Mitsubishi Electric MELSEC-Q Series PLCs (Update A)
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to send specially crafted packets to the device, causing Ethernet communication to stop. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MELSEC-Q series PLCs are affected: 3.2 VULNERABILITY OVERVIEW…
Mitsubishi Electric FA Engineering Software
2. RISK ASSESSMENTExploiting this vulnerability successfully could enable a local attacker to execute code, potentially leading to information exposure, unauthorized data alterations, or triggering a denial-of-service (DoS) scenario. 3. TECHNICAL SPECIFICATIONS 3.1 IMPACTED PRODUCTSThe subsequent versions of Mitsubishi Electric’s FA Engineering Software Solutions are affected:…
Siemens Spectrum Power 7
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to inject arbitrary code to the update script and escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: 3.2 Vulnerability Overview 3.2.1 Incorrect Permission…
Apple iOS, iPadOS, and watchOS Wallet Code Execution CVE-2023-41061
Description A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited….
VMware Releases Security Updates for Aria Operations for Networks
3a. Vulnerability: Aria Operations for Networks Authentication Bypass (CVE-2023-34039) 3b. Vulnerability: Aria Operations for Networks Arbitrary File Write (CVE-2023-20890)
Cisco Releases Security Advisories for Multiple Products
Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system or cause a denial-of service condition. CISA encourages users and administrators to review the following advisories and…
APSystems Altenergy Power Control
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Altenergy Power Control software are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS…
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
Security Assessment of Schneider Electric Products Summary of Findings: During a security assessment of Schneider Electric’s EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers, several vulnerabilities were discovered. These vulnerabilities involve improper checks for unusual or exceptional conditions and could potentially lead to unauthorized access,…
Oracle Releases Security Updates
Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for July 2023 to address vulnerabilities affecting multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. Oracle Linux Bulletin – July 2023…
ISC Releases Security Advisories for Multiple Versions of BIND 9
The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. CISA encourages users and administrators to review the following…
Stay connected