This week we have two CrowdStrike outage advisories. We also
have 18 other vendor advisories for products from Broadcom, Draeger, Hitachi, HPE
(4), Meinberg, National Instruments (7), WithSecure (2), and Zyxel. We have three
vendor updates from Cisco (2) and HP. There is also a researcher report for
vulnerabilities in products from Perkin Elmer. Finally, we have an exploit for
products from Softing.
CrowdStrike Outage
GE Vernova published an
advisory that discussed the impact on some of their Monitoring &
Diagnostics products.
Philips published an advisory
that provides a list of potentially affected products.
Advisories
Broadcom Advisory - Broadcom published an
advisory that discusses ten vulnerabilities in the Azul Zulu component of
their Brocade SANnav product.
Draeger Advisory - Draeger published an
advisory that discusses a deserialization of untrusted data vulnerability
(listed in the CISA Known Exploited Vulnerability Catalog).
Hitachi Advisory - Hitachi published an
advisory that discusses 27 vulnerabilities in their Disk Array Systems.
HPE Advisory #1 - HPE published an
advisory that describes three vulnerabilities in their Aruba EdgeConnect
SD-WAN Orchestrator.
HPE Advisory #2 - HPE published an
advisory that discusses 21 vulnerabilities (6 with known exploits) in their
Unified OSS Console Assurance Monitoring (UOCAM) product.
HPE Advisory #3 - HPE published an
advisory that discusses seven vulnerabilities (one with known exploit) in
their Aruba EdgeConnect SD-WAN Gateways.
HPE Advisory #4 - HPE published an
advisory that discusses an out-of-bounds write vulnerability in their ProLiant
DL/ML/SY/XL and Alletra Servers.
Meinberg Advisory - Meinberg published an
advisory that discusses ten vulnerabilities (2 with known exploits) in
their Lantime product.
National Instruments Advisory #1 - National
Instruments published an
advisory that describes two missing authorization vulnerabilities in their VeriStand
Gateway product.
National Instruments Advisory #2 - National
Instruments published an
advisory that describes two deserialization of untrusted data
vulnerabilities in their VeriStand product.
National Instruments Advisory #3 - National
Instruments published an
advisory that describes a path traversal vulnerability in their VeriStand
product.
National Instruments Advisory #4 - National
Instruments published an
advisory that describes a deserialization of untrusted data vulnerability
in their VeriStand Project File product.
National Instruments Advisory #5 - National
Instruments published an
advisory that describes an integer overflow or wraparound vulnerability in
their TDMS Files in LabVIEW.
National Instruments Advisory #6 - National
Instruments published an
advisory that describes an incorrect default permissions vulnerability in
their SystemLink Redis Service.
National Instruments Advisory #7 - National
Instruments published an
advisory that describes an out-of-date component with multiple
vulnerabilities vulnerability in their SystemLink Server.
WithSecure Advisory #1 - WithSecure published an
advisory that describes a denial of service vulnerability in their WithSecure
Mac antivirus software.
WithSecure Advisory #2 - WithSecure published an
advisory that describes a privilege escalation vulnerability in their WithSecure
Mac Products.
Zyxel Advisory - Zyxel published an
advisory that describes an improper privilege management vulnerability in
their Zyxel AP products.
Updates
Cisco Update #1 - Cisco published an
update for their Blast-Radius
advisory that was originally published on July 10th, and most
recently updated on July 19th, 2024.
Cisco Update #2 - Cisco published an
update for their regreSSHion
advisory that was originally published on July 2nd, 2024, and most
recently updated on July 19th, 2024.
HP Update - HP published an
update for their Display Control Software advisory that was originally
published on July 15th, 2024.
Researcher Reports
Perkin Elmer Report - Cyber Danube published a
report that describes three vulnerabilities in the Perkin Elmer ProcessPlus
measurement software.
Exploits
Softing Exploit - Mr me published a Metasploit module
for two vulnerabilities in the Softing Secure Integration Server.
For more information on these disclosures, including links
to 3rd party advisories, researcher reports and exploits, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-d58
- subscription required.