Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Hitachi Energy and F5. Monthly Patches for Microsoft and Adobe are expected this afternoon, Palo Alto Networks should be tomorrow.
Siemens
Monthly Patches are out, with 19 new bulleitns and 15 updated bulletins. Of the new bulletins, 2 had a CVSSv3 score of 10.
More info.
SIMATIC eaSie PCS 7 Skill Package contains multiple vulnerabilities that could allow an attacker to send arbitrary messages to the underlying message passing framework of the affected system or crash the attached application. Highest CVSSv3 score of 10
More info.
Multiple vulnerabilities exist in the SRCS VPN Feature in SIMATIC CP devices that could be exploited when the SINEMA Remote Connect Server (SRCS) VPN feature is used. The most severe could allow an attacker to execute arbitrary code with elevated privileges under certain circumstances. CVSSv3 score of 10.
More info.
A vulnerability was identified in the CPC80 firmware of SICAM A8000 devices that could allow a remote attacker to cause a permanent DoS. CVSSv3 score of 7.5
More info.
SIMATIC MV500 devices are affected by multiple vulnerabilities that could allow attackers to hijack other users' web based management sessions or access data on the device without prior authentication. Highest CVSSv3 score of 8
More info.
SCALANCE X switches contain multiple vulnerabilities. A remote attacker could reboot, cause a DoS, and impact the system by other means through heap and buffer overflow vulnerabilities. Highest CVSSv3 score of 9.6
More info.
SINAMICS PERFECT HARMONY GH180 Drives are affected by a DHCP client vulnerability in the integrated SCALANCE X206-1 device. The vulnerability could allow a remote attacker to cause a heap-based buffer overflow on that device and use it to get access to the drive's internal network. CVSSv3 score of 9.8
More info.
EN100 Ethernet module is affected by a memory corruption vulnerability. CVSSv3 score of 8.6
More info.
Monthly Patches include 4 new bulletins and 6 updated bulletins. Only one bulletin addresses remotely exploitable vulnerabilities.
More info.
Multiple vulnerabilities exist in BMENUA0100 - OPC UA module and BMENOR2200H X80 advanced RTU communication module for M580. Highest CVSSv3 score of 7.5
More info.
Multiple vulnerabilities exist in MSM. Highest CVSSv3 score of 9.8
More info. And here.
SAP Security Patch Day saw the release of 20 new Security Notes and 3 updated Security Notes. Four of the new Notes are rated High. Highest CVSSv3 score of 8.3
More info.
When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by PCoIP Zero Clients. The issue could be exploited by a MITM. CVSSv3 score of 7.5
More info.
Comments