For Part 2 this week we have five additional vendor disclosures from Schneider (4), and WAGO. We also have sixteen updates from Fanuc, HPE, Omron (2), Schneider (8), and Siemens (4). We have nine researcher reports for products from CCCERT (2), Robustel (6), and VMware.
Schneider Advisory #1 - Schneider published an advisory
that describes six vulnerabilities in their EcoStruxure™ Operator Terminal
Expert and Pro-face BLUE products.
Schneider Advisory #2 - Schneider published an
advisory that discusses two vulnerabilities (one with known exploit) in
their EcoStruxure Panel Server Box (PAS900).
Schneider Advisory #3 - Schneider published an
advisory that discusses two vulnerabilities in their SAGE RTU products.
Schneider Advisory #4 - Schneider published an
advisory that describes an improper input validation vulnerability in their
s EcoStruxure™ Power Operation and Power SCADA Operation software.
WAGO Advisory - CERT-VDE published an advisory that
describes an uncontrolled resource consumption vulnerability in the FTP server
in WAGO 750 series controllers.
Fanuc Update - Fanuc published an update for their
ROBOGUIDE advisory that was originally published on
April 8th, 2022 and most
recently updated on June 29th, 2022.
HPE Update - HPE published an
update for their Integrated Lights-Out 5 that was originally
published on September 15th, 2022.
Omron Update #1 - Omron published an
update for their NJ/NXseries Machine Automation Controllers advisory that
was originally
published on July 1st, 2022.
Omron Update #2 - Omron published an update
for their NJ/NXseries Machine Automation Controllers advisory that was originally
published on July 1st, 2022.
Schneider Update #1 - Schneider published an
update for their Log4Shell advisory.
Schneider Update #2 - Schneider published an
update for their Modicon PAC Controllers advisory that was originally
published on August 9th, 2022 and most recently updated on
September 6th, 2022.
Schneider Update #3 - Schneider published an
update for their EcoStruxureTM Control Expert advisory that was originally
published on August 9th, 2022 and most recently updated on
September 6th, 2022.
Schneider Update #4 - Schneider published an
update for their EcoStruxureTM Control Expert advisory that was originally
published on July 13th, 2021 and most recently updated on
September 6th, 2022.
Schneider Update #5 - Schneider published an
update for their Modicon PAC Controllers advisory that was originally
published on August 10th, 2021 and most recently updated on
September 6th, 2022.
Schneider Update #6 - Schneider published an
update for their BadAlloc advisory
that was originally
published on November 9th, 2021 and most
recently updated on September 13th, 2022.
Schneider Update #7 - Schneider published an
update for their Modicon Controllers advisory that was originally
published on September 26th, 2019 and most recently updated on
September 6th, 2022.
Schneider Update #8 - Schneider published an
update for their Embedded FTP Servers advisory that was originally
published on March 22nd, 2018 and most
recently updated on September 13th, 2022.
Siemens Update #1 - Siemens published an update
for their GNU/Linux subsystem advisory that was originally
published in 2018 and most
recently updated on September 13th, 2022.
Siemens Update #2 - Siemens published an update
for their Insyde BIOS advisory that was originally
published on February 22nd, 2022 and most
recently updated on August 9th, 2022.
Siemens Update #3 - Siemens published an update
for their SpringShell
advisory that was originally
published on April 19th, 2022 and most
recently updated on June 14th, 2022.
Siemens Update #4 - Siemens published an update
for their OpenSSL advisory that was originally
reported on July 13th, 2021 and most
recently updated on August 9th, 2022.
CCCERT Report #1 - BDU published a report of an open redirect
vulnerability in the CCCERT VINCE program.
CCCERT Report #2 - BDU published a report of an open redirect
vulnerability in the CCCERT VINCE program.
NOTE: The CCCERT VINCE program is the vulnerability reporting
program run by CCCERT and used by NCCIC-ICS.
Robustel Report #1 - TALOS published a
report discussing a command injection vulnerability in the Robustel
R1510 Lite Industrial IoT Gateway.
Robustel Report #2 - TALOS published a
report describing eleven denial of service vulnerabilities in the Robustel
R1510.
Robustel Report #3 - TALOS published a
report describing a firmware update vulnerability in the Robustel R1510.
The report contains proof-of-concept code.
Robustel Report #4 - TALOS published a
report describing a directory traversal vulnerability in the Robustel
R1510. The report contains proof-of-concept code.
Robustel Report #5 - TALOS published a
report discussing an OS command injection vulnerability in the Robustel
R1510.
Robustel Report #6 - TALOS published a
report discussing an OS command injection vulnerability in the Robustel
R1510. The report contains proof-of-concept code.
VMware Report - TALOS published a
report describing a deserialization of untrusted data vulnerability in the
VMware vCenter Server Platform Services.
For more details on these disclosures, including links to
3rd party advisories, researcher reports and exploits, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-8b0
- subscription required.
Posts
No comments:
Post a Comment