Tag
#perl
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC 4 Compact Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIPROTEC 4 6MD61: All versions SIPROTEC 4 7SJ62: All versions SIPROTEC 4 7SJ63: All versions SIPROTEC 4 7SJ64: All versions SIPROTEC 4 7SJ66: All versions SIPROTEC 4 7SS52: All versions SIPROTEC 4 7ST6: All...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 2.4 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIPROTEC 5 Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIPROTEC 5 6MD84 (CP300): Versions prior to V10.0 SIPROTEC 5 7SD82 (CP150): Versions prior to V10.0 SIPRO...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: SINUMERIK Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SINUMERIK 828D PPU.4: Versions prior to V4.95 SP5 SINUMERIK 828D PPU.5: Versions prior to V5.25 SP1 SINUMERIK 840D sl: Versions prior to V4.95 SP5 SINUMERIK MC: V...
You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because you know the unlikely but potentially dangerous consequences of forgetting – a break-in, fire, or worse. Your
Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.”
Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.
A new report by VulnCheck exposes a critical command injection flaw (CVE-2025-53652) in the Jenkins Git Parameter plugin.…
### Summary An authentication bypass vulnerability allows any unauthenticated attacker to impersonate any ActivityPub actor by sending forged activities signed with their own keys. Activities are processed before verifying the signing key belongs to the claimed actor, enabling complete actor impersonation across all Fedify instances ### Details The vulnerability exists in handleInboxInternal function in fedify/federation/handler.ts. The critical flaw is in the order of operations: 1. Line 1712: routeActivity() is called first, which processes the activity (either immediately or by adding to queue) 2. Line 1730: Authentication check (doesActorOwnKey) happens AFTER processing ```ts // fedify/federation/handler.ts:1712-1750 const routeResult = await routeActivity({ // ← Activity processed here context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvi...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Yealink Equipment: IP Phones Vulnerability: Improper Restriction of Excessive Authentication Attempts, Allocation of Resources Without Limits or Throttling, Incorrect Authorization, Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an information disclosure. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Yealink IP products are affected: SIP-T19P_E2: Versions prior to 53.84.0.121 SIP-T21P_E2: Versions prior to 52.84.0.121 SIP-T23G: Versions prior to 44.84.0.121 SIP-T40G: Versions prior to 76.84.0.121 SIP-T40P: Versions prior to 54.84.0.121 SIP-T27G: Versions prior to 69.84.0.121 SIP-T41S: Versions prior to 66.84.0.121 SIP-T42S: Versions prior to 66.84.0.121 SIP-T46S: Versions prior to 66.84.0.121 SIP- T48S: Versions prior to 66.84.0.121 SIP-CP920: Versions prior to 78.84.0.121 SIP-T53: Versions p...
The Hague, Netherlands, 7th August 2025, CyberNewsWire