This week we have 12 vendor disclosures from Broadcom, Dahua, Hitachi (4), HP, HPE, Insyde, SonicWall, Three R Solutions, and VMware. There are two vendor updates from Palo Alto Networks and Synology. We also have two researcher reports that describe vulnerabilities in products from Synology and Korenix.
Advisories
Broadcom Advisory - Broadcom published an
advisory that discusses an out-of-bounds write vulnerabilities that is
listed in the CISA Known Exploited Vulnerabilities Catalog in multiple Brocade
products.
Dahua Advisory - JP-CERT published an advisory that describes
an authentication bypass vulnerability in multiple Dahua products.
Hitachi Advisory #1 - Hitachi published an
advisory that describes two vulnerabilities in their Device Manager.
Hitachi Advisory #2 - Hitachi published an
advisory that discusses an allocation of resources without throttling or
limits vulnerability in their Tuning Manager product.
Hitachi Advisory #3 - Hitachi published an
advisory that discusses an out-of-bounds write vulnerability in multiple
Hitachi products.
Hitachi Advisory #4 - Hitachi published an
advisory that describes an incorrect default permissions vulnerability in
their Tuning Manager product.
HP Advisory - HP published an
advisory that discusses seven vulnerabilities in multiple HP products.
HPE Advisory - HPE published an
advisory that discusses eight vulnerabilities in their HP-UX Apache Web Server products.
Insyde Advisory - Insyde published an advisory that
discusses nine vulnerabilities in their EDK2 NetworkPkg IP stack
SonicWall Advisory - SonicWall published an advisory
that describes a stack-based buffer overflow vulnerability in their Capture
Client and NetExtender Client Windows products.
Three R Solutions Advisory - JP-CERT published an advisory that describes
an insufficient technical documentation vulnerability in the Three R Solutions Thermal
camera TMC series products.
VMware Advisory - VMware published an advisory that describes a missing access control vulnerability in their Aria Automation products.
Updates
Palo Alto Networks Update - Palo Alto Networks
published an
update for their Terrapin-Attack vulnerability
that was originally published on January 8th, 2024.
Synology Update - Synology published an update for their DiskStation Manager advisory that was originally published on January 9th, 2024.
Researcher Reports
Synology Report - Claroty published a report describing an inadequate data validation vulnerability in the Synology RT6600ax routers.
Korenix Report - CyberDanube published a
report describing two vulnerabilities in the Korenix JetNet Series
industrial switch.
For more information on these disclosures, including links to 3rd party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-7a6 - subscription required.
Posts
1 comment:
In the "Week of 6-13-24" section, the URL to the Broadcom advisory https://support.broadcom.com/external/content/SecurityAdvisories/0/22987 is probably not the right one, if you open that one an advisory opens but it states that "No Brocade Fibre Channel Products from Broadcom Products are known to be affected by this vulnerability." so it also unlikely to be in the CISA KEV list.
Post a Comment