CND News and Blog

New Alerts for Hitachi Energy and Mozilla. Hitachi Energy  A vulnerability exists in the RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. CVSSv3 score...

New Alerts for IBM, WatchGuard, Panasonic, and OpenSSH. IBM  IBM QRadar SIEM includes vulnerable components that could be identified and exploited with automated tools. Highest CVSSv3 score of 9.4More info. WatchGuard  BGP software such as FRRRouting FRR and Quagga included as part of Fireware OS enable a remote attacker to incorrectly re...

New Alerts for Unitronics, Microsoft Edge, HP, Tenable, and Linux. Unitronics  Unitronics Vision Series PLCs and HMIs has been updated to correct the use default administrative passwords. A remote attacker can take administrative control of the system. CVSSv3 score of 9.8More info. And here. Microsoft  Microsoft has updated Edge with the ...

Monthly Patches are out for Palo Alto Networks. New Alerts for IBM, Dell, Squid, HPE, NetApp, and Linux. Palo Alto Networks  Palo Alto Monthly Patches include 7 bulletins, 1 rated High and 6 rated Medium. Highest CVSSv3 score of 7.5More info. IBM  IBM Maximo Application Suite uses gevent, which contains a vulnerability that can be exploit...

Monthly Patches are out for Microsoft, Adobe, Fortinet, and Atlassian. New Alerts for Bosch and Linux. Microsoft  Microsoft Monthly Patches include 35 new patches, 4 are rated Critical, 30 are rated Important, and 1 is rated Moderate. There are also 5 chromium vulnerabilities fixed in Edge. Highest CVSSv3 score of 9.6. One vulnerability was pu...

Monthly Patches are out for SAP, Siemens, and Schneider Electric. New Alerts for Apple (Exploit), Phoenix Contact, and Linux. Monthly Patches for Microsoft and Adobe are expected later today. SAP  SAP Monthly Patches include 15 new bulletins and 2 updates. Of the new bulletins 2 is rated Hot News, 4 are rated High, 7 are rated Medium, and 2 ar...

New Alerts for HashiCorp, JTEKT, Beckhoff, Atos Unify, and NetApp. HashiCorp  Vault and Vault Enterprise are vulnerable to DoS through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. CVSSv3 score of 7.5More info. JTEKT  Multiple vulnerabilities were found in HMI GC-A2 series...

New Alerts for Johnson Controls, Microsoft Edge, and HPE. Johnson Controls  A vulnerability in Metasys and Facility Explorer allows a remote attacker to send invalid authentication credentials to the login endpoint and cause a DoS. CVSSv3 score of 7.5More info. And here. Microsoft  Microsoft has updated Edge to include the latest chromium...

New Alerts for Apache Struts, Google Pixel, Dell, and Linux. Apache  A vulnerability in Struts allows a remote attacker to manipulate file upload params and enable paths traversal. This can lead to uploading a malicious file which can be used to perform RCE. CVSSv3 score of 9.8More info. Google  Monthly Patches for Google Pixel are out wi...

New Alerts for Atlassian, IBM, FreeBSD, Google Chrome, and Linux. Atlassian  Atlassian has published several bulletins covering RCE vulnerabilities in Confluence Data Center and Server, Companion App for MacOS, Assets Discory, and products with the SnakeYAML library. Highest CVSSv3 score of 9.8More info. IBM  Multiple vulnerabilities in R...

A collection of 21 security flaws have been discovered in Sierra Wireless AirLink cellular routers and open-source software components like TinyXML and OpenNDS. Collectively tracked as Sierra:21, the issues expose over 86,000 devices across critical sectors like energy, healthcare, waste management, retail, emergency services, and vehicle tracking to cyber threats, according

Monthly Patches are out for Google Android and Samsung. New Alerts for Pilz, Wago, CODESYS, Dell, Ivanti, and Linux. Google  Google Android patches are out with 34 vulnerabilities along with Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm patches. Of the Android patches, 4 are rated Critical and 30 are rated High.More info. Samsu...

Monthly Patches are out for Qualcomm and MediaTek. New Alerts for Squid, Samsung, Dell, Peplink, and Linux. Squid  Several vulnerabilities in Squid allow a DoS attack by a remote attacker. CVSSv3 score of 8.6More info. And here. And here. Samsung  There are several vulnerabilities in Exynos products that could allow Information Disclosure...

New Alerts for VMware, PTC, Yokogawa, Apple (Exploit), IBM, NetApp, and Linux. VMware  VMware Cloud Director Appliance contains an authentication bypass vulnerability in the case where VMware Cloud Director Appliance was upgraded to 10.5 from an older version. CVSSv3 score of 9.8More info. PTC  PTC Kepware products are affected by vulnera...

New Alerts for Tenable, Medtronic, Microsoft Edge, and Zyxel. Tenable  Nessus Network Monitor has been updated to correct vulnerabilities in third-party software including HandlebarsJS, OpenSSL, and jquery-file-upload. Highest CVSSv3 score of 9.8More info. Medtronic  Mainspring Data Express and Vital Sync Virtual Patient Monitoring Platfo...

New Alerts for Delta Electronics, Google Chrome, Sierra Wireless, IBM, Dell, and Linux. Delta Electronics  InfraSuite Device Master contains several vulnerabilities, including Path Traversal, Deserialization of Untrusted Data, and Exposed Dangerous Method or Function. Successful exploitation could allow a remote attacker to remotely execute ar...

New Alerts for Zyxel, Festo, F5, NETGEAR, Hitachi Energy, Xerox, Apache Tomcat, and Linux. Zyxel  Zyxel Firewall and AP products contain several vulnerabilities, one of which could be exploited by a remote attacker to trigger a DoS. CVSSv3 score of 7.5More info. Festo  Festo products use WIBU CodeMeter Runtime. A remote attacker exploitin...

New Alerts for HPE, Arcserve, and Control iD (0-Day). HPE  Vulnerabilities in curl have been addressed in OSS Network Utilities (T1204). Highest CVSSv3 score of 9.8More info. Arcserve  Several vulnerabilities in Arcserve UDP allow a remote attacker to upload and execute arbitrary files, and bypass authentication with a valid UUID.More inf...

New Alerts for Philips, Hikvision, NetApp, and Linux. Philips  IntelliSpace PACS 2 and Universal Data Manager are affected by a BIG-IP Configuration utility unauthenticated remote code execution vulnerability. CVSSv3 score of 9.8No patches yet.More info. Hikvision  Hikvision products have been affected by an authentication bypass vulnerab...