This week we have one OpenSSL 3.0 vendor advisory from Eaton. There are fourteen other vendor advisories from Aruba Networks, Broadcom, Carrier, CODESYS, Festo (2), Hitachi, Honeywell (2), HPE, Moxa (2), Rockwell Automation, and VMware. We also have two vendor updates from ABB and HPE. There are also three researcher reports for products from Festo and Delta Electronics (2). Finally, we have an exploit for products from Belden.
OpenSSL 3.0 Advisories
Eaton published an OpenSSL 3.0 advisory. Eaton reports that none of their products are affected.
Vendor Advisories
Aruba Advisory - Aruba published an
advisory that describes three broken access control vulnerabilities in
their AirWave Management Platform.
Broadcom Advisory - Broadcom published an
advisory that discusses two vulnerabilities in their Active Support
Connectivity Gateway.
Carrier Advisory - Carrier published an
advisory that discusses an improper authentication vulnerability in their LenelS2’s
OnGuard product.
CODESYS Advisory - CODESYS published an
advisory that describes an inadequate encryption strength vulnerability in
their V3 boot application.
Festo Advisory #1 - CERT-VDE published an advisory that
discusses two vulnerabilities in multiple Festo products.
Festo Advisory #2 - CERT-VDE published an advisory that
describes an insufficient technical documentation vulnerability in multiple
Festo products.
Hitachi Advisory - Hitachi published an
advisory that discusses 36 vulnerabilities in their Disk Array products.
Honeywell Advisory #1 - Honeywell published an end-of-life
notice for their V-Plex Dual Tech Motion Sensor.
Honeywell Advisory #2 - Honeywell published an end-of-life
notice for their Pro-Watch® 4.5 product effective May 31st,
2023.
HPE Advisory - HPE published an
advisory that discusses five vulnerabilities in their UX Apache Web Server.
Moxa Advisory #1 - Moxa published an
advisory that describes an improper input validation vulnerability in their
Secure Router, EDR and TN Series.
Moxa Advisory #2 - Moxa published an
advisory that describes an improper input validation vulnerability in their
Secure Router, EDR and TN Series.
Rockwell Advisory - Rockwell published an advisory
that describes a clear-text transmission of sensitive data vulnerability in
their FactoryTalk LiveData Communication Module.
VMware Advisory - VMware published an advisory that describes a denial-of-service vulnerability in their Tools for Windows products.
Vendor Updates
ABB Update - ABB published an update
for their Ability zenon, ZEE600, ZEE600C Log Server advisory that was originally
published on July 26th, 2022.
HPE Update - HPE published an update for their OneView advisory that was originally published on July 20th, 2022.
Researcher Reports
OT:ICEFALL Report Update - Forescout’s Vedere Labs
published an update for their OT:ICEFALL report
identifying three new vulnerabilities.
Delta Report #1 - CyberDanube published a
report describing two vulnerabilities in the Delta DX-2100-L1-CN. The
report includes proof-of-concept code.
Delta Report #2 - CyberDanube published a report describing a command injection vulnerability in the Delta DVW-W02W2-E2.
Exploits
Belden Exploit - T Weber published an
exploit for a command injection vulnerability in the Hirschmann (Belden)
BAT-C2 8.8.1.0R8.
For more details about these disclosures, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-a4c
- subscription required.
Posts
No comments:
Post a Comment