us-cert

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity   Vendor: AVEVA  Equipment: AVEVA Plant SCADA and AVEVA Telemetry Server  Vulnerability: Improper Authorization  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated user to read data, cause a denial of service, and tamper with alarm states.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA Plant SCADA and AVEVA Telemetry Server are affected:  AVEVA Plant SCADA 2023, AVEVA Plant SCADA 2020R2 Update 10 and all prior versions.  AVEVA Telemetry Server 2020 R2 SP1 and all prior versions  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER AUTHORIZATION CWE-285  The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server contain an improper authorization vulnerability, which if exploited, could allow an unauthenticated user to remotely read data, cause a denial-of-service condition, and tamper with alarm states.  CVE-2023-1256 has been as...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Autodesk  Equipment: FBX SDK  Vulnerability: Out-of-bounds Read, Use After Free, Out-of-bounds Write  2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to code execution or a denial-of-service condition. Products using Autodesk FBX SDK software are affected by these vulnerabilities.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of the affected products are affected:  Autodesk FBX SDK versions 2020 and prior  Luxion KeyShot version 11.3 and prior  3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125  An out-of-bounds read vulnerability in versions of Autodesk FBX SDK prior to version 2020 could result in code execution or information disclosure through maliciously crafted FBX files. This vulnerability, if exploited alongside other vulnerabilities, could also result in code execution in the context of the current process.  CVE-2022-41302...

This updated advisory is a follow-up to the advisory update titled ICSMA-21-87-01 Philips Vue PACS (Update A) that was published January 20, 2022, to the ICS webpage on www.cisa.gov/uscert/ics. This advisory contains mitigations for numerous vulnerabilities in Philips Vue PACS products.