This week we have three vendor disclosures from HPE and Moxa (2). There are two vendor updates from Moxa and Palo Alto Networks. We have six researcher reports of vulnerabilities in products from ABB (5) and Four-Faith. Finally, we have an exploit for a vulnerability in products from Palo Alto Networks.
Advisories
HPE Advisory - HPE published an advisory that discusses
seven vulnerabilities (three with publicly available exploits) in their OSS
Console (UOC) and Unified OSS Console Assurance Monitoring (UOCAM) products.
Moxa Advisory #1 - Moxa published an
advisory that describes two vulnerabilities in multiple Moxa products.
Moxa Advisory #2 - Moxa published an advisory that describes a cryptographic algorithm security enhancement in their TN-G4500 Series products.
Updates
Moxa Update - Moxa published an
update for their VPort 07-3 Series advisory that was originally published
on December 4th, 2024.
Palo Alto Networks Update - Palo Alto Networks published an update for their Firewall Denial of Service advisory that was originally published on December 26th, 2024.
Research Reports
ABB Reports - Zero Science published five reports
about vulnerabilities (all with publicly available exploits) in the ABB Cylon
Aspect.
Flour-Faith Report - VulnCheck published a report that describes an OS command injection (which has been exploited in the wild) vulnerability in the Four-Faith industrial routers.
Exploits
Palo Alto Networks Exploit - WatchTowr published a Metasploit module for two
vulnerabilities in the Palo Alto Networks PAN-OS management web interface.
For more information on these disclosures, including links
to 3rd party vulnerabilities and exploits, see my article at CFSN Detailed Analysis
- https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-a07
- subscription required.
Posts
No comments:
Post a Comment