New Alerts for Rockwell Automation, Econolite, Microsoft PPTP, Microsoft Edge, IBM, and HCL Software.
Rockwell Automation
Rockwell Automation is aware of multiple products that are affected by vulnerabilities in the GoAhead web server. Exploitation of these vulnerabilities could potentially have a high impact on the confidentiality, integrity and availability of the vulnerable devices. Highest CVSSv3 score of 9.8
Some products are patched, some not.
More info. And here.
Econolite EOS contains Improper Access Control and Use of Weak Hash vulnerabilities. Successful exploitation of these vulnerabilities could result in a remote attacker gaining full control over traffic control functions performed by Econolite hardware. Highest CVSSv3 score of 9.8
No response from Econolite.
More info.
Microsoft has published a security advisory for Windows PPTP. A remote attacker could send a specially crafted connection request to a RAS server, which could lead to RCE on the RAS server machine. CVSSv3 score of 8.1
More info.
Microsoft has updated Edge with the latest chromium vulnerability fixes.
More info.
There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. Highest CVSSv3 score of 10
More info.
HCL BigFix WebUI is affected by security vulnerabilities in BigFix WebUI source code and open source components. Highest CVSSv3 score of 9.8
More info.