Tag
#web
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Solid Edge Vulnerabilities: Out-of-bounds Read, Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to crash the application or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: Solid Edge SE2024: versions prior to V224.0 Update 9 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS READ CWE-125 The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow a...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Spectrum Power 7 Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated local attacker to escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Spectrum Power 7 are affected: Spectrum Power 7: All versions prior to V24Q3 3.2 Vulnerability Overview 3.2.1 INCORRECT PRIVILEGE ASSIGNMENT CWE-266 The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges. CVE-2024-29119 has been assigned...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Siemens Equipment: SINEC INS Vulnerabilities: Improper Authentication, Out-of-bounds Write, Inefficient Regular Expression Complexity, Excessive Iteration, Reachable Assertion, Uncontrolled Resource Consumption, Improper Input Validation, Improper Check for Unusual or Exceptional Conditions, Memory Allocation with Excessive Size Value, Heap-based Buffer Overflow, Missing Encryption of Sensitive Data, Path Traversal, Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthori...
Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia.
APT Wirte is doing double duty, adding all manner of supplemental malware to gain access, eavesdrop, and wipe data, depending on the target.
The China-affiliated group is using the highly modular DeepData framework to target organizations in South Asia.
Among the top exploited zero-day vulnerabilities were bugs found in systems from Citrix and Cisco.
Temu is under investigation for a variety of misleading practices.
The shift to cloud means securing your organization's digital assets requires a proactive, multilayered approach.