Security
Headlines
HeadlinesLatestCVEs

Latest News

Yokogawa Recorder Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: GX10, GX20, GP10, GP20, GM Data Acquisition System, DX1000, DX2000, DX1000N, FX1000, μR10000, μR20000, MW100, DX1000T, DX2000T, CX1000, CX2000 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate information on the affected products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Yokogawa recorder products are affected: GX10 / GX20 / GP10 / GP20 Paperless Recorders: Versions R5.04.01 and earlier GM Data Acquisition System: Versions R5.05.01 and earlier DX1000 / DX2000 / DX1000N Paperless Recorders: Versions R4.21 and earlier FX1000 Paperless Recorders: Versions R1.31 and earlier μR10000 / μR20000 Chart Recorders: Versions R1.51 and earlier MW100 Data Acquisition Units: All versions DX1000T / DX2000T Paperless Recorders: All versions ...

us-cert
#vulnerability#web#perl#auth
Schneider Electric ConneXium Network Manager

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: ConneXium Network Manager Vulnerabilities: Files or Directories Accessible to External Parties, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access sensitive data, escalate privileges, or perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric ConneXium Network Manager: Version 2.0.01 (CVE-2025-2222) Schneider Electric ConneXium Network Manager: All versions (CVE-2025-2223) 3.2 VULNERABILITY OVERVIEW 3.2.1 FILES OR DIRECTORIES ACCESSIBLE TO EXTERNAL PARTIES CWE-552 CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following a Man-In-The-Middle attack. CVE-2025-2222 has b...

Schneider Electric Sage Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Sage series Vulnerabilities: Out-of-bounds Write, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Incorrect Default Permissions, Unchecked Return Value, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise the impacted device, leading to loss of data, loss of operation, or impacts to the performance of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Sage 1410: Versions C3414-500-S02K5_P8 and prior Sage 1430: Versions C3414-500-S02K5_P8 and prior Sage 1450: Versions C3414-500-S02K5_P8 and prior Sage 2400: Versions C3414-500-S02K5_P8 and prior Sage 4400: Versions C3414-500-S02K5_P8 and prior Sage 3030 Magnum: V...

Schneider Electric Trio Q Licensed Data Radio

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.4 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Trio Q Licensed Data Radio Vulnerabilities: Insecure Storage of Sensitive Information, Initialization of a Resource with an Insecure Default 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access confidential information, compromise the integrity, or affect the availability of the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric Trio Q Licensed Data Radio: Versions prior to 2.7.2 3.2 VULNERABILITY OVERVIEW 3.2.1 INSECURE STORAGE OF SENSITIVE INFORMATION CWE-922 An insecure storage of sensitive information vulnerability exists that could potentially lead to unauthorized access to confidential data when a malicious user with physical access and advanced knowledge of the filesystem sets the radio to factory default mode. CVE-2025-24...

State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater,

Artificial Intelligence – What's all the fuss?

Talking about AI: Definitions Artificial Intelligence (AI) — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing various technologies and methodologies, including Machine Learning (ML) and Deep Learning. Machine

Blockchain Offers Security Benefits – But Don't Neglect Your Passwords

Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works  Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions.

This ‘College Protester’ Isn’t Real. It’s an AI-Powered Undercover Bot for Cops

Massive Blue is helping cops deploy AI-powered social media bots to talk to people they suspect are anything from violent sex criminals all the way to vaguely defined “protesters.”

Unmasking the new XorDDoS controller and infrastructure

Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks.

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0. "The vulnerability allows an attacker with network access to an Erlang/OTP SSH