Skip to main content

CND News and Blog

New Vulnerabilities Tuesday 11 October


Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Apple iOS, Phoenix Contact, and Linux.    

Microsoft and Adobe Monthly Patches are expected this afternoon, and Palo Alto are expected tomorrow.

Schneider Electric 

Monthly Patches have been published, with 4 new bulletins and 8 updated bulletins. Of the new bulletins, highest CVSSv3 score is 7.3
More info.

An Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user's local machine when the user clicks a specially crafted link.
More info.

Siemens 

Monthly Patches are out, with 16 new bulletins and 11 updated bulletins. Not all are patched. Highest CVSSv3 score of 9.8
More info.

LOGO! 8 BM (incl. SIPLUS variants) contains multiple web-related vulnerabilities. These could allow an attacker to execute code remotely, put the device into a denial of service state or retrieve parts of the memory. CVSSv3 score of 9.8 No patches yet.
More info.

Session fixation and incorrect parameter parsing vulnerabilities were identified in the web server of SICAM P850 and SICAM P855 devices. CVSSv3 score of 9.8
More info.

Several SIMATIC HMI Panels are affected by a vulnerability that could allow a remote attacker to cause a permanent DoS by sending specially crafted TCP packets. CVSSv3 score of 7.5
More info.

Desigo CC and Cerberus DMS implement client-side only authentication for specific parts of their client-server communication. Unauthenticated remote attackers could impersonate other users or exploit the client-server protocol. CVSSv3 score of 9.8
More info.

Several RuggedCom and Scalance products contain a DoS vulnerability in the TCP event interface that could allow an unauthenticated remote attacker to render the device unusable. CVSSv3 score of 8.6
More info.

The FTP server of Nucleus NET in Nucleus Real-Time Operating System does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a DoS on devices that incorporate a vulnerable version of the FTP server. CVSSv3 score of 7.5
More info. And here.

SAP 

SAP Security Patch Day saw the release of 15 new and 2 updated Security Notes. Of the new Notes, 2 are rated Hot News, 5 are rated High, and 8 are rated Medium. Highest CVSSv3 score of 9.9
More info.

Apple 

Apple has published an update for iOS 16 that fixes a DoS by email vulnerability.
More info.

Phoenix Contact 

Updates are out for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements. Highest CVSSv3 score of 9.8
More info. And here.

Linux 

Red Hat has updated the kernel, kpatch, and others. More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, 28 March 2024

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/