For Part 2 this week we have three additional vendor disclosures from FileWave, OPCLabs, and Unified Automation. We also have nine vendor updates from CODESYS, HP, Mitsubishi (3), VMware, and Yokogawa (3). We also have four researcher reports for products from DD-WRT, Asuswrt, FreshTomato, and Nuki. Finally, we have two exploits for products from Dingtian, and Roxy-WI.
FileWave Advisory - FileWave published a
blog post that describes two vulnerabilities in their FileWave Management
Suite.
OPC Labs Advisory - OPC Labs published an
advisory that describes a deserialization of untrusted data vulnerability
in their QuickOPC Connectivity Explorer.
Unified Automation Advisory - Incibe CERT published an
advisory that describes two vulnerabilities in the Unified Automation's OPC
UA C++ Demo Server.
CODESYS Update - CODESYS published an
update for their Development System V3 advisory that was originally
published on July 15th, 2021 and most
recently updated on June 3rd, 2022.
HP Update - HP published an
update for their NVIDIA GPU Display Driver advisory that was originally published
on June 2nd, 2022 and most recently updated on June 23rd,
2022.
Mitsubishi Update #1 - Mitsubishi published an
update for their Multiple FA Products advisory that originally
published on July 30th, 2020 and most
recently updated on May 27th, 2021.
NOTE: NCCIC-ICS did not update their advisory (ICSA-20-212-03)
for this information.
Mitsubishi Update #2 - Mitsubishi published an
update for their Multiple FA Engineering Software Products advisory that was
originally
published on February 18th, 2021 and most
recently updated on May 24th, 2022.
NOTE: NCCIC-ICS did not update their advisory (ICSA-21-049-02)
for this information.
Mitsubishi Update #3 - Mitsubishi published an
update for their Multiple FA Engineering Software Products advisory that originally
published on July 30th, 2020 and most
recently updated on May 24th, 2022.
NOTE: NCCIC-ICS did not update their advisory (ICSA-20-212-04)
for this information.
VMware Update - VMware published an update
for their vCenter Server advisory that was originally
published on July 12th, 2022.
Yokogawa Update #1 - Yokogawa published an
update for their Wide Area Communication Router advisory that originally
published on June 30th, 2022.
NOTE: NCCIC-ICS did not need to update their advisory (ICSA-22-181-02)
for this information.
Yokogawa Update #2 - Yokogawa published an
update for their CAMS for HIS advisory that was originally
published on May 27th, 2022.
Yokogawa Update #3 - Yokogawa published an
update for their OT:ICEFALL advisory that was originally
published on June 21st. 2022. The new information includes adding
fix for FCN/FCJ basic software.
NOTE: NCCIC-ICS did not update their advisory (ICSA-22-174-01)
for this new information.
DD-WRT Report - Talos published a
report that describes a memory corruption vulnerability in the httpd
unescape functionality of DD-WRT Revision 32270 - Revision 48599.
Asuswrt Report - Talos published a
report that describes a memory corruption vulnerability in the httpd
unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin
New Gen prior to 386.7.
FreshTomato Report - Talos published a
report that describes a memory corruption vulnerability in the httpd
unescape functionality of FreshTomato 2022.1
Nuki Report - NCC Group published a
report that describes nine vulnerabilities in the Nuki smart locks.
Dingtian Exploit - Victor Hanna published an
exploit for an authentication bypass vulnerability in the Dingtian-DT-R002
2Channel relay board.
Roxy-WI Exploit - Nuri Cilengir published a Metasploit
module for a command injection vulnerability in the Roxy-WI web interface.
For more information on these disclosures, including summaries
of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-7-23-9aa
- subscription required.
Posts
No comments:
Post a Comment