This week we have 15 vendor disclosures from Festo, Hitachi Energy (3), HPE, Medtronic, Red Lion, Ruckus, SEL, Sierra Wireless, Synology (2), WatchGuard, and Zyxel (2). There are nine vendor updates from Hitachi Energy (7), HPE, and VMware. There is also a researcher report describing vulnerabilities in products from SEL. Finally, we have two exploits for products from Loytec.
Advisories
Festo Advisory - CERT-VDE published an advisory that discusses
an out-of-bounds write vulnerability in multiple Festo products.
Hitachi Energy Advisory #1 - Hitachi Energy published
an
advisory that describes three vulnerabilities in their RTU500 series products.
Hitachi Energy Advisory #2 - Hitachi Energy published
an
advisory that discusses an off-by-one error vulnerability in their SDM600
series products.
Hitachi Energy Advisory #3 - Hitachi Energy published
an advisory
that describes an improper input validation vulnerability in their s Relion® 670/650/SAM600-IO
series products.
HPE Advisory - HPE published an
advisory that discusses two improper initialization vulnerabilities in
their Cray Servers and ProLiant DL/XL Servers.
Medtronic Advisory - Medtronic published an
advisory that discusses two vulnerabilities in their Mainspring Data
Express, and Vital Sync Virtual Patient Monitoring Platform products.
Red Lion Advisory - Red Lion published an
advisory that describes an improper neutralization of special elements
vulnerability in their Crimson 3.2 software.
Ruckus Advisory - Ruckus published an advisory
that describes a cross-site scripting vulnerability in multiple Ruckus
products.
SEL Advisory - SEL published a
cybersecurity notice for their Blueframe OS product.
Sierra Wireless Advisory - Sierra Wireless published an
advisory that describes eight vulnerabilities in their ALEOS, the operating
system used in certain Sierra Wireless AirLink Routers.
Synology Advisory #1 - Synology published an
advisory that describes an arbitrary code execution vulnerability in their Synology
Camera BC500 and Synology Camera TC500.
Synology Advisory #2 - Synology published an
advisory that describes a man-in-the-middle vulnerability in their Router
Manager.
WatchGuard Advisory - WatchGuard published an
advisory that discusses the heap
buffer overflow in libwebp WebP Codec vulnerability that is listed in the
CISA Known Exploited Vulnerabilities catalog.
Zyxel Advisory #1 - Zyxel published an
advisory that describes nine vulnerabilities in multiple Zyxel firewall and
access point (AP) products.
Zyxel Advisory #2 - Zyxel published an advisory that describes the six vulnerabilities in their NAS326 and NAS542 products.
Updates
Hitachi Energy Updates - Hitachi Energy published seven updates for the purpose of
rebranding the advisories from “Hitachi/ABB Power Grids” to “Hitachi Energy”.
HPE Update - HPE published an
update for their OneView advisory that was originally published on October
25th, 2023.
VMware Update - VMware published an update for their Cloud Director Appliance advisory that was originally published on November 14th, 2023.
Researcher Reports
SEL Report - Nozomi Networks published a report describing five vulnerabilities in the SEL-451 substation bay control device.
Exploits
Loytec Exploit #1 - Chizuru Toyama published an
exploit for three vulnerabilities in the Loytec LINX Configurator.
Loytec Exploit #2 - Chizuru Toyama published an
exploit for a four vulnerabilities in the Loytec LINX Configurator.
For more details about these disclosures, including links to
researcher reports, 3rd party advisories, and exploits, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-7e2
- subscription required.
Posts
No comments:
Post a Comment