This week for Part 1 we have 17 vendor disclosures from Broadcom, HP, Meinberg, Moxa, QNAP (10), Rockwell Automation, Sick, and Supermicro.
Advisories
Broadcom Advisory -
Broadcom published an
advisory that discusses a use after free vulnerability (with publicly
available exploit) in their Brocade SANnav, Brocade Support Link, and Brocade
Switches.
HP Advisory - HP
published an
advisory that discusses 233 vulnerabilities in their ThinPro products.
Meinberg Advisory - Meinberg published an advisory that discusses 13 vulnerabilities
(4 with publicly available exploits) in their LANTIME product.
Moxa Advisory - Moxa
published an
advisory that describes a reliance on security through obscurity
vulnerability in their PT Switches.
QNAP Advisory #1 - QNAP published an advisory
that describes a TOCTOU race condition vulnerability in multiple QNAP products.
QNAP Advisory #2 - QNAP published an advisory
that describes a server-side request forgery vulnerability in multiple QNAP
products.
QNAP Advisory #3 - QNAP published an advisory
that describes an out-of-bounds write vulnerability in their QTS and QuTS hero
products.
QNAP Advisory #4 - QNAP published an advisory
that describes six vulnerabilities in QTS and QuTS hero products.
QNAP Advisory #5 - QNAP published an advisory
that describes a files or directories accessible to external parties vulnerability
in their File Station 5 product.
QNAP Advisory #6 - QNAP published an advisory
that describes an OS command injection vulnerability in their QuRouter product.
QNAP Advisory #7 - QNAP published an advisory
that describes an exposure of sensitive information to an unauthorized actor
vulnerability in Legacy QTS and QuTS hero products.
QNAP Advisory #8 - QNAP published an advisory
that describes an improper certificate validation vulnerability in their Helpdesk
product.
QNAP Advisory #9 - QNAP published an advisory
that describes a classic buffer overflow vulnerability in their HBS 3 Hybrid
Backup Sync product.
QNAP Advisory #10 - QNAP published an advisory
that describes an OS command injection vulnerability in their QuRouter product.
Rockwell Advisory - Rockwell published an
advisory that discusses three vulnerabilities (all listed in CISA’s Known Exploited
Vulnerabilities catalog) in multiple Rockwell products used with VMware.
Sick Advisory - Sick
published an
advisor that discusses 16 vulnerabilities in multiple Sick products.
Supermicro Advisory -
Supermicro published an advisory
that discusses an improper signature verification vulnerability in multiple Supermicro
products.
For more information on these disclosures, including links
to 3rd party advisories, researcher reports, and exploits, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-40b
- subscription required.
Posts
No comments:
Post a Comment