Skip to main content

Security Bulletin

4 Feb 2025
Biztonsági szemle

Schneider Electric Modicon M340 and BMXNOE0100/0110, BMXNOR0200H

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and BMXNOE0100/0110, BMXNOR0200H Vulnerability: Exposure of Sensitive Information to an Unauthorized...
cisa.gov
Read more
4 Feb 2025
Biztonsági szemle

Schneider Electric Web Designer for Modicon

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Web Designer for Modicon Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation...
cisa.gov
Read more
4 Feb 2025
Biztonsági szemle

Rockwell Automation 1756-L8zS3 and 1756-L3 and 1756-L3

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-L8zS3, 1756-L3zS3 Vulnerability: Improper Handling of Exceptional Conditions 2. RISK EVALUATION Successful...
cisa.gov
Read more
4 Feb 2025
Biztonsági szemle

Western Telematic Inc NPS Series, DSM Series, CPM Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Western Telematic Inc Equipment: NPS Series, DSM Series, CPM Series Vulnerability: External Control of File Name or Path 2. RISK EVALUATION...
cisa.gov
Read more
4 Feb 2025
Biztonsági szemle

CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices

CISA—in partnership with international and U.S. organizations—released guidance to help organizations protect their network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT)...
cisa.gov
Read more
4 Feb 2025
Biztonsági szemle

AutomationDirect C-more EA9 HMI

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-more EA9 HMI Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK...
cisa.gov
Read more
4 Feb 2025
Biztonsági szemle

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45195 Apache OFBiz Forced Browsing Vulnerability CVE-2024-29059 Microsoft .NET Framework Information Disclosure...
cisa.gov
Read more
4 Feb 2025
Biztonsági szemle

Schneider Electric Pro-face GP-Pro EX and Remote HMI

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX and Remote HMI Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel...
cisa.gov
Read more
Featured image for {“vendor”:”ppworks”,”type”:”segment”,”id”:”13481″} podcast from PPWorks
4 Feb 2025
Biztonsági szemle

Threat Modeling That Helps the Business - Sandy Carielli, Akira Brand - ASW #316

scmagazine.com
Read more
4 Feb 2025
Biztonsági szemle

ISC Stormcast For Tuesday, February 4th, 2025 https://isc.sans.edu/podcastdetail/9308, (Tue, Feb 4th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
isc.sans.edu
Read more
<p>(Credit: Robert &#8211; stock.adobe.com)</p>
4 Feb 2025
Biztonsági szemle

Google reveals Gemini AI use by more than 40 state-sponsored APTs

Iran-backed groups were the most prolific adversarial users, while North Korean APTs used the LLM for likely IT worker scams.
scmagazine.com
Read more
Cyber Threat Detected in Digital Code Interface, Alert System Highlighting Security Vulnerability in Cyber Environment
4 Feb 2025
Biztonsági szemle

Record number of exploited security vulnerabilities reached in 2024

A total of 768 CVE-listed vulnerabilities exploited in the wild, a 20% increase from 2023.
scmagazine.com
Read more
Language
Audience