This is a moderately busy disclosure week. For Part 1 we have nine vendor disclosures from CODESYS (3), Endress+Hauser, Helmholz, HP, Mettler Toledo, Moxa, and Phoenix Contact.
Advisories
CODESYS Advisory #1 - CODESYS published an advisory that describes an improper check for unusual or exception conditions vulnerability in their EtherNetIP product.
CODESYS Advisory #2 - CODESYS published an advisory that describes the use of an externally controlled format string vulnerability in their Control V3 product.
CODESYS Advisory #3 - CODESYS published an advisory that describes an incorrect resource transfer between spheres vulnerability in their Control V3 product.
Endress+Hauser Advisory - CERT-VDE published an advisory that discusses an inclusion of functionality from untrusted control sphere vulnerability (with publicly available exploits and listed in CISA’s KEV catalog) in the Endress+Hauser MCS200HW emission analyzer.
Helmholz Advisory - CERT-VDE published an advisory that discusses an exposure of sensitive information to an unauthorized actor vulnerability (with publicly available exploits) in the Helmholz WALl IE Standard 4-Port product.
HP Advisory - HP published an advisory that discusses three vulnerabilities in multiple HP product lines.
Mettler Advisory - CERT-VDE published an advisory that discusses an out-of-bounds write vulnerability in the Mettler MR and MX balances.
Moxa Advisory - Moxa published an advisory that discusses an origin validation error vulnerability in their ethernet switches.
Pheonix Contact Advisory - Pheonix Contact published an advisory that discusses two vulnerabilities (one with publicly available exploits) in multiple Pheonix Contact product lines.
For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-943 - subscription required.
Posts
No comments:
Post a Comment