New Alerts for GE Vernova, IDEC, MegaSys, CoreDNS, SICK, Grafana, and Linux.
GE Vernova
ControlST – Control Server has been updated to fix several VMware vulnerabilities. Highest CVSSv3 score of 9.8
More info.
WindLDR and Operator Interfaces' Touchscreen Programming Software WindO/I-NV4 contain a Cleartext Storage of Sensitive Information vulnerability. A remote attacker who obtains a project file could obtain user authentication information for the PLC or Operator Interface. CVSSv3 score of 5.9
More info. And here.
PLCs contain Cleartext Transmission of Sensitive Information and Generation of Predictable Identifiers vulnerabilities. Highest CVSSv3 score of 5.3
More info. And here.
Telenium Online Web Applicationcontains an Improper Input Validation vulnerability that could allow a remote attacker to inject arbitrary Perl code through a crafted HTTP request, leading to RCE. CVSSv4 score of 9.3.
More info.
There is a vulnerability in DNS which triggers a resolver to ignore valid responses, thus causing DoS. A remote attacker could forge a response targeting the source port of a vulnerable resolver. CVSSv3 score of 8.2
More info.
SICK MSC800 contains a vulnerability that allows a remote attacker to modify the IP address of the product through the SopasET interface, potentially leading to DoS. CVSSv3 score of 7.5
More info.
The grafana plugin SDK bundles build metadata into the binaries it compiles and includes the repository URI. If credentials are included in the repository URI the final binary will contain the full URI, including said credentials. CVSSv4 score of 9.1
More info.
SUSE has updated the kernel and microcode. More info.
OpenSUSE has updated the microcode. More info.
Oracle Linux has updated the kernel. More info.
Amazon Linux 2 has updated the kernel, systemd, and microcode. More info.
Amazon Linux 2023 has updated the kernel and microcode. More info.
Comments