CND News and Blog

Monthly Patches are out for Juniper Networks. New Alerts for Cisco, Apple (Exploit). Dell, SonicWall, Setelsa Security, NETGEAR, vm2, Wireshark, and Linux. Cisco  A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow a remote attacker to gain read permissions or limited write per...

Monthly Patches are out for Microsoft and Adobe. New Alerts for Fortinet, Technicolor, Rockwell Automation, and Linux. It appears Apple pulled yesterday's RSR patch from the update servers. Microsoft Exploit Microsoft Monthly Patches are out, with 132 patched vulnerabilities, 9 rated Critical and 6 exploited in the wild. Highest CVSSv3 score of 9.8...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Apple (Exploit), IBM, Mozilla, BD, and Linux. Monthly Patches for Microsoft and Adobe are expected this afternoon. Siemens  Siemens Monthly Patches are out, with 5 new bulletins and 12 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.8More info.D...

New Alerts for SICK, Aruba, and Asterisk. Tomorrow is Patch Tuesday. SICK  Several security vulnerabilities have been found in the SICK ICR890-4. If exploited, these could allow a remote attacker to compromise the availability or confidentiality of the SICK ICR890-4. Highest CVSSv3 score of 8.6More info. Aruba  HPE Aruba Networking has re...

New Alerts for PiiGAB, VMware, Atos, IBM, NetApp, and Linux. PiiGAB  M-Bus SoftwarePack 900s contains multiple vulnerabilities that allows a remote attacker to inject arbitrary commands, steal passwords, or trick valid users into executing malicious commands. CVSSv3 score of 9.8More info. VMware  VMware SD-WAN contains a bypass authentica...

Monthly Patches are out for Google Android, Pixel, Android Automotive OS, and Samsung. New Alerts for Cisco, Unitronics, Dell, and Linux. Google  Android Monthly Patches are out, with 27 vulnerabilities, 1 rated Critical and 26 rated High, plus Qualcomm, MediaTek, Arm, and Imagination Technologies patches.More info.Pixel Monthly Patches includ...

New Alerts for Frauscher Sensortechnik, Poly, Dell, and Linux. Frauscher Sensortechnik  FDS001 for FAdC/FAdCi is vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables a remote attacker to read all files on the filesystem of the FDS001 device. CVSSv3 score of 7.5 No patch, don't ...

New Alerts for Bosch/Rexroth, Dell, Mozilla, and Linux. Bosch  The SLC-0-GPNT00300 is affected by a missing authentication for a critical function vulnerability in third-party software from SICK AG. Exploiting the vulnerability would allow a remote attacker to change the IP address of the device and affect the availability of the module. CVSSv...

Monthly Patches are out for Qualcomm and MediaTek. New Alerts for SoftEther, Moxa, IBM, Dell, and NetApp. SoftEther  SoftEther VPN and PacketiX VPN contain multiple vulnerabilities in VPN Client function and Dynamic DNS Client function included in the VPN server. Highest CVSSv3 score of 8.1More info. And here. Qualcomm  Qualcomm Monthly P...

New Alerts for Medtronic, Delta Electronics, GitLab, Microsoft Edge, IBM, Synology, Tenable, and Linux. Medtronic  Medtronic has identified a vulnerability in an optional messaging feature in the Paceart Optima cardiac device data workflow system. This vulnerability could result in the system's cardiac device data being deleted, stolen, or mod...

New Alerts for Mitsubishi Electric, IBM, NETGEAR, and Tenable. Mitsubishi Electric  An authentication bypass vulnerability exists in the MELSEC-F Series main modules. A remote attacker may be able to login to the product by sending specially crafted packets. CVSSv3 score of 7.5More info. IBM  IBM Watson Speech Services Cartridge and Disco...

New Alerts for Supermicro, Bosch, and NETGEAR. Supermicro  A vulnerability in select supermicro boards may affect SMTP notification configurations. The vulnerability may allow an unauthenticated attacker to control user inputs such as the subject in the alert settings which may lead to arbitrary code execution. Supermicro rates this High.More ...

New Alerts for Google Chrome, Hitachi Energy, IBM, and Linux. Google  Google has updated Chrome for Desktop to fix 4 security vulnerabilities.More info.Microsoft is aware. More info. Hitachi Energy  Hitachi Energy has published 4 new bulletins identifying vulnerabiltiies in OpenSSL in their products. Highest CVSSv3 score of 7.5Only 1 bull...

New Alerts for WAGO and Dell. WAGO  A remote attacker with network access to port 502/TCP of the target device can cause a DoS by sending multiple specially crafted packets. CVSSv3 score of 7.5More info. Dell  Dell Networker remediation is available for multiple vulnerabilities in Spring Security that could be exploited by a remote attack...

New Alerts for Crestron, Fortinet, Advantech, and Sierra Wireless. Crestron  Crestron x70 series of Touch Panels have inadvertently enabled diagnostic ports in firmware version 2.004.1026. This could potentially allow unauthorized individuals to run uncertified applications on the device.More info. Fortinet  A deserialization of untrusted...

New Alerts for Apple (Exploit), Cisco, VMware, Juniper, NetApp, and Linux. Apple Exploit Apple has published security patches for Safari, iOS, iPadOS, macOS, and watchOS. Three vulnerabilities are actively exploited, 2 of those allow code execution. Highest CVSSv3 score of 9.8More info. And here. Cisco  Multiple vulnerabilities in the web-base...

New Alerts for Enphase, SICK, IBM, BIND, Xerox, and Linux. Enphase  Enphase Installer Toolkit has hard coded credentials embedded in binary code in the Android application. A remote attacker can exploit this and gain access to sensitive information. CVSSv3 score of 8.6More info. SICK  Vulnerabilities exist in the SICK EventCam App, that c...

New Alerts for Mitsubishi Electric, IBM, Zyxel, D-Link, Siren, ASUS, and Linux. Mitsubishi Electric  Several MELSEC IQ products have been added to a previous bulletin. A remote attacker can login to FTP server or Web server due to plaintext storage of passwords. CVSSv3 score of 7.5More info. IBM  IBM Cloud Pak for Network Automation 2.4.7...

New Alert for HPE. HPE  The MC990X and UV300 RMC component had an outdated OpenSSL and inadequate default configuration. Highest CVSSv3 score of 7.5More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of o...

New Alerts for Progess MOVEit, NetApp, and Node.js. Progress  Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. CVSSv3 score of 9.8More info. NetApp  NetApp has published 6 new bulletins identifying vulnerabilities in third-party softwar...