This week we have vendor disclosures from B&R Automation, Buffalo, Hima, Hitachi, HP (7), HPE (5), Palo Alto Networks (6), Philips, and QNAP.
Part 2 will include looks at advisories and updates from Schneider, Siemens, and VMware, along with two control system exploits.
Advisories
B&R Advisory - B&R published an advisory that
discusses the Terrapin-Attack
vulnerability.
Buffalo Advisory - JP-CERT published an advisory that
describes three vulnerabilities in multiple Buffalo network devices.
Hima Advisory - CERT-VDE published an advisory that
describes two vulnerabilities in multiple Hima products.
Hitachi Advisory - Hitachi published an
advisory that discusses 17 vulnerabilities in their Disk Array products.
HP Advisory #1 - HP published an
advisory that discusses an improper access control vulnerability in their
Thunderbolt docking stations.
HP Advisory #2 - HP published an
advisory that describes a privilege escalation vulnerability in their
Workstation products.
HP Advisory #3 - HP published an
advisory that discusses four vulnerabilities in their Workstation products.
HP Advisory #4 - HP published an
advisory that describes two physical bypass of security measures vulnerabilities
in their Desktop PC and workstation products.
HP Advisory #5 - HP published an advisory that discusses
an improper access control vulnerability in their desktop computers.
HP Advisory #6 - HP published an
advisory that discusses ten vulnerabilities in multiple HP product lines.
HP Advisory #7 - HP published an
advisory that discusses 20 vulnerabilities in multiple product lines.
HPE Advisory #1 - HPE published an
advisory that discusses Terrapin-Attack
vulnerability.
HPE Advisory #2 - HPE published an
advisory that discusses two vulnerabilities in their ProLiant Servers.
HPE Advisory #3 - HPE published an
advisory that discusses two improper access control vulnerabilities in HPE
ProLiant AMD Servers.
HPE Advisory #4 - HPE published an
advisory that discusses the PixieFail
vulnerabilities.
HPE Advisory #5 - HPE published an
advisory that discusses a sequence of processor instructions leads to
unexpected behavior vulnerability in their SimpliVity Servers.
Palo Alto Networks Advisory #1 - Palo Alto Networks
published an
advisory that describes a cross-site scripting vulnerability in their PAN-OS
products.
Palo Alto Networks Advisory #2 - Palo Alto Networks
published an
advisory that describes an insufficient session expiration vulnerability in
their PAN-OS web interface.
Palo Alto Networks Advisory #3 - Palo Alto Networks
published an
advisory that describes an improper verification of source of communication
channel vulnerability in their PAN-OS products.
Palo Alto Networks Advisory #4 - Palo Alto Networks
published an
advisory that describes a cross-site scripting vulnerability in their
PAS-OS products.
Palo Alto Networks Advisory #5 - Palo Alto Networks
published an
advisory that describes a cross-site scripting vulnerability in their PAN-OS
products.
Palo Alto Networks Advisory #6 - Palo Alto Networks
published an
advisory that discusses 38 vulnerabilities.
Philips Advisory - Philips published an advisory
that discusses four recently reported vulnerabilities in the Ivanti Connect
Secure and Policy Secure.
QNAP Advisory - QNAP published an advisory
that describes two vulnerabilities in their QTS, QuTS hero and QuTScloud.
For more information on these disclosures, including links
to 3rd party advisories and researcher reports, see my article at CFSN Detailed
Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-a49
- subscription required.
Posts
No comments:
Post a Comment