This week we have 13 vendor disclosures from Dassault Systèmes (4), FortiGuard Labs, GE Vernova (3), Hitachi (3), HPE (2), Meinberg, and Western Digital. We have 11 vendor updates from FortiGuard, Hitachi Energy (8), and Palo Alto Networks. There are also five researcher reports describing vulnerabilities in products from ABB, Delta Electronics (3), and Rockwell Automation. Finally, we have an exploit report for products from FLIR.
Advisories
Dassault Advisory #1 - Dassault published an
advisory that describes a cross-site scripting vulnerability in their ENOVIA
Collaborative Industry Innovator.
Dassault Advisory #2 - Dassault published an
advisory that describes a cross-site scripting vulnerability in their ENOVIA
Collaborative Industry Innovator.
Dassault Advisory #3 - Dassault published an
advisory that describes a cross-site scripting vulnerability in their ENOVIA
Collaborative Industry Innovator.
Dassault Advisory #4 - Dassault published an
advisory that describes a cross-site scripting vulnerability in their ENOVIA
Collaborative Industry Innovator.
FortiGuard Advisory - FortiGuard published an advisory that describes
an OS command injection vulnerability in their FortiManager product.
GE Vernova Advisory #1 - GE published an
advisory that discusses two vulnerabilities (both listed in CISA’s Known
Exploited Vulnerability catalog) in their Control Server installations
utilizing VMware vCenter Server.
GE Vernova Advisory #2 - GE published an
advisory that discusses two vulnerabilities (both listed in CISA’s KEV catalog)
in their engineering workstations with
Veeam Backup & Replication 9.5, 10, or 11 installed.
GE Vernova Advisory #3 - GE published an
advisory that discusses six vulnerabilities (one with publicly available
exploit) in their e UCSE, UCSC, and UCSB controllers utilized in the Mark* VIe
Platform.
Hitachi Advisory #1 - Hitachi published an advisory
that discusses 19 vulnerabilities in their Ops Center Common Services.
Hitachi Advisory #2 - Hitachi published an
advisory that describes a missing authentication for critical function
vulnerability in their Infrastructure Analytics Advisor and Ops Center Analyzer
products.
Hitachi Advisory #3 - Hitachi published an
advisory that discusses 56 vulnerabilities in multiple Hitachi products.
HPE Advisory #1 - HPE published an
advisory that discusses an improper authentication vulnerability in their SANnav
Management Portal.
HPE Advisory #2 - HPE published an
advisory that describes an exposure of sensitive information to
unauthorized actor vulnerability in their Alletra MP OS.
Meinberg Advisory - Meinberg published an
advisory that discusses four vulnerabilities (one with publicly available exploit)
in their Lantime product.
Western Digital Advisory - Western Digital published an advisory that discusses three vulnerabilities in their My Cloud Home & Duo products.
Updates
FortiGuard Update - FortiGuard published an update for their regreSSHion
advisory that was originally published on July 9th, 2024, and most
recently updated on December 4th, 2024.
Hitachi Energy Update #1 - Hitachi Energy published an
update for their Modbus TCP Packet advisory that was originally published
on April 19th, 2022, and most recently updated on September 24th,
2024.
Hitachi Energy Update #2 - Hitachi Energy published an
update for their RTU500 Series Product advisory that was originally
published on March 25th, 2023, and most recently updated on October
1st, 2024.
Hitachi Energy Update #3 - Hitachi Energy published an
update for their RTU500 series products advisory that was originally
published on December 19th, 2023, and most recently updated on
September 24th, 2024.
Hitachi Energy Update #4 - Hitachi Energy published an
update for their RTU500 series Product advisory that was originally
published on March 26th, 2024, and most recently updated on October
1st, 2024.
Hitachi Energy Update #5 - Hitachi Energy published an
update for their RTU500 series Product advisory that was originally
published on April 25th, 2024, and most recently updated on October
1st, 2024.
Hitachi Energy Update #6 - Hitachi Energy published an
update for their RTU500 series Product that was originally published on
June 28th, 2022, and most recently updated on September 24th,
2024.
Hitachi Energy Update #7 - Hitachi Energy published an
update for their RTU500 series Product that was originally published on
November 28th, 2023, and most recently updated on October 1st,
2024.
Hitachi Energy Update #8 - Hitachi Energy published an
update for their RTU500 series Product that was originally published on
February 14th, 2023, and most recently updated on October 1st,
2024.
Palo Alto Networks Update - Palo Alto Networks published an update for their GlobalProtect App advisory that was originally published on November 25th, 2024, and most recently updated on December 13th, 2024.
Researcher Reports
ABB Report - Zero Science published a report
that describes an authentication bypass vulnerability (with a publicly
available exploit) in the ABB Cylon Aspect building energy management product.
Delta Reports - The Zero Day Initiative published three
reports for vulnerabilities in the Delta Electronics DRASimuCAD.
Rockwell Report - ZDI published a report that describes an out-of-bounds write vulnerability in the Rockwell Arena Simulation product.
Exploit
FLIR Exploit - YZS17 published an
exploit for a command injection vulnerability in the FLIR AX8 thermal
imaging camera.
For more information about these notifications, to include
links to 3rd party advisories, researcher reports, and exploits, see my article
at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-3dd -
subscription required.
Posts
No comments:
Post a Comment