For Part 2 we have five additional vendor disclosures from Fuji Electric, OpenPLC, Philips (2) and Wireshark. There is a vendor update from HPE. We have six researcher reports for vulnerabilities in products from OpenPLC (2), and Planet (4). Finally, we have three exploits for products from FortiGuard (2) and MotionEye.
Advisories
Fuji Advisory - JP-CERT
published an advisory that describes nine vulnerabilities in the Fuji V-SFT
screen configuration software.
OpenPLC Advisory -
OpenPLC published an
advisory that describes an improper input validation vulnerability.
Philips Advisory #1 - Philips published an
advisory that discusses the Oracle server side request forgery vulnerability.
Philips Advisory #2 - Philips published an
advisory that discusses three Cisco vulnerabilities.
Wireshark Advisory - Wireshark published an advisory that describes an infinite loop vulnerability in their MONGO dissector.
Updates
HPE Update - HPE published an update for their Aruba EdgeConnect SD-WAN Gateways advisory that was originally published on September 16th, 2025.
Researcher Reports
OpenPLC Report - CISCO
Talos published a
report that describes a missing release of file descriptor or handle after
the effective lifetime vulnerability in the OpenPLC v3.
Planet Reports - Cisco Talos published four reports for nine vulnerabilities in the Planet WGR-500 industrial router.
Exploits
FortiGuard Exploit #1 - Milad Karimi published an exploit for an SQL injection vulnerability {which is listed in CISA’s Known Exploited Vulnerability (KEV) catalog} in the FortiWeb Fabric Connector. The vulnerability was previously disclosed by FortiGuard.
FortiGuard Exploit #2 - Kityzed2003 published an exploit for a an SQL
injection vulnerability (which is listed in CISA’s KEV catalog) in the FortiWeb
product.
MotionEye Exploit -
Maksim Rogov published a Metasploit
module for an improper encoding or escaping from object vulnerability in
the MotionEye.
Posts
No comments:
Post a Comment