This week for Part 1 we have 20 vendor disclosures from ABB, Bentley, Cisco (5), CODESYS, Eurotech, GE Grid, Hitachi (2), Hitachi Energy (2), Insyde (3), and Moxa (3).
Part 2 will include a large number of vendor updates.
Advisories
ABB Advisory - ABB published an
advisory that discusses 16 vulnerabilities in their COM600 product.
Bentley Advisory - Bentley published an advisory that discusses
an out-of-bounds write vulnerability in their Seequent LeapFrog product.
Cisco Advisory #1 - Cisco published an
advisory that describes a policy bypass vulnerability in their Snort 3
detection engine.
Cisco Advisory #2 - Cisco published an
advisory that describes an SSL/TLS certificate handling vulnerability in
their Snort 3 Detection Engine.
Cisco Advisory #3 - Cisco published an
advisory that describes a memory allocation vulnerability in their Snort 3
Detection Engine.
Cisco Advisory #4 - Cisco published an
advisory that describes a policy bypass vulnerability in their Snort 3
detection engine.
Cisco Advisory #5 - Cisco published an
advisory that describes an IP geolocation bypass vulnerability in their Snort
3 detection engine.
CODESYS Advisory - CODESYS published an
advisory that discusses a heap-based buffer overflow vulnerability in a variety
of CODESYS V2 and V3 products.
Eurotech Advisory - Eurotech published an
advisory that discusses an unquoted search path or element vulnerability in
a number of Eurotech products.
GE Grid Advisory - GE published an
advisory for a vulnerability in their S1 Agile Engineering Tool Suite.
Hitachi Advisory #1 - Hitachi published an
advisory that discusses 21 vulnerabilities in their Disk Array Systems
products.
Hitachi Advisory #2 - Hitachi published an
advisory that discusses three vulnerabilities in their Cosminexus
Developer's Kit for Java and Hitachi Developer's Kit for Java.
Hitachi Energy Advisory #1 - Hitachi Energy published
an
advisory that describes three vulnerabilities in their eSOMS product.
Hitachi Energy Advisory #2 - Hitachi Energy published
an
advisory that describes two vulnerabilities in their MACH System software
product.
Insyde Advisory #1 - Insyde published an advisory that
describes a stack-based buffer overflow vulnerability in their AsfSecureBootDxe.
Insyde Advisory #2 - Insyde published an advisory that
describes an SMM memory corruption vulnerability in their CsmInt10HookSmm.
Insyde Advisory #3 - Insyde published an advisory that describes
an unsanitized arguments in SMI handler vulnerability in their IhisiServicesSmm.
Moxa Advisory #1 - Moxa published an
advisory that describes a classic buffer overflow vulnerability in their EDR-810/G902/G903
Series web server.
Moxa Advisory #2 - Moxa published an
advisory that describes the use of a broken or risky cryptographic
algorithm vulnerability in their NPort 6000 Series products.
Moxa Advisory #3 - Moxa published an
advisory that discusses seven vulnerabilities in their PT-G503 Series
products.
For more information on these advisories, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-10-e57 - subscription required.
Posts
No comments:
Post a Comment