Microsoft
Microsoft Monthly Patches include 98 vulnerabilities, 11 rated Critical (7 of which allow RCE), 1 publicly disclosed, and 1 Exploited. Highest CVSSv3 score of 8.8
More info. And here.
Adobe Monthly Patches are out, with updates for Acrobat and Reader, InDesign, InCopy, and Dimension. All vulnerabilities require Local access. Highest CVSSv3 score of 7.8
More info.
Siemens
Siemens Monthly Patches include 6 new bulletins and 16 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.9
More info.
A new version for SINEC INS fixes multiple vulnerabilities that could allow an attacker to read and write arbitrary files from the file system of the affected component and to ultimately execute arbitrary code on the device. Highest CVSSv3 score of 9.9
More info.
The Mendix SAML module is affected by a reflected cross-site scripting (XSS) vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. CVSSv3 score of 9.3
More info.
Automation License Manager fixes multiple vulnerabilities which, when combined, could allow an attacker to modify and rename license files, extract licenses and overwrite arbitrary files on the target system potentially leading to privilege escalation and remote code execution. Highest CVSSv3 score of 8.2
More info.
Schneider Electric Monthly Patches are out, with 6 new bulletins and 3 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.1
More info.
A vulnerability in EcoStruxure Machine Expert - HVAC could cause sensitive information leakage when accessing a malicious web page from the commissioning software. CVSSv3 score of 4.3
More info.
Multiple vulnerabilities in EcoStruxure Geo SCADA Expert could allow a remote attacker to cause a DoS or information disclosure. Highest CVSSv3 score of 9.1
More info.
A vulnerability in EcoStruxure Power Operation and Power SCADA Operation software could allow a remote attacker to cause a DoS. CVSSv3 score of 7.5
More info.
Multiple vulnerabilities in EcoStruxure Control Expert, EcoStruxure Process Expert and Modicon PLCs and PACs could allow a remote attacker to cause arbitrary code execution or DoS when a malicious project file is loaded onto the controller. CVSSv3 score of 7.5
More info.
Multiple vulnerabilities in EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340, M580 and M580 CPU Safety could allow an authentication bypass by hijacking an authenticated Modbus session. CVSSv3 score of 8.1
More info.
SAP Security Patch Day saw the release of 9 new Security Notes. Further, there were updates to 3 previously released Security Notes. Of the new Notes, 4 are rated Hot News and 5 are rated Medium. Highest CVSSv3 score of 9.9
More info.
Multiple vulnerabilities have been patched in IBM Answer Retrieval for Watson Discovery. Highest CVSSv3 score of 10
More info.
BD has published Microsoft and third party software updates for FACSCanto II System, FACSMelody, and FACSCelesta.
More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Alpine Linux has released 3.17.1. More info.
Comments