For Part 2, we have two additional vendor disclosures from Schneider. We also have 33 vendor updates from HPE (2), Schneider (12), Siemens (18), and VMware.
Advisories
Schneider Advisory #1 - Schneider published an
advisory that discusses an uncontrolled search path element vulnerability
in the Schneider EcoStruxure Machine SCADA Expert and BLUE Open Studio products.
Schneider Advisory #2 - Schneider published an advisory that describes a classic buffer overflow vulnerability in their Accutech Manager software.
Updates
HPE Update #1 - HPE published an
update for their Aruba Networking Access Points advisory that was
originally published on August 3rd, 2024.
HPE Update #2 - HPE published an
update for their ProLiant DL/ML/SY/XL Edgeline and Alletra Servers advisory
that was originally published on July 22nd, 2024.
Schneider Update #1 - Schneider published an
update for their Modicon Controllers advisory that was originally published
on July 9th, 2024.
Schneider Update #2 - Schneider published an
update for their EcoStruxure Control Expert advisory that was originally
published on February 13th, 2024 and most recently updated on July 9th,
2024.
Schneider Update #3 - Schneider published an
update for their EcoStruxure OPC UA Server Expert advisory that was
originally published on July 11th, 2023.
Schneider Update #4 - Schneider published an
update for their Modicon PLCs advisory that was originally published on
April 11th, 2023 and most recently updated on March 12th,
2024.
Schneider Update #5 - Schneider published an
update for their s EcoStruxure™ Control Expert advisory that was originally
published on January 10th, 2023 and most recently updated on August
8th, 2024.
Schneider Update #6 - Schneider published an
update for their Modicon PAC Controllers advisory that was originally
published on August 9th, 2022 and most recently updated on March 14th,
2023.
Schneider Update #7 - Schneider published an
update for their Modicon PAC Controllers advisory that was originally
published on August 9th, 2022 and most recently updated on March 14th,
2023.
Schneider Update #8 - Schneider published an
update for their EcoStruxureTM Control Expert advisory that was originally
published on August 9th, 2022 and most recently updated on March 14th,
2023.
Schneider Update #9 - Schneider published an
update for their BadAlloc Vulnerabilities advisory that was originally
published on November 9th, 2021 and most recently updated on March
12th, 2024.
Schneider Update #10 - Schneider published an
update for their Modicon PAC Controllers advisory that was originally
published on August 10th, 2021 and most recently updated on July 11th,
2023.
Schneider Update #11 - Schneider published an
update for their EcoStruxureTM Control Expert advisory that was originally
published on July 13th, 2021 and most recently updated on March 14th,
2023.
Schneider Update #12 - Schneider published an update for their Modicon Controllers advisory that was
originally published on September 26th, 2019 and most recently
updated on March 14th, 2023.
Schneider Update #13 - Schneider published an
update for their Embedded FTP Servers advisory that was originally
published on March 22, 2018.
Siemens Update #1 - Siemens published an update
for their User Management Component advisory that was originally published on
December 12th, 2023 and most recently updated on May 14th,
2024.
Siemens Update #2 - Siemens published an
update for their SIMATIC IPCs advisory that was originally published on
September 12th, 2023 and most recently updated on July 9th,
2024.
Siemens Update #3 - Siemens published an update
for their Omnivise T3000 advisory that was originally published on August 2nd,
2024.
Siemens Update #4 - Siemens published an update
for their Palo Alto Networks Virtual NGFW advisory that was originally
published on March 9th, 2024.
Siemens Update #5 - Siemens published an update
for their BadAlloc Vulnerabilities advisory that was originally published on March
11th, 2023.
Siemens Update #6 - Siemens published an update
for their X_T File Parsing Vulnerabilities advisory that was originally
published on June 11th, 2024.
Siemens Update #7 - Siemens published an update
for their SIPROTEC 5 Devices advisory that was originally published on July 9th,
2024.
Siemens Update #8 - Siemens published an update
for their Datalogics File Parsing Vulnerability advisory that was originally
published on July 9th, 2024.
Siemens Update #9 - Siemens published an update
for their Fortigate NGFW advisory that was originally published on July 9th,
2024.
Siemens Update #10 - Siemens published an update
for their TIA Project-Server advisory that was originally published on February
14th, 2023 and most recently updated on May 9th, 2023.
Siemens Update #11 - Siemens published an update
for their Industrial Products advisory that was originally published on February
14th, 2023 and most recently updated on July 9th, 2024.
Siemens Update #12 - Siemens published an update
for their WIBU Systems CodeMeter advisory that was originally published on
November 14th, 2023.
Siemens Update #13 - Siemens published an update
for their Parasolid and Teamcenter Visualization advisory that was originally
published on August 8th, 2023 and most recently updated on June 11th,
2024.
Siemens Update #14 - Siemens published an update
for their GNU/Linux subsystem advisory that was originally published on December
12th, 2023 and most recently updated on July 9th, 2024.
Siemens Update #15 - Siemens published an update
for their Palo Alto Networks advisory that was originally published on July 9th,
2024.
Siemens Update #16 - Siemens published an update
for their SCALANCE M-800 advisory that was originally published on December 12th,
2023.
Siemens Update #17 - Siemens published an update
for their TIA Portal advisory that was originally published on April 11th,
2023, and most recently updated on May 9th, 2023.
Siemens Update #18 - Siemens published an update
for their SCALANCE M-800 that was originally published on December 12th,
2023.
VMWare Update - Broadcom published an
update for their VMware ESXi and vCenter Server advisory that was
originally published on June 25th, 2024 and most recently updated on
July 24th, 2024.
For more information on these disclosures, including links
to 3rd party advisories and brief descriptions of updates, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-676 - subscription required.
Posts
No comments:
Post a Comment