Biztonsági szemle

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerLogic PM5300 Series Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Automated Logic Equipment: WebCTRL Premium Server Vulnerabilities: Unrestricted Upload of File with Dangerous Type, URL Redirection to Untrusted...

Google’s move will spur other providers to encourage MFA – and that’s a positive development for our industry.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M340, MC80, and Momentum Unity M1E Vulnerabilities: Improper Input Validation, Improper Restriction of Operations within the...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerabilities: OS Command Injection, Improper Authentication, Missing Authentication for Critical Function, Path...

Executive Summary The Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team assessment (RTA) at the request of a critical infrastructure organization. During RTAs, CISA’s red team simulates real-world malicious cyber operations...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M340, MC80, and Momentum Unity M1E Vulnerabilities: Improper Enforcement of Message Integrity During Transmission in a...

Today, CISA released Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a U.S. Critical Infrastructure Sector Organization in coordination with the assessed organization. This cybersecurity advisory details lessons learned and key...

CISA released seven Industrial Control Systems (ICS) advisories on November 21, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-326-01 Automated Logic WebCTRL...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Low attack complexity Vendor: CODESYS GmbH Equipment: OSCAT Basic Library Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability allows an local...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure IT Gateway Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this...

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability CVE-2024-44309 Apple Multiple Products Cross-Site...