New Alerts for IBM, Squid, Phoenix Contact, and Weidmüller.
IBM
IBM Cloud Pak for Business Automation has been updated to address several security vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Due to improper buffer management Squid is vulnerable to a DoS attack when processing Gopher server responses. CVSSv3 score of 9.8
More info.
ProConOS/ProConOS eCLR was designed without integrity and authentication checks, allowing attackers to upload logic with arbitrary malicious code and modify programs in some controllers. CVSSv3 score of 9.8
More info. And here. And here. And here.
Phoenix Contact classic line industrial controllers don't feature a function to check integrity and authenticity of uploaded logic.
More info. And here.
An out-of-bounds write vulnerability has been discovered in third-party software EtherNet/IP Adapter Development Kit that affects Weidmüller Remote I/O Fieldbus Couplers EtherNet/IP. This vulnerability may allow an attacker to send a specially crafted packet that may result in a DoS. CVSSv3 score of 9.8
More info.