New Alerts for JTEKT, QNAP, Google, Siemens, Xerox, and HPE.
JTEKT TOYOPUC Products contains a Missing Authentication for Critical Function vulnerability, known as "OT:ICEFALL". The vulnerabilities could allow an attacker to change controller configurations, manipulate data, cause a DoS or execute arbitrary machine code. CVSSv3 score of 7.7
QNAP QTS, QuTScloud, and QuTS hero contain insecure versions of PHP, that would allow a remote attacker to gain remote code execution. CVSSv3 score of 9.8
Note that to be vulnerable the customer needed to install nginx, so QNAP rates this Low.
More info. And here.
SIMATIC WinCC OA implements client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated. CVSSv3 score of 9.8
Xerox has updated the Oracle software in FreeFlow Print Servers.
A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. CVSSv3 score of 3.7