CND News and Blog

New Alerts for Rockwell Automation, IBM, NETGEAR, Mozilla Thunderbird, and Linux. Rockwell Automation  Modbus TCP Server Add-On Instructions (AOI) for ControlLogix and CompactLogix controllers contains a vulnerability that would allow a remote attacker to gain information when the Modbus TCP Server AOI accepts a malformed request. CVSSv3 score...

Monthly Patches are out for Microsoft and Adobe. New Alerts for AVEVA, Moxa, Aruba, and Mozilla.   Palo Alto Networks patches are expected this afternoon. Microsoft - Exploit Microsoft Monthly Patches include 76 vulnerabiltiies, 9 rated Critical and 2 are being Exploited. Highest CVSSv3 score of 9.8More info. And here.There is a RCE affecting ...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Microsoft Edge, Phoenix Contact, and Omron.     Monthly Patches for Microsoft and Adobe should be out this afternoon.    Palo Alto Networks Monthly Patches are due tomorrow.  Siemens  Siemens Monthly Patches are out, with 7 new bulletins a...

Updates for Dell and Linux. Tomorrow is Patch Tuesday. Dell  Dell VxRail remediation is available for multiple security vulnerabilities in third-party software. Dell rates this Critical.More info. Linux  Red Hat has updated kpatch. More info.Mageia has updated the kernel. More info. Security Wizardry Cyber Threat Intelligence - The Radar ...

New Alerts for Akuvox (Exploit), GE Grid Solutions, Lexmark, NetApp, and WithSecure. Akuvox - Exploit Akuvox E11, a smart intercom, contains several vulnerabilities that could cause loss of sensitive information, unauthorized access, and grant full administrative control to an attacker. Highest CVSSv3 score of 9.8More info. And here. GE Grid Soluti...

New Alerts for Cisco and Linux.  Cisco  Cisco has published 2 new bulletins, Highest CVSSv3 score of 8.6More info.A vulnerability in the BFD hardware offload feature of Cisco IOS XR Software could allow a remote attacker to cause a line card to reset, resulting in a DoS. CVSSv3 score of 8.6More info. Linux  CentOS has updated the ker...

Monthly Patches are out for Fortinet. New Alerts for Google Chrome, Moxa, CODESYS, ABB, Apache, Veeam, Ivanti, and Linux. Google  Google has published a security update for Chrome for desktop that fixes 40 security vulnerabilities.More info.Microsoft is aware. More info. Fortinet  Fortinet Monthy Patches include 15 bulletins, 1 rated Crit...

Monthly Patches for Google Android and Samsung are out. New Alerts for IBM and Linux. Google  Android Monthly Patches include 31 vulnerabilities, 2 rated Critical and the rest High, along with MediaTek, Unisoc, and Qualcomm patches. The most severe vulnerabilities could lead to RCE.More info.There is currently no Pixel bulletin, maybe later to...

Monthly Patches are out for Qualcomm and MediaTek. New Alert for Linux. Tomorrow is mobile patch day, including Android and Samsung. Qualcomm  Qualcomm Monthly Patches include 20 vulnerabilities, 4 rated Critical, 15 rated High, and 1 rated Medium. There are 4 additional vulnerabilities in open source software. Highest CVSSv3 score of 9.8More ...

New Alerts for Bosch, Xerox, Western Digital, Wireshark, Nessus, and Linux. Bosch  Bosch Rexroth rebrands Phoenix Contact equipment and has published a bulletin regarding a vulnerability in routers FL MGUARD and TC MGUARD, fixed by Phoenix Contact in November. CVSSv3 score of 7.5More info. Xerox  Xerox has updatecd third-party software in...

New Alerts for Cisco, Sophos, Mitsubishi Electric, BD, IBM, NetApp, StrongSwan, and Linux. Cisco  Cisco has published 5 new bulletins, 1 rated Critical and 4 rated Medium. Highest CVSSv3 score of 9.8More info.Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacke...

New Alerts for Aruba, Riello UPS, and Mozilla. Aruba  Aruba has released patches for ArubaOS that address multiple security vulnerabilities. Highest CVSSv3 score of 9.8More info. HPE's bulletin here. Riello UPS Three vulnerabilities have been identified in NetMan 204, no patches are available yet. Highest CVSSv3 score of 10More info. Mozilla&n...

New Alerts for WAGO, ABB, IBM, ASUS, HCL Software, and Linux. WAGO  The Web-Based Management of WAGOs programmable logic controller is typically used for administration, commissioning and updates. A remote attacker can write data with root privileges or perform reflected XSS attacks. Highest CVSSv3 score of 9.8More info. ABB  Hitachi's IE...

New Alerts for PTC, GE Grid, and Microsoft Edge. PTC  ThingWorx Edge contains several vulnerabilities, including Improper Validation of Array Index, and Integer Overflow or Wraparound. Highest CVSSv3 score of 9.8More info. GE  GE Grid Solutions has published updates for the UR Software line that fixes several vulnerabilities in third-part...

New Alerts for NetApp and Linux. NetApp  NetApp has published 11 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.8Six have patches.More info. Linux  SUSE has updated the kernel. More info.Ubuntu has updated the kernel. More info. Security Wizardry Cyber Threat Intelli...

New Alerts for Google Chrome, Cisco, BD, Synology, and Linux. Google  Chrome for Desktop has been updated to include 10 security fixes, at least one rated Critical.More info. Cisco  Cisco has published 7 new bulletins and 1 updated bulletin. Of the new bulletins, 2 are rated High, 4 Medium, and 1 is Informational.More info.A vulnerability...

New Alerts for IBM, SICK, HPE, Zyxel, and Tenable. IBM  IBM Aspera Faspex could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. Highest CVSSv3 score of 9.8More info.NSS & NSPR vulnerabilities affect the IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 products. These vulnerabilit...

New Alerts for Apache Tomcat and Mitsubishi Electric. Apache  Apache Tomcat uses Apache Commons FileUpload, which does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.More info. Mitsubishi Electric  MELSOFT iQ AppPortal uses Vis...

New Alerts for Cisco, MISP, and BD. Cisco  Cisco is updating their products for the recent ClamAV vulnerability. CVSSv3 score of 9.8More info. MISP  MISP had two Critical SQL injection vulnerabilities. They obfuscated the fix to the customers, (read the notice), so this was back in November/December. They have just published the notice.Mo...

Monthly Patches are out for Fortinet. New Alerts for Netgate, Sub-IoT, Commscope RUCKUS, WAGO, NetApp, and Linux. Netgate  pfSense login protection managed by sshguard, such as preventing brute force attempts, may not be enforced depending on the content of the request headers in GUI authentication attempts, which may allow an attacker to cont...