This week we have 26 vendor disclosures from ABB, FortiGuard (9) HP (3), HPE (5), KeyShot, Palo Alto Networks (6), and Schneider. More in Part 2, but no Part 3 this month.
Advisories
ABB Advisory - ABB published an
advisory that discusses a prototype pollution vulnerability (with publicly
available exploit) in their RMC-100 with REST interface.
FortiGuard Advisory #1 - FortiGuard published an advisory that describes an SQL injection vulnerability in their
FortiAnalyzer, FortiManager, and FortiAnalyzer-BigData products.
FortiGuard Advisory #2 - FortiGuard published an advisory that describes
a client-side enforcement of server-side security vulnerability in their FortiSandbox
product.
FortiGuard Advisory #3 - FortiGuard published an advisory that describes
an incorrect authorization vulnerability in their FortiSandbox product.
FortiGuard Advisory #4 - FortiGuard published an advisory that describes
a use of externally-controlled format string vulnerability (with publicly
available exploit) in multiple FortiGuard products.
FortiGuard Advisory #5 - FortiGuard published an advisory that describes
an OS command injection vulnerability in their FortiSandbox product.
FortiGuard Advisory #6 - FortiGuard published an advisory that describes
an OS command injection vulnerability in their FortiManager CLI.
FortiGuard Advisory #7 - FortiGuard published an advisory that describes
an OS command injection vulnerability in their FortiSandbox product.
FortiGuard Advisory #8 - FortiGuard published an advisory that describes
the use of a hard-coded cryptographic key vulnerability in their FortiSandbox
product.
FortiGuard Advisory #9 - FortiGuard published an advisory that describes
an SQL injection vulnerability in their FortiSandbox product.
HP Advisory #1 - HP published an
advisory that discusses seven vulnerabilities in multiple HP products.
HP Advisory #2 - HP published an
advisory that discusses eleven vulnerabilities in multiple HP products.
HP Advisory #3 - HP published an
advisory that discusses three vulnerabilities in multiple HP products.
HPE Advisory #1 - HPE published an
advisory that discusses two vulnerabilities (one with publicly available
exploit) in their ProLiant DL/XL Servers.
HPE Advisory #2 - HPE published an
advisory that discusses two vulnerabilities in their ProLiant DX Servers.
HPE Advisory #3 - HPE published an
advisory that describes an authentication bypass vulnerability in their Cray
XD670 Server.
HPE Advisory #4 - HPE published an
advisory that discusses two vulnerabilities (one with publicly available
exploits) in their Cray Servers.
HPE Advisory #5 - HPE published an
advisory that discusses an improper input validation vulnerability in their
Cray Servers.
KeyShot Advisory -
KeyShot published an
advisory that describes three vulnerabilities in their Studio product.
Palo Alto Networks Advisory #1 - Palo Alto Networks
published an
advisory that describes an exposed unsafe ActiveX method vulnerability in
their GlobalProtect App.
Palo Alto Networks Advisory #2 - Palo Alto Networks
published an
advisory that describes a reliance on untrusted inputs in a security
decision vulnerability in their GlobalProtect App.
Palo Alto Networks Advisory #3 - Palo Alto Networks
published an
advisory that describes an improper check for unusual or exceptional
conditions vulnerability in their PAN-OS product.
Palo Alto Networks Advisory #4 - Palo Alto Networks
published an
advisory that describes an improper resolution of path equivalence
vulnerability in their PAN-OS product.
Palo Alto Networks Advisory #5 - Palo Alto Networks
published an
advisory that describes an uncontrolled resource consumption vulnerability
in their PAN-OS product.
Palo Alto Networks Advisory #6 - Palo Alto Networks
published an
advisory that discusses 16 vulnerabilities in their Prisma Access Browser.
Schneider Advisory #1 - Schneider published an
advisory that describes an insertion of sensitive information into a log
file vulnerability in their EcoStruxure Panel Server.
Schneider Advisory #2 - Schneider published an
advisory that describes an improper authentication vulnerability in their EcoStruxure™
Power Automation System User Interface products.
Schneider Advisory #3 - Schneider published an
advisory that describes an insecure default initialization of a resource
vulnerability in their EcoStruxure Power Automation System User Interface and
EcoStruxure Microgrid Operation Large products.
For more information on these disclosures, including links
to 3rd party advisories, researcher reports, and exploits, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-90e
- subscription required.
No comments:
Post a Comment