Monthly Patches are out for Siemens, SAP, and Schneider Electric. New Alerts for Google Chrome, Phoenix Contact, and IBM. Monthly Patches for Microsoft and Adobe are expected this afternoon.
Google has published an update for Chrome for Desktop with fixes for 11 security vulnerabilities.
More info.
mGuard Device Manager uses the Apache webserver. A vulnerability was found that allows HTTP Request Smuggling. Attackers with network access to the Apache web server can download and read mGuard configuration profiles, which may contain sensitive information. CVSSv3 score of 9.8
More info. And here.
Phoenix Contact FL MGUARD, TC MGUARD devices, mGuard Device Manager and FL WLAN devices use a vulnerable version of OpenSSL. By sending a crafted certificate, attackers may trigger an infinite loop in the receiving service, causing a DoS. CVSSv3 score of 7.5
More info. And here.
AXC F x152 Firmware contains multiple Linux component vulnerabilities. Availability, integrity, or confidentiality might be compromised by attacks using these vulnerabilities. Highest CVSSv3 score of 9.8
More info. And here.
Monthly Patches are out for Siemens products, with 11 new bulletins and 33 updated bulletins. Highest CVSSv3 score of 10.
More info.
SIMATIC Energy Manager is affected by multiple vulnerabilities that could allow an attacker to gain local privilege escalation, local code execution or remote code execution. CVSSv3 score of 10
More info.
Several SCALANCE X-300 switches contain multiple vulnerabilities. A remote attacker could reboot, cause a DoS and potentially impact the system by other means through heap and buffer overflow vulnerabilities. Highest CVSSv3 score of 9.6
More info.
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. CVSSv3 score of 5.3
More info.
SIMATIC S7-400 CPU devices contain an input validation vulnerability that could allow an attacker to cause a DoS. A restart is needed to restore normal operations. CVSSv3 score of 7.5
More info.
A vulnerability in TIA Administrator occurs that could allow an unauthenticated attacker to cause a DoS. CVSSv3 score of 7.5
More info.
SICAM A8000 CP-8050 and CP-8031 devices contain vulnerabilities that could allow an attacker to access files without authentication. CVSSv3 score of 5.3
More info.
An information disclosure vulnerability in Mendix applications was discovered. The vulnerability could allow to read sensitive data. CVSSv3 score of 5.3
More info.
SAP Security Patch Day includes the release of 22 new Security Notes and 9 updates to previously released Patch Day Security Notes. Of the new notes, 2 are rated Hot News (both are Spring RCEs), 4 are rated High, 15 Medium, and 1 rated Low.
More info.
Schneider Electric Monthly Patches include 2 new bulletins and 5 updated bulletins.
More info.
A Buffer Copy without Checking Size of Input vulnerability exists in the Data Server module for the IGSS product. A remote attacker could send a specially crafted message, allowing remote code execution. CVSSv3 score of 9.8
More info.
Modicon M340 Controller and Communication Modules contain an Improper Privilege Management vulnerability that could cause a DoS of the Ethernet communication of the controller. CVSSv3 score of 7.5
More info.
Several IBM products are affected by the Spring vulnerabilities, including Sterling B2B Integrator, Maximo For Civil infrastructure, and Data Risk Manager.
More info. And here. And here.
IBM Process Mining is vulnerable to Prototype Pollution due to json-schema. CVSSv3 score of 9.8
More info.
Vulnerabilities in Dojo and dom4j libraries affect Tivoli Netcool/OMNIbus WebGUI and Performance Management products. Highest CVSSv3 score of 9.8
More info. And here.
IBM App Connect Enterprise Certified Container Integration Servers that use the Box connector may be vulnerable to arbitrary code execution. CVSSv3 score of 9.8
More info.
Multiple Vulnerabilities affect Db2 On Openshift and Db2 and Db2 Warehouse on Cloud Pak for Data. Highest CVSSv3 score of 9.8
More info.
Security Wizardry Cyber Threat Intelligence - The Radar Page
Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page