Saturday, April 13, 2024

Review - Public ICS Disclosures – Week of 4-6-24 – Part 1

This week for Part 1 we have 20 vendor disclosures from B&R, Broadcom, FortiGuard (3), HP, HPE (3), Insyde, Palo Alto Networks (8), Pepperl+Fuchs, Philips, and Rockwell.

Advisories

B&R Advisory - B&R published an advisory that discusses five vulnerabilities (one with known exploit) in their APROL product.

Broadcom Advisory - Broadcom published an advisory that discusses the XZ Utils Data vulnerability.

FortiGuard Advisory #1 - FortiGuard published an advisory that describes an exposure of sensitive information to unauthorized actor vulnerability in their FortiOS product.

FortiGuard Advisory #2 - FortiGuard published an advisory that describes a use of externally controlled format string vulnerability in their FortiOS product.

FortiGuard Advisory #3 - FortiGuard published an advisory that describes an insufficiently protected credentials vulnerability in their FortiOS and FortiProxy products.

HP Advisory - HP published an advisory that discusses 84 vulnerabilities in their ThinPro products. These are third-party vulnerabilities.

HPE Advisory #1 - HPE published an advisory that describes a cross-site request forgery in their OfficeConnect switches.

HPE Advisory #2 - HPE published an advisory that describes an authentication bypass vulnerability in their FlexFabric and FlexNetwork switches.

HPE Advisory #3 - HPE published an advisory that discusses eleven vulnerabilities {one listed in CISA’s Known Exploited Vulnerabilities (KEV) Catalog} in their Unified Correlation Analyzer.

Insyde Advisory - Insyde published an advisory that describes an out-of-bounds write vulnerability in their PnpSmm application.

Palo Alto Network Advisory #1 - Palo Alto Networks published an advisory that discusses eleven vulnerabilities (one with known exploit) in their PAN-OS product.

Palo Alto Networks Advisory #2 - Palo Alto Networks published an advisory that describes an incorrect authorization vulnerability in their GlobalProtect SSL VPN.

Palo Alto Networks Advisory #3 - Palo Alto Networks published an advisory that describes an inadequate encryption strength vulnerability in their PAN-OS product.

Palo Alto Network Advisory #4 - Palo Alto Networks published an advisory that describes an interpretation conflict vulnerability in PAN-OS product.

Palo Alto Networks Advisory #5 - Palo Alto Networks published an advisory that describes an interpretation conflict vulnerability in their PAN-OS product.

Palo Alto Networks Advisory #6 - Palo Alto Networks published an advisory that describes an allocation of resources without limit or throttling vulnerability in their PAN-OS product.

Palo Alto Networks Advisory #7 - Palo Alto Networks published an advisory that describes a NULL pointer dereference vulnerability in their PAN-OS product.

Palo Alto Networks Advisory #8 - Palo Alto Networks published an advisory that describes an improper ownership management vulnerability in their PAN OS product.

Pepperl+Fuchs Advisory - CERT-VDE published an advisory that discusses eight vulnerabilities (including three with known exploits) in the Pepperl+Fuchs ICES2 and ICES3 products.

Philips Advisory - Philips published an advisory that discusses the Terrapin Attack vulnerability.

Rockwell Advisory - Rockwell published an advisory that describes an invalid header value vulnerability in their ControlLogix and GuardLogix products.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-3bc - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */