Our news

CISA released two Industrial Control Systems (ICS) advisories on January 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-007-01 ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products ICSA-25-007-02 Nedap Librix Ecoreader CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

READ MORE →

Post Content

READ MORE →

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-3393 Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk…

READ MORE →

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-44207 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of…

READ MORE →

Fortinet released a security update to address a vulnerability in FortiManager. A remote cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following Fortinet Security Bulletin and apply the necessary updates: FG-IR-24-425

READ MORE →

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12356 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: RTU500 series CMU Vulnerability: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Tibbo Equipment: AggreGate Network Manager Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve code execution on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable from adjacent network Vendor: Hitachi Energy Equipment: SDM600 Vulnerabilities: Origin Validation Error, Incorrect Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges and access sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon Controllers Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a victim’s browser to run arbitrary JavaScript when visiting a page containing injected payload. 3. TECHNICAL DETAILS 3.1 AFFECTED…

READ MORE →