Saturday, July 2, 2022

Review – Public ICS Disclosures – Week of 6-25-22 – Part 2

For Part 2 we have ten vendor updates for CODESYS (6), Dell, HP (3), and HPE. We have six researcher reports for products from Robustel (4), ExpressLRS, and Carel.

CODESYS Update #1 - CODESYS published an update for their Control V3 configuration file advisory that was that was originally published on March 24th, 2022, and most recently updated on June 10th, 2022.

CODESYS Update #2 - CODESYS published an update for their CODESYS communication protocol advisory that was originally published on March 24th, 2022 and most recently updated on April 6th, 2022

CODESYS Update #3 - CODESYS published an update for their Control V3 online user management advisory that was originally published on March 24th, 2022 and most recently updated on April 6th, 2022.

CODESYS Update #4 - CODESYS published an update for their V3 products containing a CODESYS communication server that was originally published on March 24th, 2022 and most recently updated on April 6th, 2022.

CODESYS Update #5 - CODESYS published an update for their V3 web server advisory that was originally published on March 24th, 2022 and most recently updated on April 6th, 2022.

CODESYS Update #6 - CODESYS published an update for their V3 products containing a CODESYS communication server advisory that was originally published on May 19th, 2022 and most recently updated on May 30th, 2022.

Dell Update - Dell published an update for their Wyse ThinOS advisory that was originally published on July 21st, 2021.

HP Update #1 - HP published an update for their Intel® Boot Guard and Intel® TXT Security advisory that was originally published on May 10th, 2022.

HP Update #2 - HP published an update for their Intel 2022.1 IPU BIOS advisory that was originally published on July 21st, 2021.

HP Update #3 - HP published an update for their AMD Client UEFI Firmware advisory that was originally published on July 21st, 2021.

HPE Update - HPE published an update for their HP-UX Using OpenSSL advisory that was originally published on May 19th, 2022.

Robustel Reports – Cisco Talos published four reports for ten vulnerabilities in the Robustel R1510 web server.

ExpressLRS Report - NCC Group published a report describing a discoverable binding phrase for radio linkages in the ExpressLRS radio control link.

Carel Report - Zero Science published a report describing a directory traversal vulnerability in the Carel pCOWeb HVAC BACnet Gateway.

 

For more details on these updates and reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-2ec  - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */