This week we have nineteen vendor disclosures from Aruba, Broadcom,
Carlo Gavazzi Controls, GE Healthcare, HPE (7), Insyde (3), Mitsubishi (2), PulseSecure,
and ZGR (2). There is also an update from Mitsubishi. Finally, we have six researcher
reports for products from Advantech and GE (5).

Aruba Advisory – Aruba published an
advisory
that describes 13 vulnerabilities in their Aruba Access Points
products.

Broadcom Advisory – Broadcom published an
advisory
that discusses an infinite loop vulnerability in their Brocade
Fabric OS and Brocade Active Support Connectivity Gateway products.

Carlo Gavazzi Advisory – VDE-CERT published an
advisory describing eleven vulnerabilities in their CPY Car Park Server and UWP
3.0 Monitoring Gateway and Controller.

GE Healthcare Advisory – GE published an advisory
discussing malware persistence in VMware ESXi Hypervisors (reported
by
VMware).

HPE Advisory #1 – HPE published an
advisory
that discusses an insufficient control flow management
vulnerability in their Intel 500 and 700 Series Ethernet Controllers.

HPE Advisory #2 – HPE published an
advisory
that discusses eleven vulnerabilities in their NonStop Products.
These are third-party (Intel)
vulnerabilities.

HPE Advisory #3 – HPE published an
advisory
that describes an open redirect vulnerability in their OneView
Global Dashboard.

HPE Advisory #4 – HPE published an
advisory
that describes three vulnerabilities in their HP-UX product. These
are third-party (OpenSSL) vulnerabilities.

HPE Advisory #5 – HPE published an
advisory
that describes an unauthorized data modification vulnerability in
their Nimble Storage Arrays.

HPE Advisory #6 – HPE published an
advisory
that describes a disclosure of sensitive information vulnerability
in their Nimble Storage Arrays.

HPE Advisory #7 – HPE published an
advisory
that describes a disclosure of sensitive information vulnerability
in their Nimble Storage Arrays.

Insyde Advisory #1 – Insyde published an advisory that discusses
an observable discrepancy vulnerability in their InsydeH2O product.

Insyde Advisory #2 – Insyde published an advisory that discusses
three vulnerabilities in their InsydeH2O product.

Insyde Advisory #3 – Insyde published an advisory that discusses
an out-of-bounds read vulnerability in their InsydeH2O product.

Mitsubishi Advisory #1 – Mitsubishi published an
advisory
that describes an information disclosure vulnerability in multiple
consumer electronics products.

Mitsubishi Advisory #2 – Mitsubishi published an
advisory
that describes two vulnerabilities in multiple consumer
electronics products.

PulseSecure Advisory – PulseSecure published an
advisory
that describes an HTTP request smuggling vulnerability in their Pulse
Connect Secure.

ZGR Advisory – Incibe-CERT published an
advisory
that describes four vulnerabilities in their TPS200 NG modular
rectifier.

Mitsubishi Update – Mitsubishi published an
update
for their GENESIS64TM and MC Works64 advisory that was originally
published
on July 19th, 2022 and most
recently updated
on August 30th, 2022.

Advantech Report – Tenable published a report that describes
an SQL injection vulnerability in the Advantech iView webserver.

GE Report #1 – ZDI published a report
that describes an uninitialized pointer vulnerability in the GE CIMPLICITY
product.

GE Report #2 – ZDI published a report
that describes a heap-based buffer overflow vulnerability in the GE CIMPLICITY
product.

GE Report #3 – ZDI published a report
that describes an uninitialized pointer vulnerability in the GE CIMPLICITY
product.

GE Report #4 – ZDI published a report
that describes a pointer dereference vulnerability in the GE CIMPLICITY
product.

GE Report #5 – ZDI published a report
that describes an out-of-bounds write vulnerability in the GE CIMPLICITY
product.

 

For more details about these disclosures, including links to
3rd party advisories and researcher reports – https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-9-24
– subscription required.

By admin