Skip to main content

CND News and Blog

New Vulnerabilities Tuesday 13 August


Monthly Patches are out for SAP, Schneider Electric, and Siemens. New Alerts for Ivanti (PoC), Rockwell Automation, Phoenix Contact, PEPPERL+FUCHS, AVEVA, Splunk, and Linux. Later this afternoon is Monthly Patches for Microsoft and Adobe, tomorrow should be Palo Alto Networks and Juniper Networks.

SAP 

SAP Security Patch Day saw the release of 17 new Security Notes, 2 rated Hot News, 3 rated High, and 12 rated Medium, and 8 updates to previously released Security Notes. Of the new notes, highest CVSSv3 score of 9.8
More info.

Schneider Electric 

Schneider Electric Monthly Patches include 2 new bulletins and 14 updated bulletins. Of the new bulletins, highest CVSSv3 score of 7.5
More info.

A buffer overflow vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP. CVSSv3 score of 7.5
More info.

Siemens 

Siemens Monthly Patches include 9 new bulletins and 18 updated bulletins. Of the new bulletins, highest CVSSv4 score of 9.4
More info.

SINEC NMS and Location Intelligence are affected by multiple vulnerabilities in third-party software. Highest CVSSv4 score of 9.4
More info. And here.

INTRALOG WMS is affected by vulnerabilities in the SQL Client-Server communication and in the .NET framework. Successful exploitation could allow a remote attacker to decrypt and modify client-server communication, or potentially execute arbitrary code on the application servers. Highest CVSSv4 score of 8.8
More info.

SINEC Traffic Analyzer is affected by multiple vulnerabilities. Highest CVSSv4 score of 8.7
More info.

Ivanti 

Ivanti has published 3 new bulletins identifying vulnerabilities in Avalanche, Neurons for ITSM, and vTM. Highest CVSSv3 score of 9.8
More info.

Ivanti Virtual Traffic Manager (vTM) has addressed a critical vulnerability that allows a remote attacker to achieve authentication bypass and creation of an administrator user. CVSSv3 score of 9.8
PoC publicly available.
More info.

Ivanti has released updates for Ivanti Neurons for ITSM which addresses a critical severity vulnerability and a high severity vulnerability. Highest CVSSv3 score of 9.6
More info.

Rockwell Automation 

Rockwell Automation has published 8 new bulletins for Pavilion8, GuardLogix/ControlLogix 5580/5380, AADvance Standalone OPC-DA Server, FactoryTalk View Site, DataMosaix, and Emulate3D. Highest CVSSv4 score of 8.7
More info.

Phoenix Contact 

CHARX SEC products contain 2 vulnerabilities that could allow a remote attacker to reset a password or change the device configuration. Highest CVSSv3 score of 8.6
More info. and here.

PEPPERL+FUCHS 

Device Master ICDM-RX/* contains a vulnerability that allows a remote attacker to interact with a user via dialog box. Highest CVSSv3 score of 7.1
More info.

AVEVA 

AVEVA has published 3 new bulletins that update SuiteLink Server, Reports for Operations 2023, and Historian Server. Highest CVSSV4 score of 8.7
More info.

SuiteLink server contains a vulnerability that could allow a remote attacker to consume excessive system resources and slow down processing of Data I/O for the duration of the attack. CVSSV4 score of 8.7
More info.

Historian Server contains a vulnerability that could allow a remote attacker to cause a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered into opening a specially crafted URL. CVSSv4 score of 8.5
More info.

Splunk 

Splunk has updated Python for Scientific Computing to fix several vulnerabilities, the highest rated Critical.
More info.

Linux
Red Hat has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Debian has updated the kernel. More info.
Ubuntu has updated the kernel. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, 08 December 2024

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/