Monthly Patches are out for Siemens, Schneider Electric, SAP, and Google Pixel. New Alerts for Apple (Exploit), TRENDnet, and Linux.     

This afternoon Microsoft and Adobe Monthly Patches should be out. Tomorrow there might be Palo Alto Networks patches.


Siemens 

Siemens Monthly Patches are out with 13 new bulletins and 32 updated bulletins. Highest CVSSv3 score of 9.8
More info.

Multiple DoS vulnerabilities exist in the Webserver of SIMATIC and SIPLUS products. CVSSv3 score of 7.5
More info.

Multiple vulnerabilities in third-party components could allow an attacker to impact the SCALANCE XCM332 device's confidentiality, integrity and availability. Highest CVSSv3 score of 9.8
More info.

IPROTEC 5 devices contain a null pointer dereference vulnerability in the web service. This could allow a remote attacker to send maliciously crafted http request that could cause a DoS. CVSSv3 score of 7.5
More info.


Siemens has released a new firmware version for SCALANCE X-200 and X-200 IRT switches that address Bad Alloc vulnerabilities in the underlying operating system. CVSSv3 score of 9.8
More info.

The Mendix Forgot Password module contains an observable response discrepancy issue that could allow a remote attacker to retrieve sensitive information. CVSSv3 score of 5.3
More info.

Polarion ALM is vulnerable to XML External Entity (XXE) injection attack that could allow a remote attacker to potentially disclose confidential data. CVSSv3 score of 5.3
More info.

Schneider Electric 

In their Monthly Patches, Schneider Electric has published 6 new bulletins and 4 updated bulletins. Highest CVSSv3 score of 9.8
More info.

Easy UPS Online Monitoring Software contains missing authentication, and case sensitivity vulnerabilities. Highest CVSSv3 score of 9.8
More info.

SAP 

SAP Monthly Patches include 19 new Security Notes and 5 updated Notes. Of the new Notes, 2 are rated Hot News, 1 is rated High, 13 are rated Medium, and 3 rated Low. Highest CVSSv3 score of 10.
More info.

Google 

Pixel Monthly Patches are out with 15 patched vulnerabilities plus Android and Qualcomm patches. 9 of the patches are rated Critical.
More info.

Apple Exploit

Apple has published updates again for macOS, iOS and iPadOS. With active exploits again.
More info.

TRENDnet 

TRENDnet has reported buffer overflow vulnerabilities involving the TEW-755AP, TEW-821DAP, and TEW-825DAP wireless Access Points that could allow a remote attacker to take over the device and gain access to its operating system.
More info.

Linux 

SUSE has updated the kernel. More info.

Oracle Linux has updated the kernel. More info.

Security Wizardry Cyber Threat Intelligence - The Radar Page


https://radar.securitywizardry.com/

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/mobile-radar.htm

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts