Stay connected

Trending News

Cyber Security, IoT Security, Market, Security Patches

Security content of iOS 15.7.4 and iPadOS 15.7.4 

About Apple security updates For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference vulnerabilities by CVE-ID when possible. For more information…

ICS, Industrial IoT (IIoT), Market, News

Siemens RADIUS Client of SIPROTEC 5 Devices 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens ProductCERT  Equipment: RADIUS client of SIPROTEC 5 devices  Vulnerability: Loop with Unreachable Exit Condition (‘Infinite Loop’)  2. RISK EVALUATION The RADIUS client implementation of the VxWorks platform in SIPROTEC 5 devices contains a denial-of-service vulnerability that…

Critical vulnerabiliities, Cyber Security, Exploit, ICS, Market, News

Cisco Releases Security Advisory for IOS XR Software 

Cisco has released a security advisory for a vulnerability affecting IOS XR Software for ASR 9000 Series Routers. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.  CISA encourages users and administrators to…

Critical vulnerabiliities, Cyber Security, ICS, News

AVEVA Plant SCADA and AVEVA Telemetry Server 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity   Vendor: AVEVA  Equipment: AVEVA Plant SCADA and AVEVA Telemetry Server  Vulnerability: Improper Authorization  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated user to read data, cause a denial of service, and tamper with…

Critical vulnerabiliities

CISA Adds Three Known Exploited Vulnerabilities to Catalog 

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-28810 Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability CVE-2022-33891 Apache Spark Command Injection Vulnerability CVE-2022-35914 Teclib GLPI Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for…

Critical vulnerabiliities, ICS, Industrial IoT (IIoT), Market, News, Recommendations

Siemens SIMATIC Industrial Products 

1. EXECUTIVE SUMMARY CVSS v3 7.9 ATTENTION: Low attack complexity  Vendor: Siemens  Equipment: SIMATIC industrial products  Vulnerability: Time-of-check Time-of-use (TOCTOU) Race Condition  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a privileged user to potentially enable escalation of privilege via local access.  3. TECHNICAL DETAILS 3.1 AFFECTED…

ICS, Industrial IoT (IIoT), IoT Security

Mitsubishi Electric MELSOFT iQ AppPortal 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Mitsubishi Electric  Equipment: MELSOFT iQ AppPortal  Vulnerabilities: HTTP Request Smuggling, Insufficient Verification of Data Authenticity  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a malicious attacker to make unidentified impacts such as authentication bypass, information…

Critical vulnerabiliities, Cyber Security, ICS, News

Siemens SCALANCE X200 IRT 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens  Equipment: SCALANCE X200 IRT Products  Vulnerability: Improper Input Validation  2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products…

ICS, Industrial IoT (IIoT), IoT Security, News

Johnson Controls System Configuration Tool (SCT) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely  Vendor: Johnson Controls  Equipment:  System Configuration Tool  Vulnerabilities: Sensitive Cookie Without ‘HttpOnly’ Flag, Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access cookies and take over the…