This week we have 25 vendor disclosures from Bosch (2), FortiGuard (3), Fujitsu, GE Vernova, Hitachi (6), Honeywell, HP (4), Insyde, Korenix, Palo Alto Networks (3), Philips, and Phoenix Contact.
Advisories
Bosch Advisory #1 - Bosch published an
advisory that discusses seven vulnerabilities in multiple Bosch products.
Bosch Advisory #2 - Bosch published an
advisory that describes five vulnerabilities in their Remote Programing
Software.
FortiGuard Advisory #1 - FortiGuard published an advisory that describes
an improper authentication vulnerability in their FortiOS products.
FortiGuard Advisory #2 - FortiGuard published an advisory that
describes an authentication bypass through user controlled key vulnerability in
their FortiOS and FortiProxy products.
FortiGuard Advisory #3 - FortiGuard published an advisory that describes
two vulnerabilities in their FortiOS and FortiProxy products.
Fujitsu Advisory - Fujitsu published an
advisory that discusses 11 vulnerabilities in multiple Fujitsu products.
GE Vernova Advisory - GE Vernova published an
advisory that discusses four vulnerabilities (two listed in CISA’s Known
Exploited Vulnerabilities catalog) in multiple products.
Hitachi Advisor #1 - Hitachi published an
advisory that discusses an internal state disruption vulnerability in their
Cosminexus HTTP Server.
Hitachi Advisory #2 - Hitachi published an
advisory that describes an uncontrolled resource consumption vulnerability
in their Cosminexus HTTP Server.
Hitachi Advisory #3 - Hitachi published an
advisory that discusses an improper input validation vulnerability in their
Cosminexus HTTP Server.
Hitachi Advisory #4 - Hitachi published an
advisory that discusses the HTTP/2 Rapid Reset Attack (listed on CISA’s KEV
catalog) vulnerability in their Cosminexus HTTP Server.
Hitachi Advisory #5 - Hitachi published an
advisory that discusses an incomplete cleanup vulnerability in their Cosminexus
Component Container.
Hitachi Advisory #6 - Hitachi published an
advisory that describes an insertion of sensitive information into log file
vulnerability in their Cosminexus Component Container.
Honeywell Advisory - Honeywell published an
end-of-life notice for their e S3100 portfolio.
HP Advisory #1 - HP published an
advisory that describes a privilege escalation vulnerability in multiple HP
computers.
HP Advisory #2 - HP published an
advisory that discusses four vulnerabilities in multiple HP computers.
Insyde Advisory - Insyde published an advisory that describes
a UEFI variable modification vulnerability in their H2OFFT, H2OUVE, and H2OOAE
products.
Korenix Advisory - INCIBE-CERT published an
advisory that describes an exposure of sensitive information to an
unauthorized actor vulnerability in the Korenix JetI/O 6550 F208 product.
Palo Alto Networks Advisory #1 - Palo Alto Networks
published an
advisory that describes an improper privilege management vulnerability in
their PAN-OS product.
Palo Alto Networks Advisory #2 - Palo Alto Networks
published an
advisory that describes an improper privilege management vulnerability in
their GlobalProtect App.
Palo Alto Networks Advisory #3 - Palo Alto Networks
published an
advisory that describes an improper privilege management vulnerability in
their GlobalProtect App.
Philips Advisory - Philips published an advisory that discusses
two use-after-free vulnerabilities in the Imaging Data Commons libdicom.
Phoenix Contact Advisory - Phoenix Contact published an
advisory that describes 13 vulnerabilities in their CHARX SEC-3xxx charge controllers.
For more information on these advisories, including links to
3rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-c78
3-16-24
- subscription
required.
Posts
No comments:
Post a Comment