This week we have 24 vendor disclosures from Festo, Hitachi (6), Hitachi Energy (3), Honeywell, Pilz, and QNAP (12).
Advisories
Festo Advisory - CERT-VDE published an advisory that
discusses 16 vulnerabilities in the multiple Festo products.
Hitachi Advisory #1 - Hitachi published an
advisory that discusses seven undescribed vulnerabilities in their Cosminexus
Developer's Kit for Java(TM) and Hitachi Developer's Kit for Java.
Hitachi Advisory #2 - Hitachi published an
advisory that discusses 11 vulnerabilities in their Ops Center Analyzer.
Hitachi Advisory #3 - Hitachi published an
advisory that discusses three vulnerabilities in their Ops Center
Administrator product, one of which is listed in the CISA Known Exploited
Vulnerabilities (KEV) catalog.
Hitachi Advisory #4 - Hitachi published an
advisory that describes an incorrect default permissions vulnerability in
their Hitachi Storage Plug-in for VMware vCenter.
Hitachi Advisory #5 - Hitachi published an
advisory that discusses four vulnerabilities in their Command Suite
products one of which is listed in CISA’s KEV catalog.
Hitachi Advisory #6 - Hitachi published an
advisory that discusses 27 vulnerabilities in their Disk Array Systems
products.
Hitachi Energy Advisory #1 - Hitachi Energy published
an
advisory that discusses an improper input validation vulnerability in their
TropOS core routers.
Hitachi Energy Advisory #2 - Hitachi Energy published
an
advisory that discusses three vulnerabilities in their MSM Product.
Hitachi Energy Advisory #3 - Hitachi Energy published
an
advisory that discusses nine vulnerabilities in their AFF660/665 series products.
Honeywell Advisory - Honeywell published an advisory
for two vulnerabilities in a number of their smartcard readers/cards.
Pilz Advisory - CERT-VDE published an advisory that
describes two cross-site scripting vulnerabilities in the Pilz PASvisu and PMI
v8xx products.
QNAP Advisory #1 - QNAP published an advisory
that describes two vulnerabilities in their Photo Station product. The
vulnerabilities were reported by lebr0nli.
QNAP Advisory #2 - QNAP published an advisory
that describes an unchecked return value vulnerability in their QTS and QuTS
hero products.
QNAP Advisory #3 - QNAP published an advisory
that discusses an improper validation of integrity check value vulnerability in
their QTS and QuTS hero products.
QNAP Advisory #4 - QNAP published an advisory
that describes two vulnerabilities in their QTS, QuTS hero, and QuTScloud
products.
QNAP Advisory #5 - QNAP published an advisory
that describes an OS command injection vulnerability in their QTS, QuTS hero,
and QuTScloud products.
QNAP Advisory #6 - QNAP published an advisory
that describes three vulnerabilities in their QTS, QuTS hero, and QuTScloud
products.
QNAP Advisory #7 - QNAP published an advisory
that describes three OS command injection vulnerabilities in their QTS, QuTS
hero and QuTScloud products.
QNAP Advisory #8 - QNAP published an advisory
that describes an OS command injection vulnerability in their QTS, QuTS hero
and QuTScloud products.
QNAP Advisory #9 - QNAP published an advisory
that describes an OS command injection vulnerability in their TS, QuTS hero and
QuTScloud products.
QNAP Advisory #10 - QNAP published an advisory
that describes a classic buffer overflow vulnerability in their QTS, QuTS hero
and QuTScloud products.
QNAP Advisory #11 - QNAP published an advisory
that describes eight vulnerabilities in their QTS, QuTS hero and QuTScloud
products.
QNAP Advisory #12 - QNAP published an advisory
that describes an OS command injection vulnerability in their QTS, QuTS hero
and QuTScloud.
For more information about these disclosures, including
links to researcher reports, 3rd party advisories and exploits, see
my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-76f
- subscription required.
Posts
No comments:
Post a Comment