Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Hitachi Energy, Xerox, Zoom, Ivanti, and Linux.
Siemens
Siemens Monthly Patches are out, with 14 new bulletins and 18 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.8
More info.
Siemens OPC UA Modeling Editor is affected by an XXE injection vulnerability that could allow a remote attacker to interfere with an application's processing of XML data and read arbitrary files in the system. CVSSv3 score of 7.5
More info.
SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family is affected by multiple vulnerabilities. Highest CVSSv3 score of 9.1
More info.
COMOS is affected by multiple vulnerabilities that could allow a remote attacker to execute arbitrary code or cause denial of service condition, data infiltration or perform access control violations. CVSSv3 score of 9.8
More info.
SINEC PNI is affected by multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Desigo CC product family is affected by multiple vulnerabilities in WIBU Systems CodeMeter Runtime. Highest CVSSv3 score of 9.1
More info.
SIMATIC MV500 is affected by multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.
SIPROTEC 4 7SJ66 devices are affected by multiple security vulnerabilities due to vulnerabilities in the Wind River VxWorks network stack, also known as "URGENT/11". Highest CVSSv3 score of 9.8
More info.
Multiple vulnerabilities in Nozomi Guardian/CMC affect RUGGEDCOM APE1808 devices. Highest CVSSv3 score of 8.1
More info.
Schneider Electric has published their Monthly Patches with 3 new bulletins. Highest CVSSv3 score of 8.2
More info.
Schneider Electric is aware of multiple vulnerabilities in EcoStruxure Power Monitoring Expert, EcoStruxure Power Operation and EcoStruxure Power SCADA Operation - Advanced Reporting and Dashboards Module. Highest CVSSv3 score of 8.2
More info.
A vulnerability exists that could cause a file system enumeration and file download when a remote attacker navigates to the Network Management Card via HTTPS in the Galaxy VL and Galaxy VS products. Highest CVSSv3 score of 5.3
More info.
Hitachi Energy has published 3 bulletins identifying the SOI, Ellipse, and Asset Suite products as affected by the Apache ActiveMQ vulnerability. CVSSv3 score of 10.
No patches yet.
More info.
SAP Security Patch Day includes 3 new Security Notes and 3 updated Security Notes. Of the new Notes, 1 is rated Hot News and 2 are rated Medium. Highest CVSSv3 score of 9.6
More info.
Xerox has updated the FreeFlow Print Server v7 with Oracle Solaris security updates.
More info.
Zoom has fixed buffer overflow and uncontrolled resource consumption vulnerabilities in Zoom Clients. Highest CVSSv3 score of 4.3
More info.
A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM) that allows a remote attacker with knowledge of an enrolled device identifier to access and extract sensitive information. CVSSv3 score of 6.8
More info.
SUSE has updated the firmware. More info.
OpenSUSE has updated the kernel and firmware. More info.
Red Hat has updated the kernel. More info.
Comments