For Part 2 we have 15 additional vendor disclosures from Palo Alto Networks (6), Phoenix Contact, Schneider Electric (4), Siemens (2), Supermicro, and Western Digital. There are bulk updates from Siemens (23). We have additional 12 vendor updates from FortiGuard, HP (5), HPE, and Schneider (5). There are five researcher reports for vulnerabilities in products from Schneider (5). Finally, we have two exploits for products from Snort and VMware.
Advisories
Palo Alto Networks Advisory #1 - PAN published an advisory
that discusses six vulnerabilities in their Prisma Access Browser.
Palo Alto Networks Advisory #2 - PAN published an advisory that
describes a deserialization of untrusted data vulnerability in their Checkov by
Prisma Cloud product.
Palo Alto Networks Advisory #3 - PAN published an advisory that
describes a cleartext exposure of sensitive information vulnerability in their Checkov
by Prisma Cloud.
Palo Alto Networks Advisory #4 - PAN published an advisory that
describes a cleartext storage of sensitive information vulnerability in multiple
PAN products.
Palo Alto Networks Advisory #5 – PAN published an advisory that
describes an improper certificate validation vulnerability in their GlobalProtect
App.
Palo Alto Networks Advisory #6 – PAN published an advisory that
describes a use of default credentials vulnerability in their Cortex XDR Broker
VM. - PAN published an advisory that
describes a use of default credentials vulnerability in their Cortex XDR Broker
VM.
Phoenix Contact
Advisory - Phoenix Contact published an
advisory that describes a missing authentication for critical function
vulnerability in their Device and Update Management service.
Schneider Advisory #1 - Schneider published an
advisory that describes an improper privilege management vulnerability in
their Saitel DR & Saitel DP RTU products.
Schneider Advisory #2 - Schneider published an
advisory that describes a link following vulnerability in their Software
Update (SESU) product.
Schneider Advisory #3 - Schneider published an
advisory that describes two vulnerabilities in their EcoStructure Building Operation
products.
Schneider Advisory #4 - Schneider published an
advisory that describes an improper input validation vulnerability in multiple
Schneider products.
Siemens Advisory #1 - Siemens published an
advisory that describes an improper verification of cryptographic signature
vulnerability in their Mendix SAML products.
Siemens Advisory #2 - Siemens published an
advisory that describes least privilege violation in multiple Siemens
products.
Supermicro Advisory -
Supermicro published an
advisory that discusses two vulnerabilities in multiple Supermicro
products.
Western Digital Advisory - Western Digital published an advisory that describes a Windows registration vulnerability in their Kitfox Software for Windows.
Bulk Updates
Siemens published 23 updates.
Updates
FortiGuard Update -
FortiGuard published an
update for their OpenSSH advisory that was originally published on March 11th,
2025, and most recently updated on May 13th, 2025. The new
information includes updating version and SoftPaq information for Business
Desktops.
HP Update #1 - FortiGuard published an update for their OpenSSH
advisory that was originally published on March 11th, 2025, and most
recently updated on May 13th, 2025.
HP Update #2 - HP published an
update for their NVIDIA GPU Display Driver advisory that was originally
published on March 31st, 2025.
HP Update #3 - HP published an
update for their AMD SMM Vulnerabilities advisory that was originally
published on May 7th, 2025.
HP Update #4 - HP published an
update for their AMD Client Processors advisory that was originally published
on February 11th, 2025.
HP Update #5 - HP published an
update for their Intel Graphics Software advisory that was originally
published on February 11th, 2025.
HPE Update #1 - HPE
published an
update for their Private Cloud AI advisory that was originally published on
August 8th, 2025.
HPE Update #2 - HPE published an
update for their SANnav Management Portal advisory that was originally
published on July 8th, 2025.
Schneider Update #1 - Schneider published an update for
their BadAlloc
advisory that was originally published on November 9th, 2021, and
most recently updated on April 8th, 2025.
Schneider Update #2 - Schneider published an
update for their CODESYS Runtime advisory that was originally published on
July 11th, 2023, and most recently updated on June 11th,
2024.
Schneider Update #3 - Schneider published an
update for their Web Server on Modicon M340 advisory that was originally
published on January 14th, 2025.
Schneider Update #4 - Schneider published an
update for their Wind River VxWorks DHCP server advisory that was originally
published on January 14th, 2025, and most recently updated on April
8th, 2025.
Schneider Update #5 - Schneider published an update for their Modicon M340 advisory that was originally published on June 11th, 2024.
Researcher Reports
Schneider Reports - ZDI published five reports of individual vulnerabilities in the Schneider EcoStruxure Power Monitoring Expert.
Exploits
Snort Exploit - Rapid7
published a Metasploit module for an OS command injection vulnerability in the
Snort Report product.
VMware Exploit - Imraan Khan published an exploit for a
cross-site scripting vulnerability in the VMware vSphere Client.
Posts
No comments:
Post a Comment