CND News and Blog

New Alerts for Mitsubishi Electric, IBM, NETGEAR, and Tenable. Mitsubishi Electric  An authentication bypass vulnerability exists in the MELSEC-F Series main modules. A remote attacker may be able to login to the product by sending specially crafted packets. CVSSv3 score of 7.5More info. IBM  IBM Watson Speech Services Cartridge and Disco...

New Alerts for Supermicro, Bosch, and NETGEAR. Supermicro  A vulnerability in select supermicro boards may affect SMTP notification configurations. The vulnerability may allow an unauthenticated attacker to control user inputs such as the subject in the alert settings which may lead to arbitrary code execution. Supermicro rates this High.More ...

New Alerts for Google Chrome, Hitachi Energy, IBM, and Linux. Google  Google has updated Chrome for Desktop to fix 4 security vulnerabilities.More info.Microsoft is aware. More info. Hitachi Energy  Hitachi Energy has published 4 new bulletins identifying vulnerabiltiies in OpenSSL in their products. Highest CVSSv3 score of 7.5Only 1 bull...

New Alerts for WAGO and Dell. WAGO  A remote attacker with network access to port 502/TCP of the target device can cause a DoS by sending multiple specially crafted packets. CVSSv3 score of 7.5More info. Dell  Dell Networker remediation is available for multiple vulnerabilities in Spring Security that could be exploited by a remote attack...

New Alerts for Crestron, Fortinet, Advantech, and Sierra Wireless. Crestron  Crestron x70 series of Touch Panels have inadvertently enabled diagnostic ports in firmware version 2.004.1026. This could potentially allow unauthorized individuals to run uncertified applications on the device.More info. Fortinet  A deserialization of untrusted...

New Alerts for Apple (Exploit), Cisco, VMware, Juniper, NetApp, and Linux. Apple Exploit Apple has published security patches for Safari, iOS, iPadOS, macOS, and watchOS. Three vulnerabilities are actively exploited, 2 of those allow code execution. Highest CVSSv3 score of 9.8More info. And here. Cisco  Multiple vulnerabilities in the web-base...

New Alerts for Enphase, SICK, IBM, BIND, Xerox, and Linux. Enphase  Enphase Installer Toolkit has hard coded credentials embedded in binary code in the Android application. A remote attacker can exploit this and gain access to sensitive information. CVSSv3 score of 8.6More info. SICK  Vulnerabilities exist in the SICK EventCam App, that c...

New Alerts for Mitsubishi Electric, IBM, Zyxel, D-Link, Siren, ASUS, and Linux. Mitsubishi Electric  Several MELSEC IQ products have been added to a previous bulletin. A remote attacker can login to FTP server or Web server due to plaintext storage of passwords. CVSSv3 score of 7.5More info. IBM  IBM Cloud Pak for Network Automation 2.4.7...

New Alert for HPE. HPE  The MC990X and UV300 RMC component had an outdated OpenSSL and inadequate default configuration. Highest CVSSv3 score of 7.5More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of o...

New Alerts for Progess MOVEit, NetApp, and Node.js. Progress  Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. CVSSv3 score of 9.8More info. NetApp  NetApp has published 6 new bulletins identifying vulnerabilities in third-party softwar...

Monthly Patches are out for Palo Alto Networks. New Alerts for Hikvision, Microsoft (Edge), QNAP, Lenovo, Riello UPS, and Linux. Palo Alto Networks  Palo Alto Networks Monthly Patches include 2 bulletins, both rated Medium. Highest CVSSv3 score of 6.7More info. Hikvision  Some of Hikvision's access control/intercom products contain two se...

Monthly Patches are out for Microsoft, Adobe, and Google Pixel. New Alerts for Rockwell Automation, Google Chrome, IBM, and Linux. Microsoft  Microsoft has published their Monthly Patches with 73 vulnerabilities. Six of these vulnerabilities are rated as Critical, in Visual Studio, .net, and Windows PGM. Highest CVSSv3 score of 9.8More info. A...

Monthly Patches are out for Fortinet, Siemens, Schneider Electric, and SAP. New Alerts for HPE, Xerox, Citrix, Phoenix Contact, Apache Struts, and Linux. Fortinet  Fortinet has published their Monthly Patches with 21 bulletins, 1 rated Critical, 7 rated High, 11 rated Medium, and 2 rated Low. Highest CVSSv3 score of 9.2More info. A heap-based ...

New Alert for Fortinet. Fortinet  Fortinet has published a patch for a RCE vulnerability in Fortigate devices when SSL-VPN is enabled. CVSSv3 score of 9.8More info. And here. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mob...

New Alerts for Atlas Copco, Johnson Controls, NetApp, and Linux. Atlas Copco  Power Focus 6000 contains several vulnerabilities, including Cleartext Storage and Transmission of Sensitive Information, and Small Space of Random Values. Successful exploitation of these vulnerabilities could cause a loss of sensitive information and the takeover o...

New Alerts for Cisco, Trellix, VMware, IBM, Google ChromeOS, and Barracuda (Exploit). Cisco  Cisco has released 7 new bulletins, 1 rated Critical, 3 rated High, and 3 rated Medium. Highest CVSSv3 score of 9.6More info.A vulnerability in the XCP Authentication Service of the Cisco Unified CM IM&P could allow a remote attacker to cause a DoS...

Monthly Patches are out for MediaTek. New Alerts for Mozilla, Microsoft Edge (Exploit), IBM, and Linux. MediaTek  MediaTek Monthly Patches are out with 31 vulnerabilities rated Medium.More info. Mozilla  Mozilla has published patches for security vulnerabilities in Firefox and Firefox ESR, both rated High.More info. Microsoft  Micros...

Monthly Patches are out for Android and Samsung (Exploit). New Alerts for Google Chrome (Exploit), GitLab, GE Gas Power, Xerox, and Linux. Google Exploit Google has updated Chrome for Desktop to fix 2 security vulnerabilities. Exploits exist in the wild, and can lead to arbitrary code execution.More info. And here.Microsoft is aware. More info.Mont...

Monthly Patches are out for Qualcomm. New Alerts for Moxa, Softing, Microsoft Edge, IBM, Dell, and Linux. Qualcomm  Qualcomm Monthly Patches are out with 26 patches, 5 rated Critical, 15 rated High, and 6 rated Medium. Highest CVSSv3 score of 8.4More info. Moxa  CN2600 Series contains a vulnerability that would allow a remote attacker to ...

Quarterly Patches are out for Splunk. New Alerts for IBM, D-LINK, and STARFACE PBX. Splunk  Splunk patches are out with 15 bulletins, 1 rated Critical, 7 rated High, 6 rated Medium, and 1 rated Low. Highest CVSSv3 score of 9.8More info. IBM  IBM Edge Application Manager addresses a security vulnerability in Webpack. CVSSv3 score of 9.1Mor...