This week we have a two-part posting with the 2nd
part being a continued look at the response to the Log4Shell vulnerabilities.
For Part 1, we have five vendor disclosures from Advantech, Bosch, B&R
Industrial Automation, Hitachi Energy, and VMware. We also have an update from
HPE. Finally, there are five researcher reports of vulnerabilities in products
from OpenBMCS.

Advantech Advisory – Incibe-Cert published an
describing incorrect default permissions vulnerabilities in four
separate Advantech products.

Bosch Advisory – Bosch published an
describing two vulnerabilities in their AMC2 (Access Modular

B&R Advisory – B&R published an
describing RCE through project upload from target vulnerability in
their Automation Studio product.

Hitachi Energy Advisory – Hitachi Energy published an
describing nine vulnerabilities in their MicroSCADA Pro/X SYS600

VMware Advisory – VMware published an
describing a denial-of-service vulnerability in their VMware
Workstation and Horizon Client products.

HPE Update – HPE published an
their HPE ProLiant and ProLiant Server Blades advisory that was originally
on November 10th, 2021.

OpenBMCS Reports – Zero Science published five reports
about vulnerabilities in building management system products from OpenBMCS.


For more details on these disclosures, including links to
3rd party advisories and exploits, see my article at CFSN Detailed Analysis –
– subscription required.

By admin