CISA released two Industrial Control Systems (ICS) advisories on February 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-032-01 Gessler GmbH WEB-MASTER ICSA-24-032-03 AVEVA Edge products (formerly known as InduSoft Web Studio) CISA encourages…
Category: All CISA Advisories
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-48618 Apple Multiple Products Improper Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks…
CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers
Today, CISA and the Federal Bureau of Investigation (FBI) published guidance on Security Design Improvements for SOHO Device Manufacturers as a part of the new Secure by Design (SbD) Alert series that focuses on how manufacturers should shift the burden…
New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways
CISA is releasing this alert to provide cyber defenders with new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices (CVE-2023-46805 and CVE-2024-21887). Threat actors are continuing to leverage vulnerabilities…
Mitsubishi Electric MELSEC WS Series Ethernet Interface Module
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC WS Series Vulnerability: Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker to login to the…
Mitsubishi Electric FA Engineering Software Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: EZSocket, FR Configurator2, GT Designer3 Version1(GOT1000), GT Designer3 Version1(GOT2000), GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, MX OPC Server DA/UA…
Emerson Rosemount GC370XA, GC700XA, GC1500XA
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely Vendor: Emerson Equipment: Rosemount GC370XA, GC700XA, GC1500XA Vulnerabilities: Command Injection, Improper Authentication, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker with network…
Juniper Networks Releases Security Bulletin for J-Web in Junos OS SRX Series and EX Series
Juniper Networks released a security bulletin to address multiple vulnerabilities for J-Web in Junos OS SRX Series and EX Series. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users…
Guidance: Assembling a Group of Products for SBOM
Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to…
Cisco Releases Security Advisory for Multiple Unified Communications and Contact Center Solutions Products
Cisco released a security advisory to address a vulnerability (CVE-2024-20253) affecting multiple Unified Communications Products. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco Unified Communications…