Tag: All CISA Advisories

CISA released two Industrial Control Systems (ICS) advisories on December 5, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-339-01 Zebra ZTC Industrial ZT400 and Desktop GK420d ICSA-23-208-03 Mitsubishi Electric CNC Series (Update…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: Zebra Technologies Equipment: ZTC Industrial ZT410, ZTC Desktop GK420d Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of…

Read more →

Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as an…

Read more →

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access…

Read more →

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-42917 Apple Multiple Products WebKit Memory Corruption Vulnerability CVE-2023-42916 Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability These types of vulnerabilities are frequent attack vectors for…

Read more →

CISA is continually collaborating with partners across government and the private sector. As a result of this collaboration, CISA has concluded that there is insufficient evidence to keep the following CVE in the catalog and has removed it: CVE-2022-28958 DIR-816L Remote…

Read more →

Apple has released security updates to address vulnerabilities within Safari, macOS Sonoma, iOS, and iPadOS. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: STARDOM FCN/FCJ Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DOPSoft Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code execution. 3. TECHNICAL DETAILS 3.1…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX, ThingWorx, OPC-Aggregator Vulnerabilities: Heap-based Buffer Overflow, Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow…

Read more →

Today, CISA published guidance on How Software Manufacturers Can Shield Web Management Interfaces From Malicious Cyber Activity as a part of a new Secure by Design (SbD) Alert series.    This SbD Alert urges software manufacturers to proactively prevent the…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 2.9 ATTENTION: Exploitable locally Vendor: Mitsubishi Electric Corporation Equipment: GX Works2 Vulnerability: Denial-of-Service 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a Denial-of-service (DoS) due to improper input validation in the…

Read more →

CISA released four Industrial Control Systems (ICS) advisories on November 28, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-331-01 Delta Electronics InfraSuite Device Master ICSA-23-331-02 Franklin Electric Fueling Systems Colibri ICSA-23-331-03 Mitsubishi…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Franklin Electric Fueling Systems Equipment: Colibri Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: FACSChorus Vulnerabilities: Missing Protection Mechanism for Alternate Hardware Interface, Missing Authentication for Critical Function, Improper Authentication, Use of Hard-coded Credentials, Insecure…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: InfraSuite Device Master Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Exposed Dangerous Method or Function. 2. RISK EVALUATION Successful exploitation of these vulnerabilities…

Read more →

Today, in a landmark collaboration, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) are proud to announce the release of the Guidelines for Secure AI System Development. Co-sealed by 23 domestic and…

Read more →

Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device…

Read more →