This week we have 17 vendor disclosures from Aruba Networks, Broadcom, CODESYS, FortiGuard, GE Gas Power, Helmholz, HPE (2), Inductive Automation, Moxa (2), Palo Alto Networks, Red Lion, Rockwell, Ruckus Wireless, Wibu, and Zyxel.
Advisories
Aruba Advisory - Aruba published an
advisory that describes two vulnerabilities in their Virtual Intranet Access
(VIA) Windows Client.
Broadcom Advisory - Broadcom published an
advisory that discusses a type confusion vulnerability in their Brocade
Fabric OS product.
CODESYS Advisory - CODESYS published an
advisory that discusses a heap-based buffer overflow vulnerability in multiple
products.
FortiGuard Advisory - FortiGuard published an advisory that describes
a stack-based buffer overflow vulnerability in their FortiOS product.
GE Gas Power - GE published an
advisory that discusses a heap-based buffer overflow vulnerability in their
CIMPLICITY product.
Helmholz Advisory - CERT-VDE published an advisory that discusses
a cross-site scripting vulnerability in their REX 200 and REX 250 products.
HPE Advisory #1 - HPE published an
advisory that discusses 13 vulnerabilities in their HP-UX Web Server Suite
Software.
HPE Advisory #2 - HPE published an
advisory that discusses two vulnerabilities in their SimpliVity Servers.
Inductive Automation Advisory - Inductive Automation
published an
advisory that describes six vulnerabilities in their Ignition product.
Moxa Advisory #1 - Moxa published an
advisory that describes a use of hard-coded credentials vulnerability in
their NPort IAW5000A-I/O Series.
Moxa Advisory #2 - Moxa published an
advisory that describes eight vulnerabilities in their TN-5900 and TN-4900
Series Web Server.
Palo Alto Networks Advisory - Palo Alto Networks
published an
advisory that discusses the TunnelCrack
vulnerabilities.
Red Lion Europe Advisory - CERT-VDE published an advisory that descries
a cross-site scripting vulnerability in the Red Lion mbNET and mbNET/.rokey.
Rockwell Advisory - Rockwell published an
advisory that describes three improper input validation vulnerabilities in
their ThinManager ThinServer product.
Ruckus Advisory - Ruckus published an advisory
that describes three cross-site scripting vulnerabilities in their ICX product
line.
Wibu Advisory - Wibu published an
advisory that describes a heap-based buffer overflow vulnerability in their
CodeMeter Runtime product.
Zyxel Advisory #1 - Zyxel published an advisory that describes an improper handling of
exceptions vulnerability in their XGS2220, XMG1930, and XS1930 series switches.
Zyxel Advisory #2 - Zyxel published an
advisory that describes an OS command injection vulnerability in their NBG6604
home router.
For more information about the disclosures, including links
to 3rd party advisories, researcher reports, and exploits, see my
article on CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-810
- subscription required.
Posts
No comments:
Post a Comment