This week we have three vendor disclosures on the regreSSHion vulnerability from Bosch, Broadcom, HMS We have 14 additional vendor disclosures from ABB, Dell, Fujitsu, Hitachi, HP (4), HPE (3), Rockwell (2), and Wireshark. There are also five vendor updates from BD and HPE (4). Finally, we have four researcher reports about vulnerabilities in products from Asus, Synology, and Unitronics (2).
RegreSSHion Advisories
Bosch published an advisory
that lists affected products and fixed versions.
Broadcom published an
advisory that lists the products that are not affected.
HMS published an advisory that lists the affected products and announces that fixes have been applied.
Advisories
ABB Advisory - ABB published an
advisory that describes an unquoted search path or element vulnerability in
their Mint Workbench product.
Dell Advisory - Dell published an
advisory that lists a large number (nope, I am not counting them all) of 3rd
party vulnerabilities in their ThinOS product.
Fujitsu Advisory - JP-CERT published an advisory that describes
a path traversal vulnerability in the Fujitsu Network Edgiot GW1500 product.
Hitachi Advisory - Hitachi published an
advisory that discusses 42 vulnerabilities in their Disc Array Systems
products.
HP Advisory #1 - HP published an
advisory that describes a buffer overflow vulnerability in multiple desk
top computers.
HP Advisory #2 - HP published an
advisory that describes two privilege escalation vulnerabilities in their display
control software.
NOTE: The HP Security Bulletins
page lists two additional advisories (here
and here),
but neither page currently opens.
HPE Advisory #1 - HPE published an
advisory that describes a remote bypass of a security restriction
vulnerability in their 3PAR Service Processor Software.
HPE Advisory #2 - HPE published an
advisory that discusses 17 vulnerabilities (one with known exploits) in
their Unified OSS Console Assurance Monitoring (UOCAM) product.
HPE Advisory #3 - HPE published an
advisory that discusses two vulnerabilities in their ProLiant DL/ML/XL,
Synergy, Edgeline and Alletra Servers.
Rockwell Advisory #1 - Rockwell published an
advisory that describes an improper input validation vulnerability in their
SequenceManager Server.
Advisory #2 - Rockwell published an
advisory that describes an improper input validation vulnerability in their
5015 – AENFTXT product.
Wireshark Advisory - Wireshark published an advisory that describes a packet injection vulnerability in their SPRT dissector product.
Updates
BD Update - BD published an
update for their Third-Party ESET advisory that was originally published on
March 29th, 2024.
HPE Update #1 - HPE published an
update for their Intel Thunderbolt Driver advisory that was originally
published on May 14th, 2024 and most recently updated on June 17th,
2024.
HPE Update #2 - HPE published an
update for their Intel PROSet/Wireless WiFi and Bluetooth advisory that was
originally published on May 14th, 2024 and most recently updated on
June 17th, 2024.
HPE Update #3 - HPE published an
update for their Intel Chipset Device Software advisory that was originally
published on June 28th, 2024.
HPE Update #4 - HPE published an update for their Intel 2024.1 IPU - Chipset Software advisory that was originally published on March 13th, 2024 and most recently updated on April 10th, 2024.
Researcher Reports
Asus Report - BugProve published a
report describing a stack-based buffer overflow vulnerability in the Asus RT-AC87U
router.
Synology Report - Claroty published a
report that describes a classic buffer overflow vulnerability in the
Synology BC 500 IP camera.
Unitronics Reports - Claroty published two reports
about individual vulnerabilities in the Unitronics Vision Plc.
For more information about these disclosures, including
links to 3rd party advisories and exploits, see my article at CFSN Detailed
Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-3e2
- subscription required.
Posts
No comments:
Post a Comment