We have a moderately busy disclosure week. For Part 1 we have 10 vendor disclosures from Beckhoff, Belden, B&R Automation (2), Carrier, Fujitsu, Hitachi, and HPE (3).
Advisories
Beckhoff Advisory -
CERT-VDE published an
advisory that describes a cross-site scripting vulnerability in their TwinCAT
3 HMI Server.
Belden Advisory -
Belden published an
advisory that discusses an improper handling of length parameter
inconsistency vulnerability (that is listed in CISA’s KEV catalog) in their Connectivity
Suite product.
B&R Advisory #1 - B&R published an
advisory that describes an allocation of resources without limit or
throttling vulnerability in their Automation Runtime products.
B&R Advisory #2 - B&R published an
advisory that describes an improper certificate validation vulnerability in
their Automation Studio product.
Carrier Advisory -
Carrier published an
advisory that describes a storing password in a recoverable format
vulnerability in their Automated Logic WebCTRL and Carrier i-Vu products.
Fujitsu Advisory -
CERT-JP published an advisory
that describes an uncontrolled search path element vulnerability in the Fujitsu
ServerView Agents for Windows.
Hitachi Advisory -
Hitachi published an
advisory that discusses 28 vulnerabilities in their Disk Array systems.
HPE Advisory #1 - HPE published an
advisory that discusses 19 vulnerabilities (4 with publicly available
exploits, 1 listed in KEV catalog) in their Telco Universal SLA Management
product.
HPE Advisory #2 - HPE published an
advisory that discusses an out-of-bounds rite vulnerability in their Telco
IP product (ONMS Adapter).
HPE Advisory #3 - HPE published an
advisory that describes a privilege escalation vulnerability in multiple
HPE products utilizing the Alletra OS.
Posts
No comments:
Post a Comment