This week we have nine vendor disclosures from ABB (2), Checkpoint, HPE (3), IFM, WatchGuard, and Zyxel. There are also eleven updates from Broadcom (2), CODESYS (2), and HPE (7). Finally, we have three researcher reports of vulnerabilities in products from FortiGuard, and Luxion (2).
Advisories
ABB Advisory #1 - ABB published an
advisory that describes a cross-site scripting vulnerability in their WebPro
SNMP card.
ABB Advisory #2 - ABB published an advisory that describes
two vulnerabilities in their KNX Secure Devices.
Checkpoint Advisory - Checkpoint published an advisory that describes
an exposure of sensitive information to an unauthorized actor vulnerability
that is listed on the CISA Known Exploited Vulnerability (KEV) catalog.
HPE Advisory #1 - HPE published an
advisory that describes an authentication bypass vulnerability in their Cray
Parallel Application Launch Service (PALS).
HPE Advisory #2 - HPE published an
advisory that discusses two improper input validation vulnerabilities in
their StoreEasy Servers.
HPE Advisory #3 - HPE published an
advisory that discusses two improper input validation vulnerabilities in
their ProLiant DL/ML/Edgeline/Synergy and Alletra Servers.
IFM Advisory - CERT-VDE published an advisory that describes
a weak password recovery mechanism for forgotten password vulnerability in the
IFM moneo software.
SEL Advisory - SEL announced
that the latest versions of their SEL-5030 acSELerator QuickSet Software
contains security enhancements.
WatchGuard Advisory - WatchGuard published an
advisory that discusses the TunnelVision
vulnerability.
Zyxel Advisory - Zyxel published an advisory that describes five vulnerabilities in their NAS products.
Updates
Broadcom Update #1 - Broadcom published an
update for their Incident Response Team Contact Information advisory that
was originally published on February 7th, 2023.
Broadcom Update #2 - Broadcom published an
update for their Brocade Fabric OS advisory that was originally published
on April 4th, 2024, and most recently updated on May 5th,
2024.
CODESYS Update #1 - CODESYS published an
update for their OPC UA Stack advisory that was originally published on May
22nd, 2024.
CODESYS Update #2 - CODESYS published an
update for their Gateway for Windows advisory that was originally published
on May 22nd, 2024.
HPE Update #1 - HPE published an
update for their Aruba ArubaOS advisory that was originally published on
April 30th, 2024 and most recently updated on May 21st,
2024.
HPE Update #2 - HPE published an
update for their Aruba Networking ClearPass Policy Manager advisory that
was originally published on February 27th, 2024.
HPE Update #3 - HPE published an
update for their Aruba Access Points advisory that was originally published
on May 14th, 2024.
HPE Update #4 - HPE published an
update for their Aruba ArubaOS advisory that was originally published on March
5th, 2024.
HPE Update #5 - HPE published an
update for their ArubaOS-CX Switches advisory that was originally published
on May 8th, 2024 and most recently updated on May 28th,
2024.
HPE Update #6 - HPE published an
update for their ArubaOS-Switch Switches advisory that was originally
published on March 26th, 2024.
HPE Update #7 - HPE published an update for their ProLiant DL/DX/ML/SY/RL/XL/Edgeline Servers advisory that was originally published on April 2nd, 2024 and most recently updated on May 14th, 2024.
Researcher Reports
FortiGuard Report - Horizion3 published a
report discusses the SQL injection vulnerability (listed in the CISA KEV
catalog) in the FortiClient EMS v7.2.X products.
Luxion Reports - The Zero Day Initiative published two reports discussing vulnerabilities
in the Luxion KeyShot product.
For more information on these disclosures, including links to
third-party advisories, researcher reports, and exploits, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-8cc
- subscription required.
Posts
No comments:
Post a Comment