New Vulnerabilities Tuesday 14 June


Monthly Patches are out for SAP, Siemens, and Schneider Electric. New Alerts for Mitsubishi Electric and Linux. Monthly Patches for Microsoft and Adobe are expected out this afternoon, and Monthly Patches for Palo Alto Networks are out tomorrow.

SAP 

SAP Security Patch Day includes 10 new Security Notes and 2 updated Security Notes. Of the new notes, the highest CVSSv3 score of 8.6.
More info.

Siemens 

Siemens has published their Monthly Patches, with 14 new bulletins and 30 updated bulletins. Among the new bulletins, highest CVSSv3 score of 10
More info.

Multiple vulnerabilities were identified in the webserver of the SICAM GridEdge application which includes missing authentication for critical API functions, absent cross-origin resource sharing restrictions and access to credentials. CVSSv3 score of 10
More info.

SINEMA Remote Connect Server is affected by multiple vulnerabilities, including XSS, authentication bypass, privilege escalation, integrity check, command injection, information disclosure, and chosen-plaintext attack against HTTP over TLS. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in the third-party components could allow an attacker to impact SCALANCE LPE9403 confidentiality, integrity and availability. CVSSv3 score of 9.8
More info.

EN100 Ethernet module is affected by a memory corruption vulnerability. CVSSv3 score of 8.6
More info.

Multiple vulnerabilities were identified in the Apache HTTP Server software, included in several Siemens products. CVSSv3 score of 9.8
More info.

Schneider Electric 

Schneider Electric Monthly Patches are out, with 8 new bulletins and 4 updated bulletins.
More info.

Multiple vulnerabilities exist in Schneider Electric C-Bus Home Automation products, EcoStruxure Cybersecurity Admin Expert, EcoStruxure Power Commission software, and Data Server module for the IGSS product. Highest CVSSv3 score of 9.8
More info. And info. And info. And info.

Mitsubishi Electric 

An improper resource locking vulnerability allows a remote attacker to cause a DoS in MELSEC-Q and L series CPU modules. CVSSv3 score of 7.5
More info.

Linux 

SUSE has updated grub2. More info.
OpenSUSE has updated grub2. More info.
Mageia has updated the kernel. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Find Out More

© Computer Network Defence Limited 2022