Tag: All CISA Advisories

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION: Exploitable remotely Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite Vulnerabilities: Allocation of Resources Without Limits or Throttling, Improper Neutralization, Uncontrolled Search Path Element, Improper Authentication, Unsafe Reflection 2. RISK EVALUATION…

Read more →

Progress Software released a security bulletin to address a vulnerability in MOVEit Transfer. A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following bulletin and apply…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: marKoni Equipment: Markoni-D (Compact) FM Transmitters, Markoni-DH (Exciter+Amplifiers) FM Transmitters Vulnerabilities: Command Injection, Use of Hard-coded Credentials, Use of Client-Side Authentication, Improper Access…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability may allow web…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: FAST/TOOLS and CI Server Vulnerabilities: Cross-site Scripting, Empty Password in Configuration File 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker…

Read more →

Today, CISA, in partnership with the Federal Bureau of Investigation, Australian Signals Directorate’s Australian Cyber Security Centre, and Canadian Cyber Security Center, released Exploring Memory Safety in Critical Open Source Projects. This guidance was crafted to provide organizations with findings…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: ABB Equipment: 800xA Base Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause services to crash and restart. 3. TECHNICAL DETAILS 3.1…

Read more →

CISA released two Industrial Control Systems (ICS) advisories on June 25, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-177-01 ABB Ability System 800xA ICSA-24-177-02 PTC Creo Elements/Direct License Server CISA encourages users…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Creo Elements/Direct License Server Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated remote attackers to execute arbitrary OS…

Read more →

Juniper Networks released a security bulletin to address multiple vulnerabilities affecting Juniper Secure Analytics optional applications. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review…

Read more →