This week we have 13 vendor disclosures from Cisco, Hitachi (2), HPE (3), Moxa, Palo Alto Networks (2), QNAP, SEL, Sick, and WatchGuard. We have a vendor update from FortiGuard. Finally, we have 11 researcher reports for vulnerabilities in products from ABB and Delta Electronics (10).
Advisories
Cisco Advisory - Cisco published an
advisory that describes a command injection vulnerability in their Unified
Industrial Wireless Software.
Hitachi Advisory #1 - Hitachi published an
advisory that discusses four vulnerabilities in multiple Hitachi products.
Hitachi Advisory #2 - Hitachi published an
advisory that discusses four vulnerabilities in their Cosminexus
Developer's Kit for Java and Hitachi Developer's Kit products.
HPE Advisory #1 - HPE published an
advisory that discusses the regreSSHion vulnerability.
HPE provides a list of Cray products affected by the vulnerability.
HPE Advisory #2 - HPE published an
advisory that discusses seven vulnerabilities (one with publicly available
exploit) in their Unified OSS Console Assurance Monitoring (UOCAM) Software.
HPE Advisory #3 - HPE published an
advisory that describes six vulnerabilities in their Aruba Networking
Access Points.
Moxa Advisory - Moxa published an
advisory that describes three vulnerabilities in their EDS-P510 Series
products.
Palo Alto Networks Advisory #1 - Palo Alto Networks
published an advisory that discusses 77 vulnerabilities in their Cortex XDR
agent product.
Palo Alto Networks Advisory #2 - Palo Alto Networks
published an
advisory that discusses a claim of a remote code execution vulnerability
via the PAN-OS management interface.
QNAP Advisory - QNAP published an advisory
that describes an unidentified vulnerability in their QuRouter.
SEL Advisory - SEL published a new
version notice for their Blueframe OS that reports that the latest version
resolves two cybersecurity issues.
Sick Advisory - Sick published an
advisory that discusses 10 vulnerabilities in their CDE-100 product. These
are third-party vulnerabilities.
WatchGuard Advisory - WatchGuard published an advisory that describes an improper privilege management vulnerability in their Endpoint Protection product family.
Updates
FortiGuard Update - FortiGuard published an update for their FortiManager fgfmd daemon advisory that was originally published on October 23rd, 2024, and most recently updated on November 5th, 2024.
Researcher Reports
ABB Report - Zero Science published a report
of an off-by-one error vulnerability (with publicly available exploit) in the
ABB Cylon Aspect building energy management product.
Delta Reports - Zero Day Initiative published 10
reports describing vulnerabilities in the Delta DIAScreen, a component of the DIAStudio
Smart Machine Suite.
For more information on these disclosures, including links
to 3rd party advisories, researcher reports and exploits, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-062
- subscription required.
No comments:
Post a Comment