By michele654 on Tuesday, 10 September 2024
Category: Vulnerabilities

New Vulnerabilities Tuesday 10 September


Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Endress+Hauser, Phoenix Contact, BD, HPE, LANCOM, IBM, and Linux. 

Monthly Patches for Microsoft and Adobe are expected later today.

Siemens 

Siemens Monthly Patches are out with 36 bulletins, 17 new and 19 updated. Of the new bulletins, 10 address vulnerabilities that are remotely exploitable without authentication with a highest CVSSv4 score of 10.
More info.

Industrial Edge Management contains an Authorization Bypass vulnerability that could allow a remote attacker to impersonate other devices onboarded to the system. CVSSv4 score of 10.
More info.

Schneider Electric 

Schneider Electric Monthly Patches include 5 bulletins, 2 new and 3 updated. Of the new bulletins, highest CVSSv3 score of 7.8
More info.

SAP 

SAP has published their Monthly Patches, with 19 Security Notes, 16 new and 3 updated. Of the new Notes, highest CVSSv3 score of 6.5
More info.

Endress+Hauser 

Echo Curve Viewer contains a vulnerability that allows a remote attacker to run malicious c# code included in curve files and execute commands in the users context. CVSSv3 score of 9.8
More info.

Phoenix Contact 

Multiple mGuard devices are vulnerable to a drain of open file descriptors. CVSSv3 score of 5.3
More info. And here.

Multiple mGuard devices are vulnerable to a remote code injection due to SSH. CVSSv3 score of 8.1
More info. And here.

HPE 

HPE has identified DoS vulnerabilities in HP-UX System's NFSv4 and RPC. Highest CVSSv3 score of 9.3
More info. And here.

BD 

BD has published updates to fix third-party software in Kiestra TLA/WCA, Kiestra TLA Track, Kiestra ReadA, and Kiestra InoqulA.
More info.

LANCOM 

LCOS contains a vulnerability that could allow a remote attacker to trigger a Heap Overflow in the web interface, resulting in a DoS.
More info. And here.

IBM 

go-git vulnerabilities have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. Highest CVSSv3 score of 9.8
More info.

Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation. Highest CVSSv3 score of 9.8
More info.

Linux 

Amazon Linux 2 and Amazon Linux 2023 have updated the kernel and microcode. More info. And here.

Security Wizardry Cyber Threat Intelligence - The Radar Page

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

SecurityWizardry.com - Vulnerability Details