Skip to main content

CND News and Blog

New Vulnerabilities Thursday 19 September


New Alerts for GE Vernova, IDEC, MegaSys, CoreDNS, SICK, Grafana, and Linux.

GE Vernova 

ControlST – Control Server has been updated to fix several VMware vulnerabilities. Highest CVSSv3 score of 9.8
More info.

IDEC 

WindLDR and Operator Interfaces' Touchscreen Programming Software WindO/I-NV4 contain a Cleartext Storage of Sensitive Information vulnerability. A remote attacker who obtains a project file could obtain user authentication information for the PLC or Operator Interface. CVSSv3 score of 5.9
More info. And here.

PLCs contain Cleartext Transmission of Sensitive Information and Generation of Predictable Identifiers vulnerabilities. Highest CVSSv3 score of 5.3
More info. And here.

MegaSys 

Telenium Online Web Applicationcontains an Improper Input Validation vulnerability that could allow a remote attacker to inject arbitrary Perl code through a crafted HTTP request, leading to RCE. CVSSv4 score of 9.3.
More info.

CoreDNS 

There is a vulnerability in DNS which triggers a resolver to ignore valid responses, thus causing DoS. A remote attacker could forge a response targeting the source port of a vulnerable resolver. CVSSv3 score of 8.2
More info.

SICK 

SICK MSC800 contains a vulnerability that allows a remote attacker to modify the IP address of the product through the SopasET interface, potentially leading to DoS. CVSSv3 score of 7.5
More info.

Grafana 

The grafana plugin SDK bundles build metadata into the binaries it compiles and includes the repository URI. If credentials are included in the repository URI the final binary will contain the full URI, including said credentials. CVSSv4 score of 9.1
More info.

Linux 

SUSE has updated the kernel and microcode. More info.
OpenSUSE has updated the microcode. More info.
Oracle Linux has updated the kernel. More info.
Amazon Linux 2 has updated the kernel, systemd, and microcode. More info.
Amazon Linux 2023 has updated the kernel and microcode. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 04 October 2024

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/