This week for Part 1 we have 20 vendor disclosures from B&R, Broadcom, FortiGuard (3), HP, HPE (3), Insyde, Palo Alto Networks (8), Pepperl+Fuchs, Philips, and Rockwell.
Advisories
B&R Advisory - B&R published an advisory that
discusses five vulnerabilities (one with known exploit) in their APROL product.
Broadcom Advisory - Broadcom published an
advisory that discusses the XZ
Utils Data vulnerability.
FortiGuard Advisory #1 - FortiGuard published an advisory that
describes an exposure of sensitive information to unauthorized actor
vulnerability in their FortiOS product.
FortiGuard Advisory #2 - FortiGuard published an advisory that describes
a use of externally controlled format string vulnerability in their FortiOS
product.
FortiGuard Advisory #3 - FortiGuard published an advisory that
describes an insufficiently protected credentials vulnerability in their FortiOS
and FortiProxy products.
HP Advisory - HP published an
advisory that discusses 84 vulnerabilities in their ThinPro products. These
are third-party vulnerabilities.
HPE Advisory #1 - HPE published an
advisory that describes a cross-site request forgery in their OfficeConnect
switches.
HPE Advisory #2 - HPE published an
advisory that describes an authentication bypass vulnerability in their
FlexFabric and FlexNetwork switches.
HPE Advisory #3 - HPE published an
advisory that discusses eleven vulnerabilities {one listed in CISA’s Known
Exploited Vulnerabilities (KEV) Catalog} in their Unified Correlation Analyzer.
Insyde Advisory - Insyde published an advisory that describes
an out-of-bounds write vulnerability in their PnpSmm application.
Palo Alto Network Advisory #1 - Palo Alto Networks
published an
advisory that discusses eleven vulnerabilities (one with known exploit) in
their PAN-OS product.
Palo Alto Networks Advisory #2 - Palo Alto Networks
published an advisory that describes an incorrect authorization vulnerability
in their GlobalProtect SSL VPN.
Palo Alto Networks Advisory #3 - Palo Alto Networks
published an
advisory that describes an inadequate encryption strength vulnerability in their
PAN-OS product.
Palo Alto Network Advisory #4 - Palo Alto Networks
published an
advisory that describes an interpretation conflict vulnerability in PAN-OS
product.
Palo Alto Networks Advisory #5 - Palo Alto Networks
published an
advisory that describes an interpretation conflict vulnerability in their
PAN-OS product.
Palo Alto Networks Advisory #6 - Palo Alto Networks
published an
advisory that describes an allocation of resources without limit or
throttling vulnerability in their PAN-OS product.
Palo Alto Networks Advisory #7 - Palo Alto Networks
published an
advisory that describes a NULL pointer dereference vulnerability in their
PAN-OS product.
Palo Alto Networks Advisory #8 - Palo Alto Networks
published an
advisory that describes an improper ownership management vulnerability in
their PAN OS product.
Pepperl+Fuchs Advisory - CERT-VDE published an advisory that discusses
eight vulnerabilities (including three with known exploits) in the Pepperl+Fuchs
ICES2 and ICES3 products.
Philips Advisory - Philips published an advisory
that discusses the Terrapin Attack
vulnerability.
Rockwell Advisory - Rockwell published an
advisory that describes an invalid header value vulnerability in their ControlLogix
and GuardLogix products.
For more information on these disclosures, including links
to 3rd party advisories, researcher reports, and exploits, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-3bc
- subscription required.
No comments:
Post a Comment