Latest News

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Heap-Based Buffer Overflow, Out-of-bounds Read, Use of Uninitialized Variable 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code remotely. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics CNCSoft-G2, a Human-Machine Interface (HMI) software, are affected: CNCSoft-G2: Version 2.1.0.10 3.2 Vulnerability Overview 3.2.1 Stack-based Buffer Overflow CWE-121 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. CVE-2024-47962 has been assigned to this vulnerability....

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 and S7-1200 CPUs Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to make the web server of affected devices redirect a legitimate user to an attacker-chosen URL. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following SIMATIC S7-1500 and S7-1200 CPUs are affected: SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0): versions prior to V3.1.4 SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): versions prior to V3.1.4 SIMATIC ET 200SP ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SENTRON 7KM PAC3200 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access clear text communication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SENTRON PAC3200 devices are affected: SENTRON 7KM PAC3200: All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER AUTHENTICATION CWE-287 Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface coul...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low attack complexity Vendor: Siemens Equipment: JT2Go Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens JT2Go, a 3D viewing tool, are affected: JT2Go: All versions prior to V2406.0003 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow ...

The average higher education institution is getting hit once a week now, and as one University of Oregon attack shows, the sector often lacks the resources to keep pace.

The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and incidents. As a result, SOC analysts often leave in search of better pay, the opportunity to move beyond

Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types.

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented characters," Jscrambler researchers said in an analysis. "The heavy use of Unicode characters, many

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 129.0.2792.89 10/10/2024 129.0.6668.100/.101

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 129.0.2792.89 10/10/2024 129.0.6668.100/.101