CND News and Blog

New Alerts for SonicWall, Microsoft Edge, and NetApp. SonicWall  An Unauthenticated SQL Injection vulnerability impacts SonicWall GMS and Analytics On-Prem. CVSSv3 score of 9.4More info. Microsoft  Microsoft has updated Edge with the latest chromium security fixes.More info. NetApp  NetApp has published 7 new bulletins identifying vu...

New Alerts for ICONICS, Johnson Controls, Hitachi, Veritas, WithSecure, and Linux. ICONICS  ICONICS GENESIS64, Hyper Historian, AnalytiX, IoTWorX, MobileHMI, GraphWorX64, and GenBrokerX64 contain several vulnerabilities that could result in information disclosure, RCE, or DoS. Highest CVSSv3 score of 9.8More info. Johnson Controls  Johnso...

New Alerts for Cisco, Atlassian, Apple, IBM, Dell, and Linux. Cisco  Cisco has published 7 new bulletins, 1 rated Critical, 1 rated High, 4 rated Medium, and 1 Informational.More info.Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image f...

New Alerts for Google Chrome, IBM, and Linux. Google  Google has published a security update for Chrome for Desktop with 11 security fixes, at least 5 rated High.More info.Microsoft is aware and updating Edge. More info. IBM  IBM QRadar Network Security is affected by multiple vulnerabilities in Expact library. Highest CVSSv3 score of 9.8...

Oracle Quarterly Patches are out. New Alert for MiCODUS (0-Day).    Oracle  The Oracle Quarterly Patch set is out, with 349 fixed vulnerabilities across 138 products, 233 of which are remotely exploitable. 4 have a CVSSv3 score of 10, another 54 have CVSSv3 scores of 9.8More info. MiCODUS 0-Day MiCODUS MV720 GPS Tracker contains mult...

New Alerts for Mitsubishi Electric and Linux. Oracle Quarterly Patches are expected out this afternoon. Mitsubishi Electric  Multiple vulnerabilities exist in GENESIS64 and MC Works64. A remote attacker may cause information disclosure, DoS, or RCE. Highest CVSSv3 score of 9.8More info. Linux  Alpine Linux has published a new version with...

New Alerts for Festo, NetApp, and Linux. Festo  The Festo controller CECC product family is affected by multiple vulnerabilities in the CODESYS V3 runtime. A remote attacker may gain full access to the devices or make them unavailable. Highest CVSSv3 score of 9.8No fixes for current hardware are planned.More info. And here. NetApp  NetApp...

New Alerts for ABB, IBM, and Linux. ABB  A path traversal vulnerability exists in the implementation of the Totalflow TCP protocol in ABB G5 products. This vulnerability can allow a remote attacker to gain access to restricted directories and can lead to RCE as root. CVSSv3 score of 8.1More info. IBM  Json-schema is used by Tivoli Netcool...

Quarterly Patches are out for Juniper. New Alerts for OPC Foundation, Veritas, and Linux. The Oracle CPU Pre-release notice should be out this afternoon. Juniper  Quarterly Patches are out, with 21 bulletins, 4 rated Critical, 8 High, and 9 Medium. Highest CVSSv3 score of 10More info.Multiple vulnerabilities have been resolved in the Junos Spa...

Monthly Patches are out for Microsoft and Adobe. New Alerts for Dahua, IBM, Dell, WithSecure, and Linux. This afternoon Palo Alto Networks Monthly Patches are expected. Microsoft  Monthly Patches are out, with 86 patched vulnerabilities, 4 rated Critical, 1 actively exploited. Highest CVSSv3 score of 8.8More info. And here. And here.An RPC run...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Hitachi Energy and F5. Monthly Patches for Microsoft and Adobe are expected this afternoon, Palo Alto Networks should be tomorrow. Siemens  Monthly Patches are out, with 19 new bulleitns and 15 updated bulletins. Of the new bulletins, 2 had a CVSSv3 score of 10.Mo...

New Alerts for Vinchen (0-Day), Lenze, Dell, and F5. Vinchin 0-Day Vinchin Backup and Recovery MySQL Server uses Hard-coded Credentials. An attacker can leverage this vulnerability to bypass authentication on the system. CVSSv3 score of 9.8More info. Lenze  Multiple Lenze products of the cabinet series skip the password verification upon secon...

New Alerts for Bentley Nevada, Node.js, Santesoft, Rockwell Automation, F5, NetApp, and Linux. Bentley Nevada  Bentley Nevada 3701/4X and 60M100 (3701/60) Condition Monitoring System contain vulnerabilities identified as OT:ICEFALL, including Use of Hard-coded Credentials and Missing Authentication. Highest CVSSv3 score of 9.1More info. Node.j...

Monthly Patches are out for Google Android, Google Pixel, and Samsung. New Alerts for Cisco, HCL Software, Microsoft Edge, HPE, and LInux. Cisco  Cisco has publshed 9 new bulletins, 1 rated Critical, 1 High, and the rest Medium.More info. HCL Software  HCL BigFix WebUI is affected by security vulnerabilities around Moment, Async, and Ejs....

Monthly Patches are out for Qualcomm and Fortinet. New Alerts for Festo, IBM, Dell, WatchGuard, F5, and Linux.                  Android and Samsung patches may come out this afternoon. Festo  The Festo controller CECC-X-M1 product family is affected by a ...

New Alerts for StrangeBee, Google Chrome (Exploit), and OpenSSL.                   Not sure what happened to the Mobile patch day, maybe later this afternoon or next week. StrangeBee  A critical vulnerability has been identified in TheHive API endpoint. An attacker exploiting the vulnerability will ...

Monthly Patches are out for MediaTek. New Alerts for Lexmark and Linux. Tomorrow is Patch Day for Mobile. Lexmark  Lexmark firmware is read-only, and normally if a device is compromised a reboot should clear the issue. There is a vulnerability that allows an attacker that has already compromised the device to make their compromise persistent, ...

New Alerts for Exemys, GitLab, IBM, Tenable, Microsoft Edge, and Dell. Exemys  Exemys RME1 contains an Improper Authentication vulnerability that allows a remote attacker to use a specific credential string to bypass authentication on the web interface and perform administrative operations. CVSSv3 score of 9.8This module is EOL and will not be...

New Alerts for IBM, NetApp, NETGEAR, and Linux. IBM  Multiple vulnerabilities affect IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data. Highest CVSSv3 score of 9.8More info.IBM Watson Discovery for IBM Cloud Pak for Data contains vulnerable versions of Node.js modules used in Web clients. CVSSv3 score of 9.8More info. Ne...

New Alerts for Advantech, Dell, IBM, Omron, Motorola, NETGEAR, and Node.js. Advantech  Advantech iView contains several vulnerabilities, including SQL Injection, Missing Authentication for Critical Function, Relative Path Traversal, and Command Injection. Successful exploitation of these vulnerabilities could allow an attacker to read or modif...