For Part 2 we have 11 additional vendor disclosures from Ingecon, Moxa (3), NI, Splunk (2), ThingsBoard, TP-Link, Turck, and Zyxel. Part 3 is coming tomorrow.
Advisories
Ingecon Advisory - INCIBE-CERT published an advisory that describes a use of broken or risky cryptographic algorithm vulnerability in the Ingecon EMS Board.
Moxa Advisory #1 - Moxa published an advisory that describes a missing authentication vulnerability in their Serial Device Servers.
Moxa Advisory #2 - Moxa published an advisory that describes two vulnerabilities in their Serial Device Servers. The vulnerabilities were reported by Remi ONNO of CS GROUP.
Moxa Advisory #3 - Moxa published an advisory that describes an improper validation of specified type of input vulnerability in their Serial Device Servers.
NI Advisory - NI published an advisory that describes seven vulnerabilities in their gRPC Device Server.
Splunk Advisory #1 - Splunk published an advisory that describes an OS command injection vulnerability in their AI Toolkit.
Splunk Advisory #2 - Splunk published an advisory that describes an OS command injection vulnerability in their AI Toolkit.
ThingsBoard Advisory - JP-CERT published an advisory that describes a prototype pollution vulnerability in the ThingsBoard open-source IoT platform.
TP-Link Advisory - TP-Link published an advisory that describes two OS command injection vulnerabilities in their TL-WR940N wireless router.
Turck Advisory - CERT-VDE published an advisory that discusses two vulnerabilities (one with a publicly available exploit) in Turck Managed Ethernet Switches.
Zyxel Advisory - Zyxel published an advisory that describes a stack-based buffer overflow vulnerability in their GS1900 series switches.
For more information on these disclosures, see my article at CFSN Detailed Analysis - - subscription required.
Posts
No comments:
Post a Comment