Security Bulletin

Cisco released a security advisory to address a vulnerability (CVE-2024-20272) in Cisco Unity Connection. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review...

A deserialization of untrusted data vulnerability exists in Schneider Electric Easergy Studio versions prior to v9.3.5 that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT...

The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

By utilizing a Zip Slip vulnerability in the unpacking routine, an attacker can supply a malicious configuration file to achieve remote code execution.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see  Siemens' ProductCERT...

The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device even after the affected...

CISA released nine Industrial Control Systems (ICS) advisories on January 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.

Tisztelt Ügyfelünk! A Nemzetbiztonsági Szakszolgálat Nemzeti Kibervédelmi Intézet (NBSZ NKI) tájékoztatót ad ki az Adobe szoftverfejlesztő cég termékeit érintő sérülékenységekkel kapcsolatban, azok súlyossága, valamint az egyes biztonsági hibákat...

Tisztelt Ügyfelünk! A Nemzetbiztonsági Szakszolgálat Nemzeti Kibervédelmi Intézet (NBSZ NKI) riasztást ad ki a Microsoft szoftvereket érintő kritikus kockázati besorolású sérülékenységek kapcsán, azok súlyossága, kihasználhatósága és a szoftverek...

Tisztelt Ügyfelünk! A Nemzetbiztonsági Szakszolgálat Nemzeti Kibervédelmi Intézet (NBSZ NKI) riasztást ad ki az Ivanti Connect Secure és az Ivanti Policy Secure szoftvereket érintő 0. napi, kritikus kockázati besorolású sérülékenységek kapcsán, azok...