Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Zoom, PowerDNS, Dell, and HIMA. Monthly Patches for Microsoft and Adobe are expected this afternoon, along with Node.js patches.
Siemens
Siemens Monthly Patches include 15 new bulletins and 8 updated bulletins. Of the new bulletins, Highest CVSSv3 score of 9.8
More info.
SINEC NMS is affected by multiple vulnerabilities. CVSSv3 score of 9.8
More info.
SCALANCE XCM-/XRM-300 before V2.4 is affected by multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.
SCALANCE W1750D devices contain multiple vulnerabilities that could allow a remote attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to sensitive information disclosure, DoS, or RCE. Highest CVSSv3 score of 9.8
More info.
Location Intelligence is affected by a Use of Hard-coded Credentials vulnerability that could allow a remote attacker to obtain full administrative access to the application. CVSSv3 score of 9.8
More info.
Polarion ALM is affected by incorrect default path permissions and improper authentication in the REST API endpoints of DOORS connector. A remote attacker could exploit the vulnerabilities for unauthenticated access. Highest CVSSv3 score of 7.8
More info.
SIMATIC CP 343-1 products incorrectly validate TCP sequence numbers. This could allow a remote attacker to create a DoS by injecting spoofed TCP RST packets. CVSSv3 score of 7.5
More info.
SIDIS Prime is affected by multiple vulnerabilities in the components OPC UA and OpenSSL, that could allow a remote attacker to reuse OPC UA client credentials, create a DoS of the SIDIS Prime OPC UA client, or create a DoS of the SIDIS Prime TLS service. CVSSv3 score of 7.5
More info.
Siemens has released a new version for RUGGEDCOM APE1808 to update Nozomi Guardian. CVSSv3 score of 5.3
More info.
Schneider Electric has published Monthly Patches with three new bulletins and one updated bulletin. Highest CVSSv3 score of 8.1
More info.
Schneider Electric is aware of multiple vulnerabilities in its EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M340, M580 PLCs. Highest CVSSv3 score of 8.1
More info.
SAP Patch Day includes 13 new Security Notes and 3 updates to previous Security Notes. Of the new Notes, highest CVSSv3 score of 9.1. One of the updated Notes is rated CVSSv3 score of 10.
More info.
Zoom has published 7 new bulletins identifying vulnerabilities in Desktop Client for Windows, VDI Client for Windows, Meeting SDK for Windows, and Clients. Highest CVSSv3 score of 9.6
More info.
An attacker can publish a zone that contains crafted DNSSEC related records that can cause the Recursor's resource usage to become high, resulting in a DoS. CVSSv3 score of 7.5
More info.
Dell Power Protect Data Manager has been updated to fix security vulnerabilities in third-party software. Dell rates this Critical.
More info.
Several products are vulnerable to a remote attacker using an uncontrolled resource consumption vulnerability to cause a DoS. Highest CVSSv3 score of 7.5
More info.
Comments