New Alerts for Festo, Mitsubishi Electric, Moxa, Microsoft Edge (Exploit), F5, and NetApp.
Festo
In multiple products by Festo a remote unauthenticated attacker could use functions of undocumented protocols which could lead to a complete loss of confidentiality, integrity and availability. CVSSv3 score of 9.8
The solution is to update the documentation.
More info.
Several products are shipped with an unsafe configuration of the integrated CODESYS Runtime environment. In this case no default password is set to the CODESYS PLC and therefore access without authentication is possible. Highest CVSSv3 score of 9.8
More info.
A DoS vulnerability exists in MELSEC iQ-R Ethernet Interface Module. This vulnerability allows a remote unauthenticated attacker to cause a DoS by sending specially crafted packets. CVSSv3 score of 8.6
More info.
Moxa Secure Router EDR and TN Series contain an Improper Input Validation Vulnerability that could allow a remote attacker to cause a buffer overflow that crashes the web service.
This is a different bulletin than yesterday's.
More info.
Microsoft has updated Edge to fix the latest exploited vulnerability in chromium.
More info.
A flaw in BIG-IP named resolver code can cause excessive amounts of time on processing large delegations. By flooding the target resolver with queries exploiting this flaw, an attacker can deny legitimate clients access to the DNS resolution service. CVSSv3 score of 5.3
No patches yet.
More info.
NetApp has published 6 new bulletins identifying 5 vulnerabilities in Brocade SANnav and a vulnerability in Samba included in their products.
More info.
Comments