This week we have 21 vendor disclosures from ABB (2), Aruba Networking, Belden (3), Bosch, Brocade (2), B&R, CODESYS, Fujitsu (3), Hitachi Energy (2), Honeywell, HPE, QNAP (2), and VMware. There is one researcher report for vulnerabilities in products from Advantech. Finally, we have two exploits for products from Western Digital and VMware.
Advisories
ABB Advisory #1 - ABB published an
advisory that describes four vulnerabilities in their Ability™ zenon product.
ABB Advisory #2 - ABB published an advisory that
describes an unquoted search path vulnerability in their AO-OPC product.
Aruba Advisory - Aruba published an
advisory that describes four vulnerabilities in their Access Points products
Belden Advisory #1 - Belden published an
advisory that discusses a NULL pointer dereference vulnerability in their Hirschmann
HiSecOS.
Belden Advisory #2 - Belden published an
advisory that discusses a cross-site scripting vulnerability in their Eagle
firewall products.
Belden Advisory #3 - Belden published an
advisory that discusses four vulnerabilities in their Hirschmann HiSecOS.
Bosch Advisory - Bosch published an
advisory that discusses 30 vulnerabilities in their PRA-ES8P2S
Ethernet-Switchs.
Broadcom Advisory #1 - Broadcom published an
advisory that discusses a permission validation vulnerability in the BrocadeOS
products.
Broadcom Advisory #2 - Broadcom published an
advisory that discusses the MoveIT
SQL injection vulnerability, which is on the CISA Known Exploited
Vulnerabilities Catalog.
B&R Advisory - B&R published an
advisory that describes an allocation of resources without limit or
throttling vulnerability in the Portmapper service used in their Automation
Runtime product.
CODESYS Advisory - CODESYS published an
advisory that describes an exposure of resource to wrong sphere
vulnerability in their Scripting addon.
Fujitsu Advisory #1 - Fujitsu published a notice
about potential vulnerabilities being investigated based upon third-party advisories
from Insyde.
Fujitsu Advisory #2 - JP CERT published an advisory that describes
an authentication bypass vulnerability in the Fujitsu Si-R series and SR-M
series network devices.
Fujitsu Advisory #3 - JP CERT published an advisory that describes
a hard-coded credentials vulnerability in the Fujitsu IP Series Real-time Video
Transmission Gear.
Hitachi Energy Advisory #1 - Hitachi published an
advisory that discusses six vulnerabilities in their AFF66x Products. These
are third-party vulnerabilities.
Hitachi Energy Advisory #2 - Hitachi published an
advisory that describes two classic buffer overflow vulnerabilities in
their RTU500 series product.
Honeywell Advisory - Honeywell published an end-of-life
notice for their MAXPRO® VMS R600 and R630 / NVR6.0 & R6.3 products.
HPE Advisory - HPE published an
advisory that describes a privilege escalation vulnerability in their Integrated
Smart Update Tools (iSUT) for Windows.
QNAP Advisory #1 - QNAP published an advisory
that discusses an OS command injection vulnerability in many of their products.
QNAP Advisory #2 - QNAP published an advisory
that describes an insecure library loading vulnerability in their QVPN Device
Client for Windows.
VMware Advisory - VMware published an advisory that describes an insertion of sensitive information into a log file vulnerability in their Tanzu Application Service for VMs.
Reports
Advantech Report - Tenable published a report that describes an SQL injection vulnerability in the Advantech iView.
Exploits
Western Digital Exploit - Remco Vermeulen published a
Metasploit
module for two vulnerabilities in the Western Digital MyCloud product.
VMware Exploit - H00die published a Metasploit
module for a command injection vulnerability in the VMware Aria Operations
for Networks product.
Posts
No comments:
Post a Comment