This week we have nine vendor disclosures from Aruba
Networks, GE Gas Power (3), HP, Meinberg, Moxa, Philips, and WatchGuard. We
also have eight vendor updates from Broadcom (2), Eaton, and HPE (5). Finally,
we have five researcher reports for vulnerabilities in products from Insyde (3)
and WellinTech (2).

Advisories

Aruba Advisory – Aruba published an
advisory
that describes a remote code execution vulnerability in their CX
Switches.

GE Advisory #1 – GE published an
advisory
that discusses unnamed security issues with the Woodward MicroNet
Plus 5200 CPU.

GE Advisory #2 – GE published an
advisory
that describes a deserialization vulnerability in their ToolboxST
product.

GE Advisory #3 – GE published an
advisory
that discusses a buffer underwrite
vulnerability
in the FortiGuard FortiOS that affects the GE NetworkST4,
Remote Operations Offering, and M&D Lockbox and S3C Firewall (60F)
products.

HP Advisory – HP published an
advisory
that discusses 16 time-of-check to time-of-use vulnerability in a
variety of their products.

Meinberg Advisory – Meinberg published an
advisory
that discusses eleven vulnerabilities in their LANTIME product.

Moxa Advisory – Moxa published an
advisory
that discusses two TCG
TPM2.0
implementation vulnerabilities.

Philips Advisory – Philips published an advisory
that discusses two remote code execution vulnerabilities.

WatchGuard Advisory – WatchGuard published an
advisory
that discusses an OpenSSH
double free vulnerability.

Updates

Broadcom Update #1 – Broadcom published an
update
for their AMI MegaRAC Baseboard Management Controller that was originally
published
on December 9th, 2022.

Broadcom Update #2 – Broadcom published an
update
for their ksmb module in the Linux kernel advisory that was originally
published
on December 24th, 2022.

Eaton Update – Eaton published an
update
for their Ripple20 advisory
that was originally
published
 on June 23rd, 2020 and most
recently updated
on November 11th, 2020.

HPE Update #1 – HPE published an
update
for their ProLiant BL/DL/ML Servers advisory that was originally
published
on February 14th, 2023.

HPE Update #2 – HPE published an
update
for their Aruba ClearPass Policy Manager advisory that was originally
published
on March 15th, 2023.

HPE Update #3 – HPE published an
update
for their StoreEasy Servers advisory that was originally
published
on February 14th, 2023.

HPE Update #4 – HPE published an
update
for their Synergy Servers advisory that was originally
published
on February 14th, 2023.

HPE Update #5 – HPE published an
update
for their Proliant DX Servers advisory that was originally
published
on February 14th, 2023.

Researcher Reports

Insyde Reports – BINARLY published
three reports about vulnerabilities in the InsydeH2O products.

WellinTech Reports – Cisco Talos published
two reports about vulnerabilities in the WellinTech KingHistorian.

 

For more details about these disclosures, including links to
researcher reports, 3rd party advisories, and exploits, see my article
at CFSN Detailed Analysis – https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-434
– subscription required. 

Go to Source of this post
Author Of this post: PJCoyle

By admin