Splunk Quarterly Patches are out. New Alerts for Google Chrome, LS Electric, Softing, B&R Automation, WAGO, Sequi, and Linux.
Google - Exploit
Google has publsihed a security update for Chrome for Desktop, that addresses 11 security vulnerabilities, at least 1 rated Critical and 1 being currently exploited.
More info.
Microsoft is aware andw orking to update Edge. More info.
LS Electric LS ELEC PLC and XG5000 contains an Inadequate Encryption Strength for passwords vulnerability. Successful exploitation of this vulnerability could allow a remote attacker to decrypt credentials and gain full access to the affected PLC. CVSSv3 score of 6.5
More info.
Softing Secure Integration Server contains several vulnerabilities that can be exploited by a remote attacker to cause a DoS. CVSSv3 score of 7.5
More info. And here.
Several Softing products ship with the default administrator credentials. Upon installation or upon first login, the application does not ask the user to change the `admin` password. On top of this, there is no warning or prompt to ask the user to change the default password, and in order to change the password, many steps are required. CVSSv3 score of 9.8
More info.
Splunk Quarterly Patches are out, with 3 bulletins, 1 rated High, 1 Medium, and 1 Low. Highest CVSSv3 score of 7.4
More info.
B&R Industrial Automation Automation Studio 4 contains an Unrestricted Upload of File with Dangerous Type vulnerability. A remote attacker may use spoofing techniques to connect B&R Automation Studio to an attacker-controlled device with manipulated project files. This may result in RCE, information disclosure, and DoS of the system running B&R Automation Studio. CVSSv3 score of 8.3
More info.
Several WAGO products include CODESYS versions with known vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Sequi PortBloque S contains Improper Authentication and Improper Authorization vulnerabilities. Successful exploitation of these vulnerabilities could result in unauthorized changes to device configuration, to include adding new users or changing existing passwords for persistent access to the device. Highest CVSSv3 score of 9.9
More info.
SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Security Wizardry Cyber Threat Intelligence - The Radar Page
Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page