Critical vulnerabiliities Archives - (I)IoT Security News

Apple iOS, iPadOS, and watchOS Wallet Code Execution CVE-2023-41061

Description A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited….

IoT, 2 weeks ago 1 min read

Critical vulnerabiliities, Cyber Security, Market

VMware Releases Security Updates for Aria Operations for Networks

3a. Vulnerability: Aria Operations for Networks Authentication Bypass (CVE-2023-34039) 3b. Vulnerability: Aria Operations for Networks Arbitrary File Write (CVE-2023-20890)

IoT, 3 weeks ago 2 min read

Critical vulnerabiliities, Exploit, ICS, IoT Security, Market, News

Cisco Releases Security Advisories for Multiple Products

Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system or cause a denial-of service condition. CISA encourages users and administrators to review the following advisories and…

IoT, 1 month ago 2 min read

Critical vulnerabiliities, ICS, IoT Security, Market, News

Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers

Security Assessment of Schneider Electric Products Summary of Findings: During a security assessment of Schneider Electric’s EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers, several vulnerabilities were discovered. These vulnerabilities involve improper checks for unusual or exceptional conditions and could potentially lead to unauthorized access,…

IoT, 2 months ago 2 min read

Critical vulnerabiliities, Cyber Security, ICS, Tools, Uncategorized

Oracle Releases Security Updates

Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for July 2023 to address vulnerabilities affecting multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. Oracle Linux Bulletin – July 2023…

IoT, 2 months ago 2 min read

Critical vulnerabiliities, Cyber Security, Recommendations

ISC Releases Security Advisories for Multiple Versions of BIND 9

The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. CISA encourages users and administrators to review the following…

IoT, 3 months ago 3 min read

Critical vulnerabiliities, Cyber Security, Security Patches

Fortinet Releases Security Updates for FortiOS and FortiProxy

Fortinet has released security updates to address a heap-based buffer overflow vulnerability CVE-2023-27997 in FortiOS and FortiProxy. An attacker could exploit this vulnerability to take control of an affected system. Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign Affected Platforms: FortiOSImpacted Users: Targeted at government, manufacturing,…

IoT, 3 months ago 3 min read

Critical vulnerabiliities, Cyber Security, Hacks, ICS, Market

Mitsubishi Electric MELSEC Series CPU module

1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition or execute malicious code on a target product by sending specially crafted packets. The attacker needs to understand the internal structure of products to…

IoT, 4 months ago 2 min read

Critical vulnerabiliities, ICS, Industrial IoT (IIoT), IoT Security, Market, News

Siemens SIMATIC Cloud Connect 7

1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (‘COMMAND…

IoT, 4 months ago 5 min read

Critical vulnerabiliities, Exploit, ICS, Market, News, Recommendations

Siemens SCALANCE W1750D

1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information or steal the unsuspecting user’s session. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20…

IoT, 4 months ago 2 min read

Stay connected

Trending News

Apple iOS, iPadOS, and watchOS Wallet Code Execution CVE-2023-41061

VMware Releases Security Updates for Aria Operations for Networks

Cisco Releases Security Advisories for Multiple Products

APSystems Altenergy Power Control

Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers

Oracle Releases Security Updates

Apple iOS, iPadOS, and watchOS Wallet Code Execution CVE-2023-41061

VMware Releases Security Updates for Aria Operations for Networks

Cisco Releases Security Advisories for Multiple Products

Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers

Oracle Releases Security Updates

ISC Releases Security Advisories for Multiple Versions of BIND 9

Fortinet Releases Security Updates for FortiOS and FortiProxy

Mitsubishi Electric MELSEC Series CPU module

Siemens SIMATIC Cloud Connect 7

Siemens SCALANCE W1750D

Hot Topics

Apple iOS, iPadOS, and watchOS Wallet Code Execution CVE-2023-41061

VMware Releases Security Updates for Aria Operations for Networks

Cisco Releases Security Advisories for Multiple Products

APSystems Altenergy Power Control

Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers

Oracle Releases Security Updates

Categories

Apple iOS, iPadOS, and watchOS Wallet Code Execution CVE-2023-41061

VMware Releases Security Updates for Aria Operations for Networks

Cisco Releases Security Advisories for Multiple Products

APSystems Altenergy Power Control

Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers

Oracle Releases Security Updates

Latest

Popular

Apple iOS, iPadOS, and watchOS Wallet Code Execution CVE-2023-41061

VMware Releases Security Updates for Aria Operations for Networks

Cisco Releases Security Advisories for Multiple Products

APSystems Altenergy Power Control

Advantech WebAccess Node

Fazecast jSerialComm

Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploit0

JexBoss – JBoss Verify and EXploitation Tool