Saturday, May 13, 2023

Review – Public ICS Disclosures – Week of 5-6-23 – Part 1 -

For Part 1 this week we have 34 vendor disclosures from Ads-Tec, Aruba, CONTEC, Fujitsu, HP (5), HPE (7), Insyde (2), Milestone (2), Palo Alto Networks (2), Rockwell (2), Tanzu (7), Texas Instruments, VMware, and WatchGuard.

Advisories

Ads-Tec Advisory - CERT-VDE published an advisory that discusses 18 vulnerabilities in the ads-tec IRF1000, IRF2000, and IRF3000 firewalls and routers.

Aruba Advisory - Aruba published an advisory that describes 13 vulnerabilities in their Access Points product.

CONTEC Advisory - JP-CERT published an advisory that describes five vulnerabilities in the CONTEC SolarView Compact product.

Fujitsu Advisory - Fujitsu published an advisory that discusses two vulnerabilities addressed in the 2023.2 INTEL Platform Update.

HP Advisory #1 - HP published an advisory that discusses 18 vulnerabilities in their products utilizing the AMD Client UEFI Firmware.

HP Advisory #2 - HP published an advisory that discusses four vulnerabilities in their products utilizing the Intel Virtual RAID on CPU.

HP Advisory #3 - HP published an advisory that discusses two vulnerabilities in their products utilizing the Intel 2023.2 IPU – BIOS.

HP Advisory #4 - HP published an advisory that discusses two vulnerabilities in their PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware.

HPE Advisory #1 - HPE published an advisory that discusses an exposure of information to wrong sphere vulnerability in their Proliant DX Servers.

HPE Advisory #2 - HPE published an advisory that discusses an exposure of information to wrong sphere vulnerability in their Apollo, XL Servers.

HPE Advisory #3 - HPE published an advisory that discusses an exposure of information to wrong sphere vulnerability in their Synergy Servers.

HPE Advisory #4 - HPE published an advisory that discusses an exposure of information to wrong sphere vulnerability in their StoreEasy Servers.

HPE Advisory #5 - HPE published an advisory that discusses 15 vulnerabilities in their ProLiant Gen10 and Gen10 Plus Servers.

HPE Advisory #6 - HPE published an advisory that discusses two vulnerabilities in their ProLiant DL/ML Servers.

HPE Advisory #7 - HPE published an advisory that discusses an exposure of information to wrong sphere vulnerability in their Superdome Flex Servers.

Insyde Advisory #1 - Insyde published an advisory that discusses an unchecked return value vulnerability in their BIOS PNG decoder libs.

Insyde Advisory #2 - Insyde published an advisory that describes an insufficient input validation vulnerability in various Intel Mobile Platforms.

Milestone Advisory #1 - Milestone published an advisory that describes a remote code execution vulnerability in their Management Server.

Milestone Advisory #2 - Milestone published an advisory that describes a remote code execution vulnerability in their Event Server.

Palo Alto Networks Advisory #1 - Palo Alto Networks published an advisory that describes a file disclosure vulnerability in their PAN-OS. The vulnerability was reported by Alex Hordijk.

Palo Alto Network Advisory #2 - Palo Alto Networks published an advisory that describes a cross-site scripting vulnerability in their PAN-OS software on Panorama appliances.

Rockwell Advisory #1 - Rockwell published an advisory that describes nine cross-site scripting vulnerabilities in their ArmorStart® ST 281E, and 284EE products.

Rockwell Advisory #2 - Rockwell published an advisory that describes a cross-site request forgery vulnerability in their FactoryTalk Vantagepoint product.

Tanzu Advisory #1 - Tanzu published an advisory that discusses an out-of-bounds write vulnerability in multiple Tanzu products.

Tanzu Advisory #2 - Tanzu published an advisory that discusses an off-by-one error vulnerability in multiple Tanzu products.

Tanzu Advisory #3 - Tanzu published an advisory that discusses an off-by-one error vulnerability in multiple Tanzu products.

Tanzu Advisory #4 - Tanzu published an advisory that discusses four vulnerabilities in multiple Tanzu products.

Tanzu Advisory #5 - Tanzu published an advisory that discusses a use of cryptographically weak PRNG vulnerability in multiple Tanzu products.

Tanzu Advisory #6 - Tanzu published an advisory that discusses six vulnerabilities in multiple Tanzu products.

Tanzu Advisory #7 - Tanzu published an advisory that discusses two vulnerabilities in multiple Tanzu products.

Texas Instruments Advisory - Texas Instruments published an advisory that describes a missing logic check vulnerability in their Wi-SUN® Stack.

VMware Advisory - VMware published an advisory that describes four vulnerabilities in their Aria Operations product.

WatchGuard Advisory - WatchGuard published an advisory that describes an arbitrary file read vulnerability in their Fireware OS products.

 

For more details on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-ba5 - subscription required.

Posted by at
Labels: , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */