This has been a somewhat busy disclosure week. For Part 1, we have nine vendor disclosures from ABB, Arista (2), Cisco, ifm, Johnson Controls, Palo Alto Networks, Philips, and QNAP.
Advisories
ABB Advisory - ABB published an advisory that explains that their System 800xA product comes bundled with Microsoft Edge, but that ABB has not updated the software to include Edge updates.
Arista Advisory #1 - Arista published an advisory that discusses the Dirty Frag vulnerabilities.
Arista Advisory #2 - Arista published an advisory that describes an incomplete comparison with missing factors vulnerability in their Arista EOS.
Cisco Advisory - Cisco published an advisory that describes three vulnerabilities in their IoT Field Network Director.
Ifm Advisory - CERT-VDE published an advisory that discusses three vulnerabilities in the ifm CR3171 ethernet LTE/GNSS radio modem.
Johnson Controls Advisory - Johnson Controls published an advisory that discusses an improper access control vulnerability in their Airwall 75 gateway.
Palo Alto Networks Advisory - PAN published an advisory that describes an out-of-bounds write vulnerability (that is listed in the CISA Known Exploited Vulnerabilities catalog) in their PAN-OS product.
Philips Advisory - Philips published an advisory that discusses the CopyFail vulnerability.
QNAP Advisory - QNAP published an advisory that discusses the CopyFail vulnerability. QNAP provides lists of affected and unaffected products.
For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-c51 - subscription required.
Posts
No comments:
Post a Comment