This has been a fairly busy disclosure week which will require two parts to list completely. For Part 1 we have seventeen vendor disclosures from ABB, CONTEC, Fuji Electric (2), HPE (2), Meinberg, Open Automation, QNAP (2), VMware (2), Western Digital, Xylem (3), and Yokogawa.
ABB Advisory – ABB published an advisory that describes two vulnerabilities in their e-Design product.
CONTEC Advisory – JP CERT published an advisory that describes an OS command injection vulnerability (with publicly available exploit) in the CONTEC SolarView Compact.
Fuji Advisory #1 – JP CERT published an advisory that describes five vulnerabilities in the Fuji V-SFT product.
Fuji Advisory #2 – JP CERT published an advisory that describes three vulnerabilities in the Fuji V-SFT, V-Server and V-Server Lite products.
HPE Advisory #1 – HPE published an advisory that describes an escalation of privilege vulnerability in their Version Control Repository Manager Installer.
NOTE: This is going to be an interesting third-party vulnerability. The researcher report is well worth reading.
Meinberg Advisory – Meinberg published an advisory that discusses two vulnerabilities (one with publicly available exploit) in their LANTIME Firmware.
Open Automation Advisory – Incibe CERT published an advisory that describes eight vulnerabilities in the Open Automation Software OAS Platform.
QNAP Advisory #1 – QNAP published an advisory that describes a cross-site request forgery vulnerability in their NAS running Proxy Server.
QNAP Advisory #2 – QNAP published an