This week we have ten vendor disclosures from Aruba Networks, Aveva, Broadcom, Flexera, GE Grid Solutions, QNAP (2), Softing and WAGO (2). There are five vendor updates from B&R, Mitsubishi Electric, Palo Alto Networks, and Schneider (2). We also have a researcher report for products from Boeing. Finally, we have four exploits for products from Palo Alto Networks, FLIR (2), and Advantech.
Aruba Advisory - Aruba published an advisory
that describes a sensitive information disclosure vulnerability in their Virtual
Internet Access client for Windows.
Aveva Advisory - Aveva published an
advisory that describes six vulnerabilities in their Edge product (formerly
Indusoft Web Studio).
NOTE: Aveva reports that the vulnerabilities were coordinated
through ‘ICS-CERT’ and ZDI, so I expect that there will be a NCCIC-ICS advisory
next week.
Broadcom Advisory - Broadcom published an
advisory that discusses an OS command injection vulnerability in their
SANnav products.
Flexera Advisory - Revenera published an
advisory that discusses two vulnerabilities in their FlexNet Publisher.
GE Grid Advisory - GE published an
advisory for their Reason S20 product.
QNAP Advisory #1 - QNAP published an advisory
that discusses seven vulnerabilities in their NAS products.
QNAP Advisory #2 - QNAP published an advisory
that discusses five vulnerabilities in their NAS products.
Softing Advisory - Softing published an
advisory that discusses five vulnerabilities in their OPC UA .NET SDK
products.
WAGO Advisory #1 - CERT-VDE published an advisory that discusses
six vulnerabilities in multiple WAGO product families.
WAGO Advisory #2 - CERT-VDE published an advisory that discusses
four vulnerabilities in multiple WAGO product families.
B&R Update - B&R published an
update for their Project Upload advisory that was originally
published on January 20th, 2022.
Mitsubishi Update - Mitsubishi published an
update for their OpenSSL advisory that was originally
published on August 2nd, 2022.
Palo Alto Networks Update - Palo Alto Networks
published an
update for their PAN-OS advisory that was originally
published on August 10th, 2022.
Schneider Update #1 - Schneider published an
update for their OPC UA advisory that was originally
published on July 12th, 2022 and most
recently updated on August, 9th, 2022.
Schneider Update #2 - Schneider published an
update for their APC Smart-UPS advisory that was originally
published on March 8th, 2022 and most
recently updated on July 12th, 2022.
Boeing Report - Pen Test Partners published a
report describing two vulnerabilities in the Boeing Onboard Performance
Tool (OPT).
Palo Alto Networks Exploit - UnD3sc0n0c1d0 published an exploit for an OS
command injection vulnerability in the Palo Alto PAN-OS.
FLIR Exploit #1 - Samy Younsi published an
exploit for a remote command execution vulnerability in the FLIR AX8 thermal
imaging camera.
FLIR Exploit #2 - Samy Younsi and Thomas Knudsen
published an
exploit for three vulnerabilities in the FLIR AX8 thermal imaging camera.
Advantech Exploit - Rgod, Shelby Pace, and Y4er
published a Metasploit
module for a command injection vulnerability in the Advantech iView
NetworkServlet.
For more details about these disclosures, including links to
3rd party advisories, researcher reports and exploits, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-8-13
- subscription required.
Posts
No comments:
Post a Comment