This week we have a two-part posting with the 2nd
part being a continued look at the response to the Log4Shell vulnerabilities.
For Part 1, we have five vendor disclosures from Advantech, Bosch, B&R
Industrial Automation, Hitachi Energy, and VMware. We also have an update from
HPE. Finally, there are five researcher reports of vulnerabilities in products
from OpenBMCS.

Advantech Advisory – Incibe-Cert published an
advisory
describing incorrect default permissions vulnerabilities in four
separate Advantech products.

Bosch Advisory – Bosch published an
advisory
describing two vulnerabilities in their AMC2 (Access Modular
Controller).

B&R Advisory – B&R published an
advisory
describing RCE through project upload from target vulnerability in
their Automation Studio product.

Hitachi Energy Advisory – Hitachi Energy published an
advisory
describing nine vulnerabilities in their MicroSCADA Pro/X SYS600
Products.

VMware Advisory – VMware published an
advisory
describing a denial-of-service vulnerability in their VMware
Workstation and Horizon Client products.

HPE Update – HPE published an
update
their HPE ProLiant and ProLiant Server Blades advisory that was originally
published
on November 10th, 2021.

OpenBMCS Reports – Zero Science published five reports
about vulnerabilities in building management system products from OpenBMCS.

 

For more details on these disclosures, including links to
3rd party advisories and exploits, see my article at CFSN Detailed Analysis – https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-8d9
– subscription required.

By admin