Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control. The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination….
Siemens SIMATIC WinCC
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC PCS, WinCC Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow authenticated attackers to escape the kiosk mode. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products…
Johnson Controls Metasys
1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Unverified Password Change 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to lock other users out of the system and take over their accounts….
ICS Advisory (ICSA-22-090-01)
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: SCADAPack Workbench Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result from exfiltration of data from local files to a remote system controlled by an attacker….
Security expert discovered Kernel Level Privilege Escalation vulnerability in the Availability Suite Service component of Oracle Solaris 10 and 11.3
Security researchers from Trustwave have discovered a new high severity vulnerability, tracked as CVE-2018-2892, that affected the Availability Suite Service component in Oracle Solaris 10 and 11.3. The flaw could be exploited by a remote authenticated attacker to execute code with elevated privileges. “A local…
Apache Tomcat Patches Important Security Vulnerabilities
The Apache Software Foundation (ASF) has released security updates to address several vulnerabilities in its Tomcat application server, one of which could allow a remote attacker to obtain sensitive information. Apache Tomcat is an open source web server and servlet system, which uses several Java…