This week we have a two-part posting with the 2nd
part being a continued look at the response to the Log4Shell vulnerabilities.
For Part 1, we have five vendor disclosures from Advantech, Bosch, B&R
Industrial Automation, Hitachi Energy, and VMware. We also have an update from
HPE. Finally, there are five researcher reports of vulnerabilities in products
Advantech Advisory – Incibe-Cert published an
advisory describing incorrect default permissions vulnerabilities in four
separate Advantech products.
Bosch Advisory – Bosch published an
advisory describing two vulnerabilities in their AMC2 (Access Modular
B&R Advisory – B&R published an
advisory describing RCE through project upload from target vulnerability in
their Automation Studio product.
Hitachi Energy Advisory – Hitachi Energy published an
advisory describing nine vulnerabilities in their MicroSCADA Pro/X SYS600
VMware Advisory – VMware published an
advisory describing a denial-of-service vulnerability in their VMware
Workstation and Horizon Client products.
OpenBMCS Reports – Zero Science published five reports
about vulnerabilities in building management system products from OpenBMCS.
For more details on these disclosures, including links to
3rd party advisories and exploits, see my article at CFSN Detailed Analysis – https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-8d9
– subscription required.