This week is a relatively busy disclosure week. We have 15 vendor disclosures from ABB, Baade, Belden, Fuji Electric, Endress+Hauser, Dassault (3), HP (2), HPE, MB Connect (2), Philips, and TP-Link.
Advisories
ABB Advisory - ABB published an advisory that discusses 16 vulnerabilities (seven with publicly available exploits) in their System 800xA.
Baade Advisory - CERT-VDE published an advisory that discusses a heap-based buffer overflow vulnerability in the Baade 1xCOM and 4xCOM products.
Belden Advisory - Belden published an advisory that discusses two out-of-bounds write vulnerabilities in their NetModule Router Software.
Fuji Advisory - JP-CERT published an advisory that describes five vulnerabilities in the Fuji V-SFT product.
Endress+Hauser Advisory - CERT-VDE published an advisory that discusses 16 vulnerabilities in multiple Endress+Hauser products.
Dassault Advisory #1 - Dassault published an advisory that describes a path traversal vulnerability in their DELMIA Factory Resource Manager.
Dassault Advisory #2 - Dassault published an advisory that describes a cross-site scripting vulnerability in their ELMIA Factory Resource Manager.
Dassault Advisory #3 - Dassault published an advisory that describes a cross-site scripting vulnerability in their ENOVIA Collaborative Industry Innovator.
HP Advisory #1 - HP published an advisory that discusses three vulnerabilities in multiple HP workstations.
HP Advisory #2 - HP published an advisory that discusses the use of an outdated 4th party (Chromium) software package in multiple HP workstations.
HPE Advisory - HPE published an advisory that discusses an improper input validation vulnerability in their Telco Network Function Virtual Orchestrator.
MB Connect Advisory #1 - MB Connect published an advisory that describes five vulnerabilities in their mbCONNECT24 and mymbCONNECT24 products.
MB Connect Advisory #2 - MB Connect published an advisory that describes two vulnerabilities in their mbCONNECT24 and mymbCONNECT24 products.
Philips Advisory - Philips published an advisory that discusses the Microsoft Secure Boot certificates issue.
TP-Link Advisory - TP-Link published an advisory that describes three vulnerabilities in their Tapo C520WS Wi-Fi cameras.
For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-964 - subscription required.
Posts
No comments:
Post a Comment