Our news
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing…
Cisco Releases Security Bundle for Cisco ASA, FMC, and FTD Software
Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication to address vulnerabilities in Cisco ASA, FMC, and FTD. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisory and apply the…
CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes
Today, CISA—along with U.S. and international partners—released joint guidance, Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers. This guide aids software manufacturers in establishing secure software deployment processes to help ensure software is reliable and safe for customers. Additionally, it offers guidance on how to deploy in an efficient manner as part of…
iniNet Solutions SpiderControl SCADA PC HMI Editor
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: iniNet Solutions Equipment: SpiderControl SCADA PC HMI Editor Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain remote control of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of iniNet…
Deep Sea Electronics DSE855
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: low attack complexity/public exploits are available Vendor: Deep Sea Electronics Equipment: DSE855 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access stored credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Deep Sea…
VIMESA VHF/FM Transmitter Blue Plus
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: VIMESA Equipment: VHF/FM Transmitter Blue Plus Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a Denial-of-Service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of VIMESA VHF/FM…
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems (ICS) advisories on October 24, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-298-01 VIMESA VHF/FM Transmitter Blue Plus ICSA-24-298-02 iniNet Solutions SpiderControl SCADA PC HMI Editor ICSA-24-298-03 Deep Sea Electronics DSE855 ICSA-24-268-06 OMNTEC Proteus Tank Monitoring (Update A) CISA encourages users…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation, as confirmed by Fortinet. CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. CISA encourages users and administrators to see Fortinet…