi Energy, HP (2), HPE (6), OPC UA (5), PROSYS OPC, QNAP, Tanzu, TI, and VMware (2).
ABB Advisory - ABB published an
advisory that describes five privilege escalation vulnerabilities in their Automation
Builder, Drive Composer and Mint WorkBench products.
AUMA Advisory - CERT-VDE published an advisory that discusses
a classic buffer overflow vulnerability in the AUMA SIMA² Master Station.
Genetec Advisory - Genetec published an
advisory that discusses the recently
reported vulnerabilities in HID Mercury controllers.
Hitachi Energy Advisory - Hitachi Energy published an
advisory that discusses an insecure method vulnerability in their PROMOD IV
product.
HP Advisory #1 - HP published an
advisory that discusses four information disclosure vulnerabilities in multiple
HP products.
HP Advisory #2 - HP published an
advisory that discusses an improper input validation vulnerability in
multiple notebook products.
HPE Advisory #1 - HPE published an
advisory that discusses four information disclosure vulnerabilities in
their Synergy Servers.
HPE Advisory #2 - HPE published an
advisory that discusses four information disclosure vulnerabilities in
their Storage Products.
HPE Advisory #3 - HPE published an
advisory that discusses four information disclosure vulnerabilities in
their ProLiant DX Servers.
HPE Advisory #4 - HPE published an
advisory that discusses four information disclosure vulnerabilities in
their Moonshot/Edgeline Servers.
HPE Advisory #5 - HPE published an
advisory that discusses four information disclosure vulnerabilities in
their Superdome Flex Servers.
HPE Advisory #6 - HPE published an
advisory that discusses four information disclosure vulnerabilities in
their ProLiant BL/DL/ML/XL/MicroServer and Apollo Servers.
OPC UA Advisory #1 - OPC UA published an
advisory that describes an uncontrolled resource consumption vulnerability
in their .NET Standard Stack.
OPC UA Advisory #2 - OPC UA published an
advisory that describes an incorrect implementation of authentication
algorithm vulnerability in their .NET Standard Stack.
OPC UA Advisory #3 - OPC UA published an
advisory that describes an uncontrolled resource consumption vulnerability in
their .NET Standard Stack.
OPC UA Advisory #4 - OPC UA published an
advisory that describes a memory allocation with excessive size value
vulnerability in their .NET Standard Stack.
OPC UA Advisory #5 - OPC UA published an
advisory that describes an infinite loop vulnerability in their .NET
Standard Stack.
PROSYS OPC Advisory - PROSYS published an advisory
that discusses a security feature bypass vulnerability (with publicly available
exploit) in their OPC products.
QNAP Advisory - QNAP published an advisory
that discusses a ransomware campaign that appears to target QNAP NAS devices
running outdated versions of QTS 4.x.
Tanzu Advisory - Tanzu published an advisory that
describes a denial of service vulnerability in their Spring Cloud product.
TI Advisory - TI published an
advisory that describes missing ECC input validations on CC1310 and CC1350
devices.
VMware Advisory #1 - VMware published an
advisory that describes an information disclosure vulnerability in their
HCX product.
VMware Advisory #2 – VMware published an
advisory that discusses four information disclosure vulnerabilities in
their ESXi product.
For more details about these disclosures, including links to
researcher reports, 3rd party advisories and exploits, see my article
at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-446
- subscription required.
Posts
No comments:
Post a Comment