New Vulnerabilities Tuesday 21 June


New Alerts for IBM, Squid, Phoenix Contact, and Weidmüller.

IBM 

IBM Cloud Pak for Business Automation has been updated to address several security vulnerabilities. Highest CVSSv3 score of 9.8
More info.

Squid

Due to improper buffer management Squid is vulnerable to a DoS attack when processing Gopher server responses. CVSSv3 score of 9.8
More info.

Phoenix Contact 

ProConOS/ProConOS eCLR was designed without integrity and authentication checks, allowing attackers to upload logic with arbitrary malicious code and modify programs in some controllers. CVSSv3 score of 9.8
More info. And here. And here. And here.

Phoenix Contact classic line industrial controllers don't feature a function to check integrity and authenticity of uploaded logic.
More info. And here.

Weidmüller 

An out-of-bounds write vulnerability has been discovered in third-party software EtherNet/IP Adapter Development Kit that affects Weidmüller Remote I/O Fieldbus Couplers EtherNet/IP. This vulnerability may allow an attacker to send a specially crafted packet that may result in a DoS. CVSSv3 score of 9.8
More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Find Out More

© Computer Network Defence Limited 2022