Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Palo Alto Networks, BD, Google ChromeOS, and Linux. Microsoft and Adobe Monthly Patches are expected this afternoon.
Siemens
Siemens has published their Monthly Patches, with 6 new bulletins and 11 updated bulletins. Of the new bulletins, highest CVSSv3 score of 10.
More info.
SIMATIC CN 4100 is vulnerable to authorization bypass through user-controlled key, use of default credentials and unauthenticated IP address change that could allow a remote attacker to login as root or cause a DoS. Highest CVSSv3 score of 9.8
More info.
MaxView Storage Manager shipped with affected SIMATIC IPCs contains a Redfish Server Vulnerability that could provide unauthorized access. CVSSv3 score of 10.
More info.
Schneider Electric Monthly Patches include 1 new and 6 updated bulletins. The new bulletin has a CVSSv3 score of 7.8
More info.
SAP Monthly Patches include 10 new Security Notes and 2 updated Notes. Of the new Notes, 2 are rated Hot News, 4 are rated High, 3 are rated Medium, and 1 rated Low. Highest CVSSv3 score of 9.1
More info.
PAN-OS is vulnerable to the Terrapin MitM attack on SSH, if using the vulnerable algorithms. Highest CVSSv3 score of 6.8 for Terrapin.
More info.
BD has published security patches for Kiestra TLA/WCA and Kiestra ReadA.
More info.
Google has updated ChromeOS and ChromeOS Flex with several security fixes.
More info.
Amazon Linux 1 has updated the kernel. More info.
Comments