Category: Good news

ABB–RobotWare 6  An attacker who successfully exploited these vulnerabilities could cause the robot to stop. A vulnerability exists in the PROFINET stack included in the RobotWare versions listed below.  This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5-…

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to…

CISA released two Industrial Control Systems (ICS) advisories on October 15, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol

MS-ISAC ADVISORY NUMBER: 2024-115 DATE(S) ISSUED: 10/10/2024 OVERVIEW: A vulnerability has been discovered in Mozilla Firefox which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Successful exploitation could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install…

CISA released twenty-one Industrial Control Systems (ICS) advisories on October 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-284-01 Siemens SIMATIC S7-1500 and S7-1200 CPUs ICSA-24-284-02 Siemens Simcenter Nastran ICSA-24-284-03 Siemens Teamcenter Visualization and JT2Go ICSA-24-284-04 Siemens SENTRON PAC3200 Devices ICSA-24-284-05 Siemens Questa and ModelSim ICSA-24-284-06 Siemens…

CISA has observed cyber threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to enumerate other non-internet facing devices on the network. F5 BIG-IP is a suite of hardware and software solutions designed to manage and secure network traffic. A malicious cyber actor could leverage the information gathered from unencrypted persistence…

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23113 Fortinet Multiple Products Format String Vulnerability CVE-2024-9379 Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability CVE-2024-9380 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant…

MS-ISAC ADVISORY NUMBER: 2024-114 DATE(S) ISSUED: 10/08/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Ivanti EPMM is a mobile device management solution designed to secure mobile devices, apps and content. Ivanti Cloud Service Appliance (CSA) is an Internet appliance that provides secure…

MS-ISAC ADVISORY NUMBER: 2024-113 DATE(S) ISSUED: 10/08/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…