This week we have vendor disclosures from Belden, Bosch, Dassault Systèmes (2), Helmholtz (2), Hikvision, HP (3), HPE (3), MB Connect (2), Meinberg, Moxa, Philips (2), and Sick.
Advisories
Belden Advisory - Belden published an
advisory that describes a heap overflow vulnerability (with publicly
available exploit) in their Hirschman HilCOS product line.
Bosch Advisory - Bosch published an
advisory that describes an unrestricted resource consumption vulnerability
in their VMS Central Server.
Dassault Systèmes Advisory #1 – Dassault Systèmes
published an
advisory that describes an authorization bypass through user-controlled keys
vulnerability in their 3DSwymer.
Dassault Systèmes Advisory #2 – Dassault Systèmes published
an advisory that describes
a cross-site scripting vulnerability in their ENOVIA product.
Helmholtz Advisory #1 - CERT-VDE published an advisory that describes
two vulnerabilities in multiple Helmholtz products.
Helmholtz Advisory #2 - CERT-VDE published an advisory that
describes five vulnerabilities in the Helmholtz REX100 industrial router.
Hikvision Advisory - Hikvision published an
advisory that describes three vulnerabilities in their HikCentral product
series.
HP Advisory #1 - HP published an
advisory that describes a missing authentication for critical function
vulnerability in their DesignJet products.
HP Advisory #2 - HP published an
advisory that discusses an incorrect behavior order vulnerability in their SMI
Transfer Monitor.
HP Advisory #3 - HP published an
advisory that discusses 12 vulnerabilities in multiple HP products.
HPE Advisory #1 - HPE published an
advisory that discusses a code injection vulnerability in their Cray and
ProLiant XL Servers.
HPE Advisory #2 - HPE published an
advisory that discusses an incomplete filtering of special elements
vulnerability in their ProLiant DX Servers.
HPE Advisory #3 - HPE published an
advisory that discusses an insufficient control flow management
vulnerability in their ProLiant DX Servers.
MB Connect Advisory #1 - CERT-VDE published an advisory that describes
two vulnerabilities in multiple MB Connect products.
MB Connect Advisory #2 - CERT-VDE published an advisory that
describes five vulnerabilities in the mbNET.mini product.
Meinberg Advisory - Meinberg published an
advisory that discusses five vulnerabilities in their LANTIME product.
Moxa Advisory - Moxa published an
advisory that describes two vulnerabilities in their MXsecurity Series
products.
Philips Advisory #1 - Philips published an
advisory that discusses two recent MS Windows vulnerabilities (CVE-2024-43572
and CVE-2024-43573)
listed on CISA’s Known Exploited Vulnerabilities catalog.
Philips Advisory #2 - Philips published an
advisory that discusses two recent Cisco vulnerabilities (CVE-2024-20393
and CVE-2024-20470).
Sick Advisory - Sick published an
advisory that describes a use of hard-coded credentials vulnerability in multiple
Sick products.
For more information about these disclosures, including
links to 3rd party advisories, researcher reports, and exploits, see my article
at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-4a8
- subscription required.
Posts
No comments:
Post a Comment