For Part 2 this week we have three additional vendor disclosures from Splunk, Western Digital, and Wiesemann and Theis. There are also two vendor updates from Hitachi Energy and Palo Alto Networks. We also have nine researcher reports about vulnerabilities in products from Daikin, HP Wolf, Tesla (6), and SonicWall.
Advisories
Splunk Advisory -
Splunk published an
advisory that discusses 13+ vulnerabilities (six with publicly available
exploits) in their User Behavior Analytics product.
Western Digital
Advisory - Western Digital published an
advisory that discusses 12 vulnerabilities (six with publicly available
exploits) in their My Cloud devices.
Wiesemann Advisory - CERT-VDE published an advisory that describes the use of a broken or risky cryptographic algorithm vulnerability in the Wiesemann and Theis Com-Server products.
Updates
Hitachi Energy Update
- Hitachi Energy published an
update that provides additional information on their RTU500 series advisory
that was originally published on March 25th, 2025.
Palo Alto Networks Update - Palo Alto Networks published an update for their GlobalProtect App advisory that was originally published on April 9th, 2025, and most recently updated on April 21st, 2025.
Researcher Reports
Daikin Report - Zero Science published a report
that describes an insecure direct object reference vulnerability in the Daikin
Security Gateway.
HP Wolf Report - SEC
Consult published a report that
describes a CSRF vulnerability in the HP Wolf Security Controller, as well as
multiple misconfiguration issues.
Tesla Reports - ZDI
published six
reports about individual vulnerabilities in the Tesla Model S.
SonicWall Report - BishopFox published a
report that describes a denial of service vulnerability in the SonicWall
Sonic OS product.
For more information on these disclosures, including links
to exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-d05
- subscription required.
Posts
No comments:
Post a Comment