This week we have 21 vendor advisories from Beckhoff (4), B&R, Dassault Systèmes (4), Elecom (2), Hitachi, Hitachi Energy, HP (2), Meinberg, Panasonic, TRUMPF (2), and Wireshark. There are also eight vendor updates from B&R, Dell, Elecom (5), and Moxa. Finally, we have five exploits for products from Aruba and Elber (4).
Advisories
Beckhoff Advisory #1 - CERT-VDE published an advisory that describes
a cross-site scripting vulnerability in the Beckhoff TwinCAT/BSD-based products.
Beckhoff Advisory #2 - CERT-VDE published an advisory that describes
an authentication bypass by alternate path or channel vulnerability in the
Beckhoff TwinCAT/BSD-based products.
Beckhoff Advisory #3 - CERT-VDE published an advisory that describes
a classic buffer overflow vulnerability in the Beckhoff TwinCAT/BSD-based
products.
Beckhoff Advisory #4 - CERT-VDE published an advisory that describes
an allocation of resources without limit or throttling vulnerability in the
Beckhoff TwinCAT/BSD-based products.
B&R Advisory - B&R published an
advisory that describes three vulnerabilities in their APROL condition monitoring software.
Dassault Systèmes Advisory #1 - Dassault Systèmes published an
advisory that describes a cross-site scripting vulnerability in their ENOVIA
Collaborative Industry Innovator.
Dassault Systèmes Advisory #2 - Dassault Systèmes published an
advisory that describes a cross-site scripting vulnerability in their 3DSwym
in 3DSwymer.
Dassault Systèmes Advisory #3 - Dassault Systèmes published an
advisory that describes a cross-site scripting vulnerability in their 3DDashboard
in 3DSwymer.
Dassault Systèmes Advisory #4 - Dassault Systèmes published an
advisory that describes a cross-site scripting vulnerability in their 3DDashboard
in 3DSwymer.
Elecom Advisory #1 - JP-CERT published an advisory that describes
four vulnerabilities in the Elecom wireless LAN routers and access points.
Elecom Advisory #2 - JP-CERT published an advisory that describes
three vulnerabilities in the Elecom wireless LAN routers.
Hitachi Advisory - Hitachi published an
advisory that describes an authentication bypass vulnerability in their Ops
Center Common Services product.
Hitachi Energy Advisory - Hitachi Energy published an
advisory that describes an SQL injection vulnerability in their MicroSCADA
X SYS600 product.
HP Advisory #1 - HP published an
advisory that discusses two vulnerabilities in their Z4, Z6, and Z8 workstations.
HP Advisory #2 - HP published an
advisory that discusses an incorrect default permissions vulnerability in
their notebook PC’s.
Meinberg Advisory - Meinberg published an
advisory that discusses three vulnerabilities (all with publicly available
exploits) in their LANTIME product.
Panasonic Advisory - JP-CERT published an advisory that describes
a stack-based buffer overflow vulnerability in the Panasonic Control FPWIN Pro7.
Trumpf Advisory #1 - CERT-VDE published an advisory that discusses
the regreSSHion vulnerability.
Trumpf Advisory #2 - CERT-VDE published an advisory that discusses
a use after free vulnerability (listed in the CISA Known Exploited
Vulnerability Catalog) in the Trumpf TruControl laser control software products.
Wireshark Advisory - Wireshark published an advisory that describes an out-of-bounds read vulnerability in their NTLMSSP dissector.
Updates
B&R Updates - B&R published an update for
their Automation Runtime advisory that was originally published on August 9th,
2024.
Dell Update - Dell published an update for their Dell
ThinOS advisory that was originally published on June 12th, 2024,
and most recently updated on July 19th, 2024.
Elecom Update #1 - JP-CERT published an update for their ELECOM
and LOGITEC network devices advisory that was originally published on August 10th,
2024.
Elecom Update #2 - JP-CERT published an update for their wireless
LAN routers advisory that was originally published on July 30th,
2024.
Elecom Update #3 - JP-CERT published an update for their wireless
LAN routers and wireless LAN repeater advisory that was originally published on
March 26th, 2024 and most recently updated on May 28th,
2024.
Elecom Update #4 - JP-CERT published an update for their wireless
LAN routers advisory that was originally published on March 26th,
2024 and most recently updated on May 28th, 2024.
Elecom Update #5 - JP-CERT published an update for their wireless
LAN routers advisory that was originally published on May 28th,
2024.
Moxa Update - Moxa published an update for their regreSSHion advisory that was originally published on August 2nd, 2024, and most recently updated on August 9th, 2024.
Exploits
Aruba Exploit - Hosein Vita published an exploit for a remote
code execution vulnerability in the Aruba 501 CN12G5W0XX wireless access point.
Elber Exploit #1 - LiquidWorm published an exploit for an
authentication bypass vulnerability in the Elber ESE DVB-S/S2 Satellite
Receiver.
Elber Exploit #2 - LiquidWorm published an exploit for a device
configuration vulnerability in the Elber ESE DVB-S/S2 Satellite Receiver.
Elber Exploit #3 - LiquidWorm published an exploit for an
authentication bypass vulnerability in the Elber Wayber Analog/Digital Audio.
Elber Exploit #4 - LiquidWorm published an exploit for a device
configuration vulnerability in the Elber Wayber Analog/Digital Audio.
For more information about these disclosures, including
links to 3rd party advisories, researcher reports, and exploits, as well as a
brief summary of changes made in updates, see my article at CFSN Detailed Analysis
- https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-631
- subscription required.
Posts
No comments:
Post a Comment