Security Bulletin

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely/public exploits are available Vendor: Dingtian Equipment: DT-R002 Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Arena Vulnerabilities: Out-of-Bounds Read, Access of Uninitialized Pointer 2. RISK EVALUATION Successful exploitation of these...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Sielco Equipment: Analog FM Transmitters and Radio Link Vulnerabilities: Improper Access Control, Cross-Site...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-5631 Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Centralite Equipment: Pearl Thermostat Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View Site Edition Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Sielco Equipment: PolyEco1000 Vulnerabilities: Session Fixation, Improper Restriction of Excessive Authentication...

CISA released nine Industrial Control Systems (ICS) advisories on October 26, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-299-01 Dingtian DT-R002 ICSA-23-299...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Ashlar-Vellum Equipment: Cobalt, Graphite, Xenon, Argon, Lithium, and Cobalt Share Vulnerabilities: Out-of-Bounds Write, Heap-based Buffer Overflow, Out-of-Bounds...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability...

VMware released a security advisory for a vulnerability (CVE-2023-34048) affecting the VMware vCenter Server and (CVE-2023-34056) affecting [VMware Cloud Foundation]. A remote cyber actor could exploit these vulnerabilities to obtain information or...

Put awareness training at the center of a strategy to secure employee devices.