This week we have 16 vendor disclosures from CIRCUTOR, Dell, Dassault Systems (2), GE Vernova, Hitachi, HP (2), Moxa, Philips (3), SEL, Softing, Supermicro, and VMware. There are also two updates from HPE and Moxa. Finally, we also have six researcher reports for products from OpenPLC (3), Riello, and Supermicro (2).
Advisories
CIRCUTOR Advisory - Incibe-CERT published an
advisory that describes six vulnerabilities in the CIRCUTOR Q-SMT and
TCP2RS+ substation equipment.
Dell Advisory - Dell published an
advisory that discusses seven vulnerabilities (three with publicly
available exploits) in their ThinOS products.
Dassault Systems Advisory #1 - Dassault Systems
published an
advisory that describes a cross-site scripting vulnerability in their 3DEXPERIENCE
product.
Dassault Systems Advisory #2 - Dassault Systems
published an
advisory that describes a cross-site scripting vulnerability in their 3DEXPERIENCE
product.
GE Vernova Advisory - GE Vernova published an
advisory that describes six vulnerabilities in their ControlST platform.
HPE Advisory #1 - HPE published an
advisory that discusses five vulnerabilities in their StoreEasy Servers.
HPE Advisory #2 - HPE published an
advisory that describes three vulnerabilities in their Aruba Networking
Controller and Gateway-Based AOS.
Moxa Advisory - Moxa published an
advisory that describes three vulnerabilities in their MXview One and
MXview One Central Manager Series.
Philips Advisory #1 - Philips published an advisory
that discusses the recent
Fortinet breach.
Philips Advisory #2 - Philips published an advisory
that discusses the recent VMware
vulnerabilities.
Philips Advisory #3 - Philips published an advisory
that discusses the recent Windows Update
Downgrade Attack Advisory.
SEL Advisory - SEL published a version
update notice for their SEL-5032 acSELerator Architect Software.
Softing Advisory - Softing published an
advisory that describes a missing release of memory vulnerability in their uaToolkit
Embedded and smartLink products.
Supermicro Advisory - Supermicro published an advisory
that discusses two vulnerabilities in their Denverton platform.
VMware Advisory - VMware published an advisory that describes two vulnerabilities in their vCenter Server.
Updates
HPE Update - HPE published an
update for their HPE ProLiant DL/ML/XL, Synergy, and Edgeline Servers
advisory that was originally published on September 16th, 2024.
Moxa Update - Moxa published an update for their regreSSHion vulnerability advisory that was originally published on August 2nd, 2024 and most recently updated on September 10th, 2024.
Researcher Reports
OpenPLC Report #1 - Talos published a
report that describes a stack-based buffer overflow vulnerability in the
OpenPLC OpenPLC _v3.
OpenPLC Report #2 - Talos published a
report that describes two out-of-bounds read vulnerabilities in the OpenPLC
OpenPLC _v3.
OpenPLC Report #3 - Talos published a
report that describes two incorrect type or cast vulnerabilities in the
OpenPLC OpenPLC _v3.
Riello Report - CyberDanube published a
report describing two vulnerabilities in the Riello Netman 204 network communications
card.
Supermicro Report #1 - Binarly published a report that
describes a use of hard-coded credentials vulnerability in the Supermicro BMC
Firmware.
Supermicro Report #2 - Binarly published a report that
describes an insecure RSA signing key used in multiple Supermicro servers.
For more details about these disclosures, including links to
3rd party advisories, researcher reports, and exploits, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-ed6
- subscription required.
Posts
No comments:
Post a Comment