For Part 2, we have eight additional vendor disclosures from Philips, Phoenix Contact, SEL, Siemens (2), and Wireshark (3). There are also 25 updates for products from B&R, HPE, and Siemens (23). Finally, we have a researcher report for vulnerabilities in products from Sante.
Advisories
Philips Advisory - Philips published an advisory
that discusses two vulnerabilities from F5 BIG-IP (CVE-2024-21793 and CVE-2024-26026).
Phoenix Contact Advisory - Phoenix Contact published an
advisory that describes five vulnerabilities in their CHARX SEC charge
controllers.
SEL Advisory - SEL published an
advisory that announces a new version of their SEL-5037 SEL Grid
Configurator that includes an improved cipher strength for installer
certificate generation.
Siemens Advisory #1 - Siemens published an advisory
that describes an out-of-bound write vulnerability in their Parasolid product.
Siemens Advisory #2 - Siemens published an
advisory that describes an out-of-bounds write vulnerability in their Tecnomatix
Plant Simulation product.
Wireshark Advisory #1 - Wireshark published an advisory
that describes an infinite loop vulnerability in their MONGO and ZigBee TLV
dissector.
Wireshark Advisory #2 - Wireshark published an advisory
that describes a mismatched memory management routines vulnerability in their Editcap
product.
Wireshark Advisory #3 - Wireshark published an advisory
that describes a use after free vulnerability in their Editcap product.
B&R Update - B&R published an
update for their Automation Studio advisory that was originally published
on October 29th, 2021.
HPE Update - HPE published an update for their ProLiant
DL/DX/ML/SY/RL/XL/Edgeline Servers advisory that was originally published on
April 2nd, 2024, and most recently updated on April 18th,
2024.
Siemens Update #1 - Siemens published an update
for their User Management Component advisory that was originally published on
December 12th, 2023 and most recently updated on February 13th,
2024.
Siemens Update #2 - Siemens published an update
for their SIMATIC STEP advisory that was originally published on June 13th,
2023 and most recently updated on March 12th, 2024.
Siemens Update #3 - Siemens published an update
for their APOGEE, TALON and Desigo PXC/PXM advisory that was originally
published on October 11th, 2022.
Siemens Update #4 - Siemens published an update
for their Polarion ALM advisory that was originally published on February 13th,
2024 and March 12th, 2024.
Siemens Update #5 - Siemens published an update
for their FortiGate NGFW advisory that was originally published on March 12th,
2024, and most recently updated on April 9th, 2024.
Siemens Update #6 - Siemens published an update
for their OpenSSL (CVE-2022-0778) advisory that was originally published on
June 14th, 2022 and most recently updated on April 9th,
2024.
Siemens Update #7 - Siemens published an update
for their OPC UA Implementations advisory that was originally published on
September 12th, 2023 and most recently updated on April 9th,
2024.
Siemens Update #8 - Siemens published an update
for their OPC Foundation Local Discovery Server advisory that was originally
published on April 11th, 2023 and most recently updated on April 9th,
2024.
Siemens Update #9 - Siemens published an
update for their Nozomi Guardian/CMC advisory that was originally published
on February 13th, 2024.
Siemens Update #10 - Siemens published an update
for their Nozomi Guardian/CMC advisory that was originally published on October
10th, 2023 and most recently updated on November 14th,
2023.
Siemens Update #11 - Siemens published an update
for their Interniche IP-Stack advisory that was originally published on April
14th, 2020 and most recently updated on February 14th, 2023.
Siemens Update #12 - Siemens published an update
for their S7-1500 CPUs advisory that was originally published on December 12th,
2023 and most recently updated on March 12th, 2024.
Siemens Update #13 - Siemens published an update
for their SIPROTEC 5 Devices that was originally published on December 13th,
2022 and most recently updated on March 12th, 2024.
Siemens Update #14 - Siemens published an update
for their Palo Alto Networks Virtual NGFW advisory that was originally
published on April 9th, 2024.
Siemens Update #15 - Siemens published an update
for their GNU/Linux subsystem advisory that was originally published on
December 12, 2023 and most recently updated on April 9th, 2024.
Siemens Update #16 - Siemens published an update
for their SIPROTEC 5 Devices that was originally published on April 11th,
2023 and most recently updated on March 12th, 2024.
Siemens Update #17 - Siemens published an update
for their Solid Edge advisory that was originally published on March 12th,
2024.
Siemens Update #18 - Siemens published an update
for their Nozomi Guardian/CMC advisory that was originally published on
November 14th, 2023.
Siemens Update #19 - Siemens published an update
for their GNU/Linux subsystem advisory that was originally published on April 9th,
2024.
Siemens Update #20 - Siemens published an update
for their Network Communication Stack that was originally published on March 12th,
2024.
Siemens Update #21 - Siemens published an update
for their XPath Constraint advisory that was originally published on March 8th,
2022 and most recently updated on April 10th, 2022.
Siemens Update #22 - Siemens published an update for
their PROFINET Stack advisory that was originally published on April 12th, 2022
and most recently updated on July 11th, 2023.
Siemens Update #23 - Siemens published an update for their WIBU Systems CodeMeter advisory that was originally published on September 12th, 2023 and most recently updated on December 12th, 2023.
Researcher Reports
Sante Report - The Zero Day Initiative published a report
describing an SQL injection vulnerability in the Sante PACS Server PG.
For more information on these vulnerabilities, including
links to 3rd party advisories, researcher reports, and exploits, see my article
at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-226
- subscription required.
Posts
No comments:
Post a Comment