This has been a relatively busy disclosure week. For Part 1 we have 14 vendor disclosures from B&R (2), FortiGuard (2), Hitachi (2), HP (3), HPE (4), and Mitsubishi.
Advisories
B&R Advisory #1 - B&R published an advisory that discusses five vulnerabilities (four with publicly available exploits) in multiple Linux based B&R products.
B&R Advisory #2 - B&R published an advisory that discusses a race condition within a thread vulnerability in multiple B&R products.
FortiGuard Advisory #1 - FortiGuard published an advisory that describes an internal asset exposed to unsafe debug access level or state vulnerability in their FortiOS and FortiProxy products.
FortiGuard Advisory #2 - FortiGuard published an advisory that describes an OS command injection vulnerability in their FortiSandbox product.
Hitachi Advisory #1 - Hitachi published an advisory that describes an iSCSI port vulnerability in multiple Hitachi products.
Hitachi Advisory #2 - Hitachi published an advisory that discusses an improper neutralization of escape, meta or control sequences vulnerability in their Cosminexus HTTP Server and Hitachi Web Server.
HP Advisory #1 - HP published an advisory that discusses nine vulnerabilities in multiple HP product lines.
HP Advisory #2 - HP published an advisory that discusses an improper isolation of shared resources on system-on-a-chip vulnerability in multiple HP product lines.
HP Advisory #3 - HP published an advisory that discusses an improper handling of insufficient entropy in TRNG vulnerability in multiple HP product lines.
HPE Advisory #1 - HPE published an advisory that discusses an improper access control for register interface vulnerability in their ProLiant AMD Servers.
HPE Advisory #2 - HPE published an advisory that discusses a race condition vulnerability in their RL300 Server.
HPE Advisory #3 - HPE published an advisory that discusses the FunkyChunks vulnerability. HPE provides a list of affected products.
HPE Advisory #4 - HPE published an advisory that discusses a heap-based buffer overflow vulnerability in their Aruba Networking Products.
Mitsubishi Advisory - Mitsubishi published an advisory that describes a use of hard-coded credentials vulnerability in multiple home appliance products.
For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-6-6-26-part - subscription required.
Posts
No comments:
Post a Comment