For part 2 we have twelve additional vendor disclosures from Rockwell Automation (3), Schneider (2), Sick, VMware (4), Weidmueller, and Wiesemann & Theis. We also have seven vender updates from CODESYS (3), Dell, HPE, Mitsubishi, and Omron. Finally, we have one researcher report for products from VMware.
Vendor Disclosures
Rockwell Advisory #1 - Rockwell published an
advisory that describes a denial of service vulnerability in their MicroLogix
1100 & 1400 Product Web Server application.
Rockwell Advisory #2 - Rockwell published an
advisory that describes a cross-site scripting vulnerability in their MicroLogix
1100 & 1400 Web Server application.
Rockwell Advisory #3 - Rockwell published an
advisory that describes a denial of service vulnerability in their GuardLogix
and ControlLogix controllers.
Schneider Advisory #1 - Schneider published an
advisory that describes an improper authorization vulnerability in their EcoStruxure
Power Commission.
Schneider Advisory #2 - Schneider published an
advisory that discusses an out-of-bounds write vulnerability in their Saitel
DR RTU (Remote Terminal Unit).
Sick Advisory - Sick published an
advisory that describes four vulnerabilities in the n SICK RFU6xx RADIO
FREQUEN. SENSOR 1.
VMware Advisory #1 - VMware published an
advisory that describes two vulnerabilities in their vRealize Network
Insight (vRNI) product.
VMware Advisory #2 - VMware published an
advisory that describes two vulnerabilities in their Workspace ONE Access
and Identity Manager.
VMware Advisory #3 - VMware published an
advisory that describes a heap-based write vulnerability in their ESXi,
Workstation, and Fusion products.
VMware Advisory #4 - VMware published an
advisory that describes two vulnerabilities in their vRealize Operations
product.
Weidmueller Advisory - CERT-VDE published an advisory that
describes a JavaScript injection vulnerability in the Weidmueller XML editing
system SCHEMA ST4 online help.
Wiesemann & Theis Advisory - CERT-VDE published an advisory that describes an authentication bypass by spoofing vulnerability in multiple Wiesemann & Theis products.
Vendor Updates
CODESYS Update #1 - CODESYS published an update for
their Control V3 communication server advisory that was originally published on
November 22nd, 2022.
CODESYS Update #2 - CODESYS published an
update for their V3 boot application advisory that was originally
published on November 23rd, 2022.
CODESYS Update #3 - CODESYS published an
update for their V2 password transport advisory that was originally
published on June 9th, 2022 and most
recently updated on October 6th, 2022.
CODESYS Update #4 - CODESYS published an
update for their V2 and V3 runtime systems advisory that was originally
published on March 22nd, 2018 and most recently updated on July 9th,
2018.
Dell Update - Dell published an update for their Log4Shell advisory.
HPE Update - HPE published an
update for their NonStop advisory that was originally
published on July 18th, 2022.
Mitsubishi Update - Mitsubishi published an
update for their GENESIS64TM and MC Works64 advisory that that was originally
published on July 19th, 2022 and most
recently updated on September 30th, 2022.
Omron Update - JP-CERT published an update for their OMRON CX-Programmer advisory that was originally published on November 25th, 2022.
Researcher Report
VMware Report - CISCO Talos published a
report describing a denial-of-service vulnerability in the VMware vCenter
Server Content Library.
For additional information on these disclosures, including links
to third-party advisories, exploits, and brief summary of changes made, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-720
- subscription required.
Posts
No comments:
Post a Comment