Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alert for Linux.
Monthly Patches are expected this afternoon for Adobe and Microsoft.
Siemens
Monthly Patches are out with 22 bulletins, 5 new and 17 updated. Of the new, highest CVSSv4 score of 9.1
More info.
The Mendix LDAP module is affected by an LDAP injection vulnerability that could allow an unauthenticated remote attacker to bypass username verification. CVSSv4 score of 9.1
More info.
Monthly Patches are out with 10 bulletins, 9 new and 1 updated. Of the new, highest CVSSv4 score of 8.8
More info.
Schneider Electric has patched a vulnerability in its Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC products that could allow a remote attacker to conduct a buffer overflow attack, which could result in DoS. CVSSv4 score of 8.7
More info.
A vulnerability within the VxWorks Operating System from Wind River affects BMENOC0321 , BMECRA and 140CRA products, allowing a remote attacker to perform a stack overflow attack, resulting in loss of confidentiality, integrity and DoS of the device. CVSSv3 score of 9.8
Note the vulnerability is from 2021.
More info.
A vulnerability in the Web Server on Modicon M340 and BMXNOE0100/0110, BMXNOR0200H communication modules products allows a remote attcker to achieve information disclosure on web pages, modification of web pages and DoS. CVSSv4 score of 8.8
More info.
SAP Monthly Patches include 14 new Security Notes. Highest CVSSv3 score of 9.9
More info.
Amazon Linux, Amazon Linux 2, and Amazon Linux 2023 have updated the kernel. More info. And here. And here.
AlmaLinux has updated the kernel. More info.
