CND News and Blog

New Alerts for APSystems, HPE, F5, Mozilla, GitLab, ZKTeco, and Linux. APSystems  OS command injection affects Altenergy Power Control software via shell metacharacters in the timezone parameter. CVSSv3 score of 9.8No response from vendor.More info. HPE  Potential security vulnerabilities has been identified in HPE Fabric OS. These vulner...

New Alerts for Omron, IBM, Hitachi, NetApp, and Linux. Omron  Vulnerabilities related to NicheStack TCP/IP stack exist in the EtherNet/IPTM option board for Multi-function Compact Inverter 3G3MX2. An attacker may use these vulnerabilities to perform RCE, DoS, or obtain sensitive information. Highest CVSSv3 score of 9.8No patch.More info. IBM&n...

New Alerts for WAGO, IBM, Synology, Microsoft Azure, and Linux. WAGO  Multiple WAGO devices are prone to vulnerabilites in the used CODESYS V3 framework. Highest CVSSv3 score of 8.8No patch yet.More info. IBM  Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps. Highest CVSSv3 score of 9.8More info.Multiple security ...

New Alerts for PTC, QNAP, and Linux. PTC  A remote attacker can perform a DoS attack on KEPServerEX by performing resource exhaustion. CVSSv3 score of 7.5No patch yet.More info. And here. QNAP  An uncontrolled resource consumption vulnerability has been reported to affect multiple QNAP operating systems. If exploited, the vulnerability al...

New Alerts for Veritas, Fujitsu, Mitsubishi Electric, and Linux. Veritas  A vulnerability was discovered in Veritas NetBackup Snapshot Manager which allowed untrusted clients to interact with the RabbitMQ service. CVSSv3 score of 9.8More info. Fujitsu  Real-time Video Transmission Gear IP series provided by Fujitsu Limited uses hard-coded...

New Alerts for Crestron, Johnson Controls, Emerson, Bosch, B&R Automation, HPE Aruba (Exploit), Tenable, and Linux. Crestron  Aan issue exists in the 3-Series Control Systems where crafting and sending a specific BACnet packet can crash the system.More info. And here. Johnson Controls  Johnson Controls IQ Wifi 6 contains a vulnerabili...

New Alerts for Apple (Exploit), Ivanti (Exploit), Belden, Hitachi Energy, IBM, NetApp, PaperCut, WIBU, and Linux. Apple Exploit Apple has published updates for Safari, iOS, iPadOS, macOS, tvOS, and watchOS. Highest CVSSv3 score of 9.8At least two vulnerabilities have been exploited.More info. And here. Ivanti Exploit An authentication bypass vulner...

New Alert for Microsoft Edge. Microsoft  Microsoft has updated Edge to include all chromium updates, and 3 additional Edge specific vulnerabilities.More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of o...

New Alerts for Digi, HP, Mozilla, Google ChromeOS, and Linux. Digi  Digi has patched the NDS and NET+OS product lines to fix an incompletely patched Ripple20 vulnerability. CVSSv3 score of 9.0More info. HP  Certain HP LaserJet Pro print products are potentially vulnerable to an elevation of privilege and/or information disclosure related ...

New Alerts for OpenSSH (Exploit), Adobe (Exploit), Atlassian, Ivanti, and Linux. OpenSSH Exploit The PKCS#11 support ssh-agent could be abused to achieve remote code execution via a forwarded agent socket. Exploitation requires specific libraries on the victim system and the agent forwarded to an attacker-controlled system.More info. Adobe Exploit ...

New Alerts for GeoVision, Weintek, Iagona, Rockwell Automation, Dell, and Google Chrome. GeoVision  GeoVision GV-ADR2701 cameras contain an Improper Authentication vulnerability. A remote attacker can edit the login response to access the web application. CVSSv3 score of 9.8No patch, upgrade the physical camera.More info. Weintek  Weintek...

Quarterly Patches are expected for Oracle this afternoon. New Alerts for Rockwell Automation, IBM, NetApp, Veritas, Citrix (Exploit), and Linux. Rockwell Automation  The Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. The new ENIP connections cannot be established if impacted by this vulnerability, which prohibits opera...

New Alerts for Adobe (Exploit), Secomea, Bitdefender, and Linux.         Tomorrow is Oracle Quarterly Patch day, the pre-release notice is out.  More info. Adobe Exploit Adobe has published a bulletin for ColdFusion that corrects a vulnerability that allows arbitrary code execution. CVSSv3 score of 9.8 Exploit PoC exis...

New Alerts for Honeywell, Microsoft Edge, and Linux. Honeywell  Experion PKS, LX, and PlantCruise contains several vulnerabilities that allow DoS, privilege escalation, or RCE. Highest CVSSv3 score of 9.8More info. Microsoft  Microsoft has published an update for Edge that includes the latest chromium updates and three Edge specific updat...

Monthly Patches are out for Juniper Networks. New Alerts for Cisco, Apple (Exploit). Dell, SonicWall, Setelsa Security, NETGEAR, vm2, Wireshark, and Linux. Cisco  A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow a remote attacker to gain read permissions or limited write per...

Monthly Patches are out for Microsoft and Adobe. New Alerts for Fortinet, Technicolor, Rockwell Automation, and Linux. It appears Apple pulled yesterday's RSR patch from the update servers. Microsoft Exploit Microsoft Monthly Patches are out, with 132 patched vulnerabilities, 9 rated Critical and 6 exploited in the wild. Highest CVSSv3 score of 9.8...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Apple (Exploit), IBM, Mozilla, BD, and Linux. Monthly Patches for Microsoft and Adobe are expected this afternoon. Siemens  Siemens Monthly Patches are out, with 5 new bulletins and 12 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.8More info.D...

New Alerts for SICK, Aruba, and Asterisk. Tomorrow is Patch Tuesday. SICK  Several security vulnerabilities have been found in the SICK ICR890-4. If exploited, these could allow a remote attacker to compromise the availability or confidentiality of the SICK ICR890-4. Highest CVSSv3 score of 8.6More info. Aruba  HPE Aruba Networking has re...

New Alerts for PiiGAB, VMware, Atos, IBM, NetApp, and Linux. PiiGAB  M-Bus SoftwarePack 900s contains multiple vulnerabilities that allows a remote attacker to inject arbitrary commands, steal passwords, or trick valid users into executing malicious commands. CVSSv3 score of 9.8More info. VMware  VMware SD-WAN contains a bypass authentica...

Monthly Patches are out for Google Android, Pixel, Android Automotive OS, and Samsung. New Alerts for Cisco, Unitronics, Dell, and Linux. Google  Android Monthly Patches are out, with 27 vulnerabilities, 1 rated Critical and 26 rated High, plus Qualcomm, MediaTek, Arm, and Imagination Technologies patches.More info.Pixel Monthly Patches includ...