New Vulnerabilities Wednesday 22 June


New Alerts for JTEKT, QNAP, Google, Siemens, Xerox, and HPE.

JTEKT 

JTEKT TOYOPUC Products contains a Missing Authentication for Critical Function vulnerability, known as "OT:ICEFALL". The vulnerabilities could allow an attacker to change controller configurations, manipulate data, cause a DoS or execute arbitrary machine code. CVSSv3 score of 7.7
More info.

QNAP 

QNAP QTS, QuTScloud, and QuTS hero contain insecure versions of PHP, that would allow a remote attacker to gain remote code execution. CVSSv3 score of 9.8
Note that to be vulnerable the customer needed to install nginx, so QNAP rates this Low.
More info. And here.

Google 

Google has updated Chrome for Desktop to fix 14 security fixes. at least 1 rated Critical.
More info.

Microsoft is aware and working for Edge. More info.

Siemens 

SIMATIC WinCC OA implements client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated. CVSSv3 score of 9.8
More info.

Xerox 

Xerox has updated the Oracle software in FreeFlow Print Servers.
More info.

HPE 

A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. CVSSv3 score of 3.7
More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Find Out More

© Computer Network Defence Limited 2022