This week we have nine vendor disclosures from Aruba
Networks, GE Gas Power (3), HP, Meinberg, Moxa, Philips, and WatchGuard. We
also have eight vendor updates from Broadcom (2), Eaton, and HPE (5). Finally,
we have five researcher reports for vulnerabilities in products from Insyde (3)
and WellinTech (2).
Advisories
Aruba Advisory – Aruba published an
advisory that describes a remote code execution vulnerability in their CX
Switches.
GE Advisory #1 – GE published an
advisory that discusses unnamed security issues with the Woodward MicroNet
Plus 5200 CPU.
GE Advisory #2 – GE published an
advisory that describes a deserialization vulnerability in their ToolboxST
product.
GE Advisory #3 – GE published an
advisory that discusses a buffer underwrite
vulnerability in the FortiGuard FortiOS that affects the GE NetworkST4,
Remote Operations Offering, and M&D Lockbox and S3C Firewall (60F)
products.
HP Advisory – HP published an
advisory that discusses 16 time-of-check to time-of-use vulnerability in a
variety of their products.
Meinberg Advisory – Meinberg published an
advisory that discusses eleven vulnerabilities in their LANTIME product.
Moxa Advisory – Moxa published an
advisory that discusses two TCG
TPM2.0 implementation vulnerabilities.
Philips Advisory – Philips published an advisory
that discusses two remote code execution vulnerabilities.
WatchGuard Advisory – WatchGuard published an
advisory that discusses an OpenSSH
double free vulnerability.
Updates
Broadcom Update #1 – Broadcom published an
update for their AMI MegaRAC Baseboard Management Controller that was originally
published on December 9th, 2022.
Broadcom Update #2 – Broadcom published an
update for their ksmb module in the Linux kernel advisory that was originally
published on December 24th, 2022.
Eaton Update – Eaton published an
update for their Ripple20 advisory
that was originally
published on June 23rd, 2020 and most
recently updated on November 11th, 2020.
HPE Update #1 – HPE published an
update for their ProLiant BL/DL/ML Servers advisory that was originally
published on February 14th, 2023.
HPE Update #2 – HPE published an
update for their Aruba ClearPass Policy Manager advisory that was originally
published on March 15th, 2023.
HPE Update #3 – HPE published an
update for their StoreEasy Servers advisory that was originally
published on February 14th, 2023.
HPE Update #4 – HPE published an
update for their Synergy Servers advisory that was originally
published on February 14th, 2023.
HPE Update #5 – HPE published an
update for their Proliant DX Servers advisory that was originally
published on February 14th, 2023.
Researcher Reports
Insyde Reports – BINARLY published
three reports about vulnerabilities in the InsydeH2O products.
WellinTech Reports – Cisco Talos published
two reports about vulnerabilities in the WellinTech KingHistorian.
For more details about these disclosures, including links to
researcher reports, 3rd party advisories, and exploits, see my article
at CFSN Detailed Analysis – https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-434
– subscription required.
Go to Source of this post
Author Of this post: PJCoyle