This has been a busy disclosure week. For Part 1, there are 15 vendor disclosures from B&R, CODESYS (3), Dassault Systems (3), D-Link, GE Vernova, Helmholz (2), and Hitachi (4).
Advisories
B&R Advisory - B&R published an advisory that describes an allocation of resources without limit or throttling vulnerability in their PPT30 OPC-UA Server.
CODESYS Advisory #1 - CODESYS published an advisory that describes two incorrect default permissions vulnerabilities in their Development System product.
CODESYS Advisory #2 - CODESYS published an advisory that describes an incorrect authorization vulnerability in their Control runtime system.
CODESYS Advisory #3 - CODESYS published an advisory that describes an improper validation of specified quantity in input vulnerability in their Control Runtime system.
Dassault Advisory #1 - Dassault published an advisory that describes a path traversal vulnerability in their DELMIA Factory Resource Manager.
Dassault Advisory #2 - Dassault published an advisory that describes a stored cross-site scripting vulnerability in their ELMIA Factory Resource Manager.
Dassault Advisory #3 - Dassault published an advisory that describes a stored cross-site scripting vulnerability in their ENOVIA Collaborative Industry Innovator.
D-Link Advisory - D-Link published an advisory that describes an exposure of sensitive system information to an unauthorized control sphere vulnerability (with publicly available exploit) in their DIR-601 WiFi Routers.
GE Vernova Advisory - GE published an advisory that discusses an incorrect authorization vulnerability in their Threat Intelligence module.
Helmholz Advisory #1 - CERT-VDE published an advisory that discusses two command injection vulnerabilities in their REX100, REX200, and REX250 products.
Helmholz Advisory #2 - CERT-VDE published an advisory that discusses 41 SQL injection vulnerabilities in their myREX24V2 and myREX24V2.virtual products.
Hitachi Advisory #1 - Hitachi published an advisory that discusses 108 vulnerabilities in their Disk Array systems.
Hitachi Advisory #2 - Hitachi published an advisory that discusses eight vulnerabilities in multiple Hitachi products. These are third-party vulnerabilities.
Hitachi Advisory #3 - Hitachi published an advisory that discusses eight vulnerabilities in their Developer's Kit for Java and Cosminexus Developer’s kit for Java.
Hitachi Advisory #4 - Hitachi published an advisory that describes a missing password filed masking vulnerability in their Infrastructure Analytics Advisor, Ops Center Analyzer, and Ops Center Analyzer viewpoint products.
For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-df7 - subscription required.
Posts
No comments:
Post a Comment