As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity

READ MORE →

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity

READ MORE →

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack

READ MORE →

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity

READ MORE →

Cisco has released security updates to address vulnerabilities in Cisco software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following advisories and apply necessary updates:•    Cisco Crosswork Network Services Orchestrator•    Cisco Crosswork Network Services Orchestrator Privilege Escalation•    ConfD

READ MORE →

Adobe has released security updates to address vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  Users and administrators are encouraged to review the following Adobe Security Bulletins and apply necessary updates:  Adobe Acrobat and Reader Adobe Illustrator Substance 3D Painter Adobe Aero

READ MORE →

Title: Microsoft Releases May 2024 Security Updates Content: Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  Users and administrators are encouraged to review the following advisory and apply the necessary updates:  Microsoft Security Update Guide

READ MORE →

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30051 Microsoft DWM Core Library Privilege Escalation Vulnerability CVE-2024-30040 Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding

READ MORE →

Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, macOS, watchOS, and tvOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  Users and administrators are encouraged to review the following advisories and apply necessary updates:  Safari 17.5 iOS 17.5 and iPadOS 17.5 iOS

READ MORE →

CISA released four Industrial Control Systems (ICS) advisories on May 14, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-135-01 Rockwell Automation FactoryTalk Remote Access ICSA-24-135-02 SUBNET PowerSYSTEM Center and Substation Server ICSA-24-135-03 Johnson Controls Software House C-CURE 9000 ICSA-24-135-04 Mitsubishi Electric Multiple FA Engineering Software Products CISA

READ MORE →