This week in Part 1 we have 80 vendor advisories from Aruba Networks, BD, Broadcom (45), CODESYS (5), Fujitsu, GE Gas Power, HP, HPE, Omron (3), Schweitzer Engineering Laboratory, Setelsa Security, Splunk, Tanzu (16), WAGO (2), and VMware.
For Part 2 I will look at vendor updates and researcher reports.
Advisories
Aruba Advisory - Aruba published an
advisory that describes a command injection vulnerability in their CX
Switches.
BD Advisory - BD published an
advisory that discusses an incorrect authorization vulnerability in
multiple products.
Broadcom Advisories - Broadcom published 45 advisories
for third-party vulnerabilities in a variety of their products.
CODESYS Advisory #1 - CODESYS published an
advisory that describes an improper restriction of excessive authentication
attempts vulnerability in their Development System product.
CODESYS Advisory #2 - CODESYS published an
advisory that describes an insufficient verification of data authenticity
vulnerability in their Development System product.
CODESYS Advisory #3 - CODESYS published an
advisory that describes an uncontrolled search path vulnerability in their
Development System product.
CODESYS Advisory #4 - CODESYS published an
advisory that describes 15 vulnerabilities in their Control V3 runtime
systems products.
CODESYS Advisory #5 - CODESYS published an
advisory that describes two vulnerabilities in their Control V3 runtime
system products.
Fujitsu Advisory - Fujitsu published an
advisory that describes an improper credential storage vulnerability in
their Software Infrastructure Manager product.
GE Advisory - GE published an
advisory that discusses a FortiOS
stack-based buffer overflow vulnerability.
HP Advisory - HP published an
advisory that describes an elevation of privilege vulnerability in some HP
and Samsung Printer software packages.
HPE Advisory - HPE published an
advisory that discusses 48 vulnerabilities in their Fibre Channel and SAN
Switches.
Omron Advisory #1 - Omron published an
advisory that describes three vulnerabilities in their CX-Programmer
product.
Omron Advisory #2 - Omron published an
advisory that describes an improper validation of specified type of input
vulnerability in their CJ Series CJ2 CPU units.
Omron Advisory #3 - Omron published an
advisory that discusses the INFRA:HALT
vulnerabilities in their Multi-function Compact Inverter 3G3MX2.
SEL Advisory - SEL published an
advisory that announces that a new version of their Synchrowave Linux
Platform is available to fix an undescribed vulnerability by closing Port 10250
on k3s.
Setelsa Advisory - Incibe-CERT published an
advisory that describes an SQL injection vulnerability in the Setelsa ConacWin
access control platform.
Splunk Advisory - Splunk published an advisory
that describes a log injection vulnerability in their SOAR product.
Tanzu Advisories - Tanzu published 16 advisories, each with multiple
vulnerabilities in various products.
WAGO Advisory #1 - VDE-CERT published an advisory that discusses
an authentication bypass by capture replay vulnerability in the WAGO 758-918 ETHERNET
Gateways.
WAGO Advisory #2 - VDE-CERT published an advisory that discusses
15 vulnerabilities in multiple WAGO products.
VMware Advisory - VMware published an
advisory that describes two vulnerabilities in their Horizon Server.
For more details on these disclosures, including links to
researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-4fa
- subscription required.
Posts
No comments:
Post a Comment