Latest News

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.

The Internet Archive has been hit hard by a data breach and several DDoS attacks all around the same time.

Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck. "A vulnerability in the Nortek Linear eMerge E3 allows

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC Security Monitor Vulnerabilities: Argument Injection, Command Injection, Path Traversal, Permissive List of Allowed Inputs 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, execute privileged commands, or compromise the integrity of the configuration of the affected application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SINEC Security Monitor, a modular cyber security software, are affected: SINEC Security Monitor: All versions prior to V4.9.0 3....

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: PSS SINCAL Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or kernel memory corruption on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected if WibuKey dongles are used: PSS SINCAL: All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119 An issue was discovered in WibuKey64.sys in WIB...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Sentron Powercenter 1000 Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: SENTRON Powercenter 1000 (7KN1110-0MC00): All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754 Prior to v7.4.0, Ember ZNet is vulnerable to a denial-of-service attack throug...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: DataMosaix Private Cloud Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to view user data or create, modify, or delete their own project. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the following versions of DataMosaix Private Cloud are affected: DataMosaix Private Cloud: Versions 7.07 and prior 3.2 Vulnerability Overview 3.2.1 Exposure of Sensitive Information to an Unauthorized Actor CWE-200 A data exposure vulnerability exists in DataMosaix Private Cloud. There are hardcoded links in the source code that lead to JSON files that can be reached without authentication. If exploited, a threat actor could view user data. CVE-2024-7952 has been assigned to t...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Low attack complexity Vendor: Siemens Equipment: HiMed Cockpit Vulnerability: Improper Protection of Alternate Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escape the restricted environment and gain access to the underlying operating system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens HiMed Cockpit, a multimedia terminal, are affected: HiMed Cockpit 12 pro (J31032-K2017-H259): Versions V11.5.1 up to but not including V11.6.2 HiMed Cockpit 14 pro+ (J31032-K2017-H435): Versions V11.5.1 up to but not including V11.6.2 HiMed Cockpit 18 pro (J3...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.0 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerability: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a limited denial-of-service condition, data loss, or information disclosure. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products with Nozomi Guardian / CMC before 24.3.1 are affected: RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0): All versions RUGGEDCOM APE1808LNX CC (6GK6015-0AL20-0GH1): All versions 3.2 Vulnerability Overview 3.2.1 INCORRECT AUTHORIZATION CWE-863 An access control vulnerability was disco...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Zelio Soft 2 Vulnerabilities: Use After Free, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to achieve arbitrary code execution, cause a denial-of-service condition, or loss of confidentiality and integrity. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Schneider Electric Zelio Soft 2 are affected: Zelio Soft 2: Versions prior to 5.4.2.2 3.2 Vulnerability Overview 3.2.1 USE AFTER FREE CWE-416 A Use After Free vulnerability exists that could cause arbitrary code execution, denial-of-service and loss of confidentiality & integrity if an application user opens a malicious Zelio Soft 2 project file. CVE-2024-8422 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...