Latest News

### Impact When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation. For example, ``` java -cp /app ... Djavax.net.ssl.trustStorePassword=<Password> ``` The command with the password appears in the NeuVector security event. To prevent this, NeuVector uses the following default regular expression to detect and redact sensitive data from process commands: ``` (?i)(password|passwd|token) ``` Also, you can define custom patterns to redact by creating a Kubernetes ConfigMap. For example: ``` kubectl create configmap neuvector-custom-rules --from-file=secret-patterns.yaml -n neuvector ``` Sample `secret-patterns.yaml` content: ``` Pattern_list: - (?i)(pawd|pword) - (?i)(secret) ``` NeuVector uses the default and custom regex to decide whether the process command in a security event should be redacted. **Note:** If numerous regular expression (regex) patterns are configured in the Kubernetes ConfigMap for extended coverage ...

### Impact NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed). NeuVector generates a cryptographically secure, random 16-character salt and uses it with the PBKDF2 algorithm to create the hash value for the following actions: - Creating a user - Updating a user’s password - Creating an API key **Note:** After upgrading to NeuVector 5.4.6, users must log in again so that NeuVector can regenerate the password hash. For API keys, you must send at least one request per API key to regenerate its hash value. ### Patches This issue is fixed in NeuVector version **5.4.6** and later. ### Workarounds There is no workaround. Upgrade to a patched version of NeuVector as soon as possible. ### References If you have any questions or comments about this advisory: - Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/securit...

A coalition of international cybersecurity agencies led by the UK’s National Cyber Security Centre (NCSC) has publicly linked…

Make sure your Chrome browser is updated to the latest version to stay protected.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: GE Vernova Equipment: CIMPLICITY Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of GE Vernova's CIMPLICITY, HMI/SCADA software, are affected: CIMPLICITY: Versions 2024, 2023, 2022, 11.0 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 CIMPLICITY versions 2024, 2023, 2022, and 11.0 are vulnerable to an Uncontrolled Search Path Element exploit that could allow a low-level attacker to escalate their privileges. CVE-2025-7719 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-7719. A base score of 7 has been calculated; the CVSS ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: COMMGR Vulnerabilities: Stack-based Buffer Overflow, Code Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics COMMGR are affected: COMMGR: Versions v2.9.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 Delta Electronics COMMGR versions 2.9.0 and prior are vulnerable to a Stack-based Buffer Overflow vulnerability that could allow an attacker to execute arbitrary code by crafting specially designed .isp files. CVE-2025-53418 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). A CVSS v4 score has also been calculated for CVE-2025-53418. A base score of 8.8 has b...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Saitel DR RTU, Saitel DP RTU Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to escalate privileges, potentially leading to arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric Saitel DR RTU: versions 11.06.29 and prior Schneider Electric Saitel DP RTU: versions 11.06.34 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269 An improper privilege management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts. CVE-2025-8453 has been assigned to this vulnerability. A CVSS v3.1 base...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on affected installations of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics CNCSoft-G2 are affected: CNCSoft-G2: Version 2.1.0.20 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 Delta Electronics CNCSoft-G2 is vulnerable to a flaw in the parsing of DPAX files that allows attackers to execute arbitrary code. This vulnerability requires user interaction, such as visiting a malicious page or opening a malicious file. Exploitation of this flaw can result in memory corruption and code execution within the context of the current process. CVE-2025-47728 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series CPU module Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker the ability to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product by using the obtained credential information. In addition, the attacker may be able to stop the operations of programs. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports the following versions of MELSEC iQ-F Series CPU module are affected: MELSEC iQ-F Series FX5U-32MT/ES: All versions MELSEC iQ-F Series FX5U-32MT/DS: All versions MELSEC iQ-F Series FX5U-32MT/ESS: All versions MELSEC iQ-F Series FX5U-32MT/DSS: All versions MELSEC iQ-F Series FX5U-64MT/ES: All versions MELSEC iQ-F Series FX5U-64MT/DS: All versions ME...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series CPU module Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read or write the device values of the product. In addition, the attacker may be able to stop the operation of the programs. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports the following versions of MELSEC iQ-F Series are affected: MELSEC iQ-F Series FX5U-32MT/ES: 1.060 and later MELSEC iQ-F Series FX5U-32MT/DS: 1.060 and later MELSEC iQ-F Series FX5U-32MT/ESS: 1.060 and later MELSEC iQ-F Series FX5U-32MT/DSS: 1.060 and later MELSEC iQ-F Series FX5U-64MT/ES: 1.060 and later MELSEC iQ-F Series FX5U-64MT/DS: 1.060 and later MELSEC iQ-F Series FX5U-64MT/ESS: 1.060 and later MELSEC iQ-F Series FX5U-64MT/DSS: 1.060 and later MELSEC iQ-F Series FX5U-80MT/ES...