This week, for Part 1, we have 20 vendor disclosures from Broadcom
(8), Beckhoff, Bosch, GE Vernova (2), Hikvision, Hitachi Energy (2), HP (3), HPE,
and Omron.
Advisories
Broadcom Advisory #1 - Broadcom published an
advisory that discusses a function call with incorrect argument type
vulnerability in their SANnav product.
Broadcom Advisory #2 - Broadcom published an
advisory that discusses an integer overflow or wrap around vulnerability in
their SANnav product.
Broadcom Advisory #3 - Broadcom published an
advisory that discusses nine vulnerabilities (three with publicly available
exploits) in their Fabric OS, SANnav, and ASCG products.
Broadcom Advisory #4 - Broadcom published an
advisory that discusses an incorrect resource transfer between spheres
vulnerability in their SANnav product.
Broadcom Advisory #5 - Broadcom published an
advisory that discusses two vulnerabilities (one with publicly available
exploit) in their SANnav product.
Broadcom Advisory #6 - Broadcom published an
advisory that discusses an incomplete cleanup vulnerability in their SANnav
product.
Broadcom Advisory #7 - Broadcom published an
advisory that discusses three inadequately described vulnerabilities in
their SANnav product.
Broadcom Advisory #8 - Broadcom published an
advisory that discusses six vulnerabilities in their SANnav products.
Beckhoff Advisory - CERT-VDE published an advisory that describes
an OS command injection vulnerability in the Beckhoff TwinCAT Package Manager.
Bosch Advisory - Bosch published an
advisory that describes an uncontrolled resource consumption vulnerability in
the PROFINET stack implementation of the IndraDrive.
GE Vernova Advisory #1 - GE published an
advisory that discusses two vulnerabilities in Control Server installations
that use VMware vCenter Server.
GE Vernova Advisory #2 - GE published an
advisory that describes a side-channel key recovery vulnerability in YubiKey’s
in customers using Xona devices and those using YubiKey authentication for
certain HMI deployments.
Hikvision Advisory - JP- CERT published an advisory that announces
firmware updates for multiple network cameras as a security enhancement,
changing the behavior to communicate with Dynamic DNS services, to prevent
cleartext transmission.
Hitachi Energy Advisory #1 - Hitachi Energy published
an
advisory that describes two vulnerabilities in their TRO600 series products.
Hitachi Energy Advisory #2 - Hitachi Energy published
an
advisory that discusses two vulnerabilities (both with publicly available
exploits) in their MSM product web services.
HP Advisory #1 - HP published an
advisory that discusses the PixieFail vulnerabilities.
HP Advisory #2 - HP published an
advisory that discusses 353 vulnerabilities in their ThinPro product.
HP Advisory #3 - HP published an
advisory that describes an out-of-bounds write vulnerability in their Smart
Universal Printing Driver.
HPE Advisory - HPE published an advisory that discusses
the regreSSHion vulnerability.
Omron Advisory - Omron published an advisory that describes
an improper authorization vulnerability in their Sysmac Studio product.
For more information about these disclosures, including
links to 3rd party advisories, researcher reports and exploits, see my article
at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-25a
- subscription required.