This week we have fourteen vendor disclosures from Bosch (2), Broadcom, GE Grid Solutions, HP, Meinberg, Milestone, Siemens, SonicWall, Tanzu, TRUMPF, WAGO (2), and Yokogawa Test and Measurement. We also have a vendor update from HPE. Finally, we have an exploit for products from Tanzu.
Bosch Advisory #1 - Bosch published an
advisory that discusses an improper validation of integrity check value
vulnerability in their Bosch DSA E2800 products.
Bosch Advisory #2 - Bosch published an
advisory that describes two cross-site scripting vulnerabilities in their VIDEOJET
multi 4000.
Broadcom Advisory - Broadcom published an
advisory that discusses the Text4Shell
vulnerability.
GE Grid Solutions Advisory - GE Grid Solutions
published an
advisory that describes vulnerabilities in their MS 3000 Transformers
monitoring system.
HP Advisory - HP published an
advisory that discusses a PCR measurement vulnerability in multiple HP
products.
Meinberg Advisory - Meinberg published an advisory
that discusses two vulnerabilities (both with publicly available exploits) in
their LANTIME firmware.
Milestone Advisory - Milestone published an
advisory that discusses an authentication bypass vulnerability in their
Mobile Server.
Siemens Advisory - Siemens published an advisory
that describes an authentication bypass vulnerability in their Siveillance
Video Mobile Server.
SonicWall Advisory - SonicWall published an advisory
that discusses the Text4Shell vulnerability.
Tanzu Advisory #1 - Tanzu published an advisory that describes
an HTTP request forgery vulnerability in their Spring Data REST.
Tanzu Advisory #2 - Tanzu published an advisory that describes
an information disclosure vulnerability in their Reactor Netty HTTP Server.
TRUMPF Advisory - CERT-VDE published an advisory that describes
an improper access control vulnerability in multiple TRUMPF products.
WAGO Advisory #1 - CERT-VDE published an advisory
that discusses fourteen vulnerabilities in the WAGO 750 series controllers and WAGO-I/O-PRO.
WAGO Advisory #2 - CERT-VDE published an advisory that
describes an expected behavior violation vulnerability in multiple WAGO
products.
Yokogawa Advisory - Yokogawa Test and Measurement
published an
advisory that describes a buffer overflow vulnerability in their WTViewerE.
HPE Update - HPE published an
update for their ProLiant Servers advisory that was originally
published on May 18th, 2022.
Tanzu Exploit - Ayan Saha published a Metasploit
module for a code injection vulnerability in the Tanzu Spring Cloud Gateway.
For more details on these disclosures, including links to
third-party advisories, researcher reports and exploits, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-1b0
- subscription required.
No comments:
Post a Comment