New Alerts for MB Connect, Advantech, Westermo, Hitachi Energy, Splunk, Fortinet, and Linux.
We have raised a Subject Alert for potential cyber activity from Iran and Israel increasing during the ceasefire.
MB Connect
The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can allow a remote attacker to obtain limited sensitive information and cause a DoS. CVSSv3 score of 8.2
More info. And here.
Helmholz has published a bulletin for their use of this software.
More info.
Several vulnerabilities have been identified in the WISE-4000LAN product line, including vulnerabilities in third-party software. Highest CVSSv3 score of 9.8
More info.
EDW-100 and EDW-120 serial to Ethernet converters contain vulnerabilities in AllegroSoft RomPager that could cause a DoS. CVSSv3 score of 7.5
More info.
Hitachi Energy Relion 670/650 and SAM600-IO series IED device contains a vulnerability that allows a remote attacker to cause a DoS. CVSSv4 score of 8.7
More info.
MSM is affected by a 2020 vulnerability in jQuery that could allow a remote attacker to impact the confidentiality, integrity or availability of MSM. CVSSv3 score of 6.1
More info.
Splunk has published 4 third-party software bulletins, 1 rated Critical, 2 rated High, and 1 rated Medium.
More info.
A stack-based overflow vulnerability in FortiOS, FortiProxy, FortiPAM and FortiSwitchManager may allow a remote attacker to execute arbitrary code or command via crafted packets. CVSSv3 score of 6.7
More info.
Red Hat has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Amazon Linux 2 and Amazon Linux 2023 have updated the kernel. More info. And here.
