This is a relatively busy disclosure week for the week of Cyber Tuesday. We have 43 bulk vendor disclosures from FortiGuard (6), Hitachi (8), HP (8), HPE (14), QNAP (7). We also have 10 bulk updates from Siemens (10). There are also seven other vendor disclosures from Bosch, Meinberg, Pheonix Contact, Schneider (2), and Siemens (2).
Bulk Disclosures – FortiGuard
• Firewall policy bypass in
FSSO Terminal Services Agent,
• Format String
Vulnerability in CAPWAP fast-failover mode,
• LDAP authentication
bypass in Agentless VPN and FSSO,
• Request smuggling attack
in FortiOS GUI,
• SSL-VPN Symlink
Persistence Patch Bypass, and
Bulk Disclosures – Hitachi
• Multiple
Vulnerabilities in Cosminexus HTTP Server,
• Vulnerability
in Cosminexus HTTP Server,
• Vulnerability
in Cosminexus HTTP Server and Hitachi Web Server,
• Multiple
Vulnerabilities in Cosminexus HTTP Server and Hitachi Web Server,
• Multiple
Vulnerabilities in Cosminexus,
• Multiple
Vulnerabilities in JP1,
• Multiple Vulnerabilities in Hitachi Command Suite products
Bulk Disclosures – HP
• HP App –
Potential Cross-Site Scripting,
• AMD
Graphics Driver February 2026 Security Update,
• AMD
Processors February 2026 Security Update,
• Certain
HP OfficeJet Pro Printers – Denial of Service,
• Intel
Chipset Firmware February 2026 Security Update,
• Intel
Processor Firmware February 2026 Security Update,
• Certain HP
OfficeJet Pro Printers - Information Disclosure, and
• Intel Graphics Software February 2026 Security Update.
Bulk Disclosures – HPE
• HPE
Aruba Networking EdgeConnect SD-WAN Orchestrator, Multiple Vulnerabilities,
• Multiple Vulnerabilities in HPE Aruba Networking Private 5G Core.
Bulk Disclosures – QNAP
• Multiple
Vulnerabilities in Media Streaming add-on,
• Multiple
Vulnerabilities in Qsync Central,
• Multiple
Vulnerabilities in File Station 5,
• Multiple
Vulnerabilities in QTS and QuTS hero,
• Multiple
Vulnerabilities in QuTS hero, and
Bulk Updates – Siemens
• Multiple Vulnerabilities in Third-Party Components in SINEC OS
before V3.1,
• Multiple Vulnerabilities in Third-Party Components in SINEC OS
before V3.2,
• Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808
Devices,
• Denial-of-Service Vulnerability in ET 200 Devices,
• Multiple Vulnerabilities in SiPass integrated,
• Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on
RUGGEDCOM APE1808 Devices,
• DLL Hijacking Vulnerability in Siemens Web Installer used by
the Online Software Delivery,
• Vulnerabilities in the additional GNU/Linux subsystem of the
SIMATIC S7-1500 TM MFP V1.1,
• Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet
PCs, and SIMATIC Field PGs, and
Advisories
Bosch Advisory - Bosch published an advisory that describes
four deserialization of untrusted data vulnerabilities in their Rexroth
IndraWorks product.
Meinberg Advisory -
Meinberg published an
advisory that discusses 21 vulnerabilities in their LANTIME product.
Pheonix Contact
Advisory - Pheonix Contact published an
advisory that discusses an improperly controlled sequential memory
allocation vulnerability in their mGuard products.
Schneider Advisory #1 - Schneider published an
advisory that describes an improper check for unusual or exceptional
conditions vulnerability in their SCADAPack and Remote Connect products.
Schneider Advisory #2 - Schneider published an
advisory that describes two vulnerabilities in their EcoStruxureTM Building
Operation Workstation and EcoStruxureTM Building Operation Webstation products.
Siemens Advisory #1 - Siemens published an
advisory that describes six vulnerabilities in their Simcenter Femap and
Nastran products.
Siemens Advisory #2 - Siemens published a
bulletin that describes an absence of anti-tamper protections and modern
exploit mitigation controls in the SIPORT Desktop Client Application.
For more information on these disclosures, including links
to 3rd party advisories, and researcher reports, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-fdd
- subscription required.
Posts
No comments:
Post a Comment