This is a moderately busy disclosure week. We have bulk disclosures from Wireshark (43). We have 8 additional vendor disclosures from Arista, Dassault Systems (3), Hitachi Energy, HP, and HPE (2).
Bulk Vendor Disclosures – Wireshark
Wireshark published 43 advisories for individual vulnerabilities in various components. All 43 vulnerabilities were fixed by the same two new versions.
Advisories
Arista Advisory - Arista published an advisory that discusses the CopyFail vulnerability.
Dassault Advisory #1 - Dassault published an advisory that describes a path traversal vulnerability in their Factory Resource Management in DELMIA Factory Resource Manager.
Dassault Advisory #2 - Dassault published an advisory that describes a cross-site scripting vulnerability in their Factory Resource Management in DELMIA Factory Resource Manager.
Dassault Advisory #3 - Dassault published an advisory that describes a cross-site scripting vulnerability in their Document Management in ENOVIA Collaborative Industry Innovator,
Hitachi Energy - Hitachi Energy published an advisory that discusses a path traversal vulnerability in their legacy PMC600 products.
HP Advisory - HP published an advisory that discusses an improper input validation vulnerability in their Notebook PCs and Desktop PCs product lines.
HPE Advisory #1 - HPE published an advisory that discusses four vulnerabilities (one with publicly available exploit) in their Telco Service Activator.
HPE Advisory #2 - HPE published an advisory that discusses three vulnerabilities (one with publicly available exploit) in their Telco Service Orchestrator Software.
For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-c90 - subscription required.
Posts
No comments:
Post a Comment