This week we have 41 vendor disclosures from Axis (5), B&R, Dell, Dassault Systems, ELECOM, Fuji Electric, GE Vernova (19), Hitachi Energy, HPE, Mitsubishi, Palo Alto Networks, PEPPERL+FUCHS, Splunk (2), SMA Solar Technology, VMware, and Zyxel. There are also five vendor updates from ELECOM (4) and FortiGuard. We also have 21 researcher reports of vulnerabilities in products from ABB (4) and Fuji (17).
Advisories
Axis Advisory #1 - Axis published an
advisory that describes an improper validation of syntactic correctness of
input vulnerability in their AxisOS product.
Axis Advisory #2 - Axis published an
advisory that describes an improper validation of syntactic correctness of
input vulnerability in their AxisOS product.
Axis Advisory #3 - Axis published an
advisory that describes an incorrect default permissions vulnerability in
their Camera Station products.
Axis Advisory #4 - Axis published an
advisory that describes an insufficiently protected credentials
vulnerability in the Camera Station products.
Axis Advisory #5 - Axis published an
advisory that describes a client-side enforcement of server-side security
vulnerability in their Camera Station products.
B&R Advisory - B&R published an
advisory that describes an authentication bypass using an alternate path or
channel vulnerability in multiple mapp products.
Dell Advisory - Dell published an
advisory that describes four vulnerabilities in their Wyse Management Suite.
The first vulnerability is a third-party (MongoDB) issue.
Dassault Systems Advisory - Dassault Systems
published an
advisory that discusses a deserialization of untrusted data vulnerability
(with publicly available exploit) in their Iterop product.
ELECOM Advisory - JP-CERT published an advisory that describes
four vulnerabilities in multiple ELECOM wireless LANs.
Fuji Advisory - JP-CERT published an advisory that describes three
vulnerabilities in the Fuji V-SFT, TELLUS, and V-Server products.
GE Vernova Advisories - GE Vernova (formerly Grid
Solutions) published
19 advisories.
Hitachi Energy Advisory - Hitachi Energy published an
advisory that discusses four vulnerabilities in their NSD570 Teleprotection
Equipment.
HPE Advisory - HPE published an
advisory that describes an unauthorized data modification vulnerability in
their IceWall Products.
Mitsubishi Advisory - Mitsubishi published an
advisory that describes three vulnerabilities in their GENESIS64TM and MC
Works64 products.
Palo Alto Networks Advisory - Palo Alto Networks published
an advisory
that describes an improper certificate validation vulnerability (with publicly
available exploit) in their GlobalProtect App.
PEPPERL+FUCHS Advisory - CERT-VDE published an advisory that discusses
the PKFAIL
vulnerability in multiple products from PEPPERL+FUCHS.
Splunk Advisory #1 - Splunk published an advisory
that discusses three vulnerabilities (one with publicly available exploit) in
their Splunk Machine Learning Toolkit.
Splunk Advisory #2 - Splunk published an advisory
that discusses an exposure of sensitive information to an unauthorized actor
vulnerability in their Python for Scientific Computing product.
SMA Solar Advisory - CERT-VDE published an advisory that describes
an SQL injection vulnerability in SMA Sunny Central products.
VMware Advisory - Broadcom published an
advisory that describes five vulnerabilities in the VMware Aria Operations
product.
Zyxel Advisory - Zyxel published an advisory that discusses recent attempts to exploit a previously fixed directory traversal vulnerability in their ZLD firewall.
Updates
ELECOM Update #1 - JP-CERT published an update for the ELECOM
wireless LAN router advisory that was originally published on May 28th,
2024, and most recently updated on August 27th, 2024.
ELECOM Update #2 - JP-CERT published an update for the
ELECOM wireless LAN router advisory that was originally published on March 26th,
2024, and most recently updated on August 27th, 2024.
ELECOM Update #3 - JP-CERT published an update for the ELECOM
wireless LAN router advisory that was originally published on August, 27th,
2024, and most recently updated on September 9th, 2024.
ELECOM Update #4 - JP-CERT published an update for the ELECOM
wireless LAN router advisory that was originally published on March 26th,
2024, and most recently updated on August 27th, 2024.
FortiGuard Update - FortiGuard published an update for their missing authentication in fgfmsd advisory that was originally published on October 23rd, 2024, and most recently updated on November 15th, 2024.
Researcher Reports
ABB Reports - Zero Science published four reports
of vulnerabilities in the ABB Cylon Aspect building energy management product.
Fuji Reports - The Zero Day Initiative published 17
reports of vulnerabilities in the Fuji Monitouch V-SFT.
For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-95e - subscription required.
Posts
No comments:
Post a Comment