For Part 2 this week we have 23 additional vendor disclosures from Panasonic, Philips (2), Schneider (2), Siemens (3), and Splunk (15).
Advisories
Panasonic Advisory - Panasonic published a release note that reports a fix for a missing
protection mechanism for alternate hardware interface vulnerability in their
Wi-Fi based IR Blaster.
Philips Advisory #1 - Philips published an advisory
that describes three vulnerabilities in their Philips IntelliSpace Portal and Advanced
Visualization Workspace products.
Philips Advisory #2 - Philips published an
advisory that discusses a CrushFTP authentication bypass vulnerability.
Schneider Advisory #1 - Schneider published an
advisory that describes two vulnerabilities ConneXium Network Manager software.
Schneider Advisory #2 - Schneider published an
advisory that describes three vulnerabilities in their Trio Q Licensed Data
Radios.
Siemens Advisory #1 - Siemens published an
advisory that describes an observable response discrepancy vulnerability in
their Mendix Runtime product.
Siemens Advisory #2 - Siemens published an
advisory that describes a weak authentication vulnerability in their Industrial
Edge Device Kit.
Siemens Advisory #3 - Siemens published an
advisory that describes an uncontrolled resource consumption vulnerability
in their ICMP service in Industrial Devices.
Splunk Advisory #1 - Splunk published an advisory that
discusses three vulnerabilities (one with publicly available exploit code) in
their Connect for Syslog product.
Splunk Advisory #2 - Splunk published an advisory that
discusses an injection vulnerability in their SDK for JavaScript.
Splunk Advisory #3 - Splunk published an advisory that
discusses multiple vulnerabilities in their Juniper SRX App. These are
third-party (Libxml2) vulnerabilities.
Splunk Advisory #4 - Splunk published an advisory that
discusses multiple vulnerabilities in their Microsoft SQL Server App.
Splunk Advisory #5 - Splunk published an advisory that
discusses multiple vulnerabilities in their Microsoft Azure SQL App.
Splunk Advisory #6 - Splunk published an advisory that
discusses multiple vulnerabilities in their Kafka App.
Splunk Advisory #7 - Splunk published an advisory that
discusses multiple vulnerabilities in their Snowflake App.
Splunk Advisory #8 - Splunk published an advisory that
discusses two vulnerabilities (one with publicly available exploit) in their NetWitness
Logs and Packets App.
Splunk Advisory #9 - Splunk published an advisory that
discusses an insufficient verification of data authenticity vulnerability in
their Symantec Endpoint Protection 14 App.
Splunk Advisory #10 - Splunk published an advisory that
discusses multiple vulnerabilities (one with publicly available exploit) in
their Symantec Data Loss Prevention App.
Splunk Advisory #11 - Splunk published an advisory that
discusses two vulnerabilities (one with publicly available exploit) in their ProtectWise
App.
Splunk Advisory #12 - Splunk published an advisory that
discusses multiple vulnerabilities (one with publicly available exploit) in
their PostgreSQL App.
Splunk Advisory #13 - Splunk published an advisory that
discusses two vulnerabilities (one with publicly available exploit) in their PagerDuty
App.
Splunk Advisory #14 - Splunk published an advisory that
discusses two vulnerabilities (one with publicly available exploit) in their FireAMP
App.
Splunk Advisory #15 - Splunk published an advisory that
discusses two vulnerabilities (one with publicly available exploit) in their Fidelis
Network App.
For more information on these disclosures, including links to
3rd party advisories and exploits, see my article at CFSN Detailed
Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-dd3
- subscription required.
Posts
No comments:
Post a Comment