For Part 3 we have 53 researcher reports for products from Cinterion, Deep Sea Electronics (6), Delta Electronics (41), Luxion (2), Advantech, Schneider, and ZKTeco. We have one exploit for products from Zyxel. Finally, I would like to briefly mention a journal article: “On the cybersecurity of smart structures under wind”.
Researcher Reports
Advantech Report - The Zero Day Initiative published a report
that describes a disclosure of sensitive information vulnerability in the
Advantech iView network management tool.
Cinterion Report - Kaspersky Labs published a
report that describes seven vulnerabilities in multiple Cinterion modems.
Deep Sea Electronics Report - ZDI published
six reports describing vulnerabilities in the Deep Sea Electonics DSE855 USB to
Ethernet Communications Device.
Delta Electronics Reports - ZDI published 43
reports (ZDI-24-620 through ZDI-24-663) about vulnerabilities in the Delta
Electronics CNCSoft-G2.
Luxion Reports - ZDI published
two reports about vulnerabilities in the Luxion KeyShot product.
Schneider Report - ZDI published a report
describing an exposed dangerous method vulnerability in the Schneider APC Easy
UPS Online application.
ZKTeco Report - Kaspersky published a report describing six vulnerabilities in products from ZKTeco.
Exploits
Zyxel Exploit - UB3RSICK published a Metasploit module for an OS command injection vulnerability (that is listed in CISA’s Known Exploited Vulnerability Catalog) in Zyxel’s firewall products.
Articles
Structural Cybersecurity – This week Miguel Cid
Montoya (et al) published an
article in the Journal of Wind Engineering and Industrial Aerodynamics: “On
the cybersecurity of smart structures under wind”.
For more information on these disclosures, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-a4f
- subscription required.
Posts
No comments:
Post a Comment