Skip to main content

CND News and Blog

New Vulnerabilities Wednesday 13 December


Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Fortinet (Exploit), Citrix (Exploit), Hitachi Energy, Phoenix Contact, IBM, Hitachi, and Linux.           

Monthly Patches for Microsoft and Adobe are expected this afternoon, Palo Alto Networks is expected tomorrow.

Fortinet Exploit

A heap-based buffer overflow vulnerability in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. CVSSv3 score of 9.3. This has been exploited in the wild.
More info.

Citrix Exploit

A vulnerability has been discovered in Citrix Gateway and Citrix ADC that could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance. There are targeted attacks in the wild.
More info. And here.

Siemens 

Siemens Monthly Patches contain 20 new bulletins and 20 updated bulletins. Highest CVSSv3 score of 9.8
More info.

A vulnerability in the third party component SISCO MMS-EASE could allow attackers to cause a denial of service condition with SIPROTEC 5 devices. CVSSv3 score of 7.5
More info.

A TCP sequence vulnerability in the APOGEE PXC and TALON TC series of products could allow an attacker to execute a denial of service attack by sending specially crafted packets to the device. CVSSv3 score of 6.5
More info.

Multiple vulnerabilities affecting third-party components of the SCALANCE SC-600 family could allow an attacker to cause a DoS, corrupt memory or potentially execute custom code. Highest CVSSv3 score of 7.8
More info.

SCALANCE X-200RNA switch devices contain multiple OpenSSL and OpenSSH vulnerabilities. These vulnerabilities could allow a DoS condition or could lead to execution of arbitrary code. CVSSv3 score of 9.8
More info.

Affected SIMATIC firmware contains multiple vulnerabilities that could allow a remote attacker to perform a DoS attack. CVSSv3 score of 7.5
More info.

SCALANCE X-200RNA switch devices contain multiple vulnerabilities that could allow an attacker to cause a DoS, to extract sensitive information or to hijack existing sessions. Highest CVSSv3 score of 8.8
More info.

SICAM PAS/PQS is affected by three vulnerabilities which could lead to remote code execution, privilege escalation or a DoS. Highest CVSSv3 score of 8.8
More info.

Schneider Electric 

Schneider Electric Monthly Patches contain 3 new bulletins and 8 updated bulletins. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities exist in APC Easy UPS Online Monitoring Software. A remote attacker could attain remote code execution, escalation of privileges, or authentication bypass. Highest CVSSv3 score of 9.8
More info.

SAP 

SAP Security Patch Day contains 14 new security notes and 4 updated. Of the new bulletins, 4 are rated Hot News, 3 are High, and 7 are Medium. Highest CVSSv3 score of 9.9
More info.

Hitachi Energy 

Hitachi Energy is aware multiple vulnerabilities related to OpenSSL library and zlib. Successful exploitation may cause a DoS or allow arbitry code execution. Highest CVSSv3 score of 9.8
More info.

Phoenix Contact 

Two vulnerabilities have been discovered in the Expat XML parser library included in Profinet SDK. A remote attacker could cause a program to crash, use unexpected values or execute code. Highest CVSSv3 score of 9.8
More info. And here.

IBM 

IBM App Connect Enterprise is vulnerable to a remote attacker due to the module xmldom. CVSSv3 score of 9.4
More info.

Hitachi 

A vulnerability in Apache http server exists in JP1 and Hitachi IT Operations Director. CVSSv3 score of 9.8
More info.

Linux 

Red Hat has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 29 March 2024

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/