Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Node.js, Django, ifm electronic, and Linux. Monthly Patches are expected this afternoon for Microsoft and Adobe.
Siemens
Monthly Patches are out, with 38 bulletins, 17 new and 21 updated bulletins. Of the new bulletins, the highest CVSSv3 score is 9.6
More info.
The Mendix Encryption module defines a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an attacker to decrypt any encrypted project data. CVSSv4 score of 8.7
More info.
SIMATIC WinCC and SIMATIC PCS 7 do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This could allow a remote attacker to retrieve information such as users and passwords. CVSSv4 score of 8.2
More info.
Schneider Electric Monthly Patches include 4 new bulletins and 3 updated bulletins. Highest CVSSv3 score of 9.8 for a product discontinued 9 years ago.
More info.
SAP Security Patch Day includes 16 new Security Notes and updates to 2 previous Security Notes. Of the new Notes, Highest CVSSv3 score of 7.7
More info.
Node.js has fixed 5 vulnerabilities, 1 rated High, 1 rated Medium, and 3 rated Low. Highest CVSSv3 score of 7.3
More info.
Django has published security releases that fix potential DoS and user enumeration vulnerabilities.
More info.
Smart PLC firmware for Smart PLC controllers has hardcoded credentials. The endpoint hosts a scripts capable of executing various commands. Highest CVSSv3 score of 9.8
More info.
SUSE has updated the kernel. More info.
Red Hat has updated the kernel and kernel-rt. More info.
Oracle Linux has updated the kernel. More info.
Security Wizardry Cyber Threat Intelligence - The Radar Page
Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page