This week we have a relatively light disclosure week with 11 vendor disclosures from Dell (5), Delta Electronics, Honeywell, HP (2), RT Labs, and Wiesemann & Theis. We also have 10vendor updates from FortiGurad (6), HPE, Moxa, and Omron (2). Finally we have three researcher reports for vulnerabilities in products from Kunbus, and libplctags (2).
Advisories
Dell Advisory #1 - Dell published an
advisory that discusses 41 vulnerabilities in their Dell Networking OS10
product.
Dell Advisory #2 - Dell published an
advisory that describes a use of hard-coded credentials vulnerability in
their Dell Networking OS10 product.
Dell Advisory #3 - Dell published an
advisory that discusses three vulnerabilities in their EMC Networking OS10
product.
Dell Advisory #4 - Dell published an
advisory that discusses eleven vulnerabilities (three with publicly
available exploits) in their Dell Wyse Management Suite product.
Dell Advisory #5 - Dell published an
advisory that describes an OS command injection vulnerability in their Dell
Networking OS10 product.
Delta Advisory - Delta published an
advisory that describes four out-of-bounds write vulnerabilities in their CNCSoft
product.
Honeywell Advisory -
Honeywell published an
advisory that describes an OS command injection vulnerability in the MB-Secure
and MB-Secure PRO building security manager.
HP Advisory #1 - HP published an
advisory that discusses an integer overflow or wrap around vulnerability (with
a publicly available exploit) in their HP Universal Scan.
HP Advisory #2 - HP published an
advisory that discusses three vulnerabilities in multiple HP product lines.
RT Labs Advisory -
RT Labs published an
advisory that describes 10 vulnerabilities in their P-Net Profinet stack.
Wiesemann Advisory - CERT-VDE published an advisory that describes a cross-site scripting vulnerability in multiple Wiesemann & Theis products.
Updates
FortiGuard Update #1 - FortiGuard published an update for their ipsec
ike advisory that was originally published on January 14th, 2025,
and most recently updated on April 11th, 2025.
FortiGuard Update #2 - FortiGuard published an update for their cross-site
scripting advisory that was originally published on February 11th,
2025.
FortiGuard Update #3 - FortiGuard published an update for their OS
command injection advisory that was originally published on January 14th,
2025.
FortiGuard Update #4 - FortiGuard published an update for their vm
download feature advisory that was originally published on March 11th,
2025.
FortiGuard Update #5 - FortiGuard published an update for their execute
sensitive operations advisory that was originally published on May 14th,
2024.
FortiGuard Update #6 - FortiGuard published an update for their device
del feature advisory that was originally published on March 11th,
2025.
HPE Update - HPE
published an
update for their ProLiant DL/XL Servers advisory that was originally
published on March 10th, 2025.
Moxa Update - Moxa
published an
update for their command injection advisory that was originally published
on April 2nd, 2025.
Omron Update #1 - Omron published an
update for their NJ/NX-series Machine advisory that was originally
published on January 14th, 2025.
Omron Update #2 - Omron published an update for their CX-Programmer advisory that was originally published on April 22nd, 2025.
Researcher Reports
Kunbus Report - Pen
Test Partners published a
report that describes four vulnerabilities in the Kunbus Revolution Pi
industrial PLCs.
libplctags Report - Nozomi Networks published two reports
that described individual vulnerabilities in the libplctags library.
For more information on these disclosures, including links
to 3rd party advisories, researcher reports, and exploits, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-ebb
- subscription required.
Posts
No comments:
Post a Comment