This week we have eight vendor disclosures from Aruba Networks, Bosch, Festo, Genetec, HP, Omron, Sick, and VMware. There are eight vendor updates from BD (2), Cisco (3), HP, and HPE (2). There are two researcher reports for vulnerabilities in products from TEM. Finally, we have two exploits for products from Splunk and VMware.
Advisories
Aruba Advisory - Aruba published an
advisory that describes five vulnerabilities in their ClearPass Policy
Manager.
Bosch Advisory - Bosch published an
advisory that discusses an authentication bypass by capture replay
vulnerability in their Rexroth SLC-0-GPNT00300 product.
Festo Advisory - CERT-VDE published an advisory that
discusses an improper input validation vulnerability in the Festo TP 260 and
MES PC products.
Genetec Advisory - Genetec published an advisory that
discusses a command injection vulnerability in their Genetec A1610 and A1210
network door controllers.
HPE Advisory - HPE published an
advisory that describes a remote code execution vulnerability in their OneView
product.
Omron Advisory - Omron published an
advisory that describes a restriction of XML external entity reference
vulnerability in their CX Designer product.
Sick Advisory - Sick published an
advisory that describes an authentication bypass by capture-replay
vulnerability in their Flexi Soft Gateways.
VMware Advisory #1 - VMware published an
advisory that describes two vulnerabilities in their vCenter Server.
VMware Advisory #2 - VMware published an advisory that describes two vulnerabilities in their Tools product.
Updates
BD Update #1 - BD published an
update for their Busy Box advisory.
BD Update #2 - BD published an
update for their Linux Kernel Vulnerability within Wi-Fi Module in Alaris
PCU advisory.
Cisco Update #1 - Cisco published an
update for their IOS XE Software Web UI Command Injection advisory that was
originally published on March 24th, 2021.
Cisco Update #2 - Cisco published an
update for their HTTP/2 Rapid Reset Attack advisory that was originally
published on October 16th, 2023.
Cisco Update #3 - Cisco published an
update for their IOS XE Software Web UI Feature Attack advisory that was
originally published on October 16th, 2023.
HP Update - HP published an
update for their NVIDIA GPU Display Driver that was originally published on
September 11th, 2023.
HPE Update #1 - HPE published an
update for their Aruba AirWave Management Platform advisory that was
originally published on October 17th, 2023.
HPE Update #2 - HPE published an update for their NonStop advisory that was originally published on July 18th, 2022 and most recently updated on March 30th, 2023.
Researcher Reports
TEM Reports - Zero Science published two reports of individual vulnerabilities in the TEM Opera Plus FM Family Transmitter.
Exploits
Splunk Exploit - Heyder Andrade published a Metasploit module for a privilege escalation
vulnerability in Splunk.
VMware Exploit - SinSinology published an
exploit for a use of broken or risky cryptographic algorithm vulnerability
in the VMware Aria Operations for Networks program.
For more details about these disclosures, including links to 3rd party advisories and researcher reports as well as brief update summaries, see my article at CFSN Detailed analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-19b - subscription required.
Posts
No comments:
Post a Comment