CND News and Blog

New Vulnerabilities Tuesday 09 August


Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for AUMA, Exim, SICK, NetApp, and Linux.                   

Microsoft and Adobe Monthly Patches are expected out this afternoon.


Siemens 

Siemens Monthly Patches are out, with 4 new bulletins and 38 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.1
More info.

SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow remote attackers to create a DoS. Highest CVSSv3 score of 9.1
More info.

Teamcenter is affected by two security vulnerabilities in the File Service Cache service that could lead to command injection and DoS. Highest CVSSv3 score of 7.6
More info.

Simcenter STAR-CCM+ contains an information disclosure vulnerability when using the Power-on-Demand public license server. An attacker could access a system's host, user, and display name. CVSSv3 score of 5.3
More info.

A vulnerability was identified in the web server module used in the SICAM A8000 CP-8000, CP-8021 and CP-8022 devices' protocol firmwares that could allow unauthenticated access to the web interface of the affected web server module. This module is off by default. CVSSv3 score of 4.3
More info.

Schneider Electric 

Schneider Electric Monthly Patches are published, with 4 new bulletins and 7 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.8
More info.

Schneider Electric is aware of a Weak Password Recovery Mechanism for Forgotten Password vulnerability in its EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M580 and M340 control products. A remote attacker could achieve unauthorized access in read and write mode to the controller when communicating over Modbus. CVSSv3 score of 9.8
More info.

DoS and Information Exposure vulnerabilities exist Modicon PAC Controllers when using Modbus TCP. CVSSv3 score of 7.5
More info. And here.

SAP 

SAP has released 5 new Security Notes and 2 updated Notes in their Monthly Patch Day. Highest CVSSv3 score in the new Notes is 8.2, but one of the updated Note has a score of 10.
More info.

AUMA 

The SIMA2 Master Station includes an outdated version of ntpd which is affected by a large number of vulnerabilities, dating back to 2016. Highest CVSSv3 score of 9.8
More info.

Exim 

Multiple vulnerabilities have been discovered in Exim, the most severe of which could allow for RCE. Successful exploitation of the most severe of these vulnerabilities will enable the attacker to perform command execution as root in the context of the mail server.
More info.

SICK 

SICK SIM products include OpenSSL which has a DoS vulnerability from March. CVSSv3 score of 7.5. Updates are planned, but not available.
More info.

NetApp 

StorageGRID is susceptible to a vulnerability in the linux kernel that could allow a remote attacker to view limited metrics information and modify alert email recipients and content. CVSSv3 score of 7.3
More info.

Linux 

SUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Alpine Linux has put out a new release. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, 25 September 2022

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Are You Ready To Find Out More?

Arrange a Chat With Our Friendly Service Delivery Team.