Our news
Franklin Fueling Systems TS-550 EVO
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Franklin Fueling Systems Equipment: TS-550 EVO Automatic Tank Gauge Vulnerability: Absolute Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability allow an attacker to gain administrative access over the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Franklin…
OMNTEC Proteus Tank Monitoring
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: OMNTEC Mfg., Inc. Equipment: Proteus Tank Monitoring Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform administrative actions without proper authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version…
Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229
Versa Networks has released an advisory for a vulnerability (CVE-2024-45229) affecting Versa Director. A cyber threat actor could exploit this vulnerability to exercise unauthorized REST APIs. CISA urges organizations to apply necessary updates, hunt for any malicious activity, report any positive findings to CISA, and review the following for more information: Versa Advisory
Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance
Ivanti has released a security update to address an admin bypass vulnerability (CVE-2024-8963) affecting Ivanti Cloud Services Appliance (CSA) version 4.6. A cyber threat actor could exploit this vulnerability in conjunction with CVE-2024-8190–detailed in a Sept. 13 Ivanti security advisory–to take control of an affected system. This vulnerability impacts all versions prior to patch 519.…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8963 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk…
VMware Releases Security Advisory for VMware Cloud Foundation and vCenter Server
VMware released a security advisory addressing vulnerabilities in the VMware Cloud Foundation and the vCenter Server. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following VMware security advisory and apply the necessary updates: VCDSA24968
Rockwell Automation RSLogix 5 and RSLogix 500
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable locally/high attack complexity Vendor: Rockwell Automation Equipment: RSLogix 5 and RSLogix 500 Vulnerability: Insufficient verification of data authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of…
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems (ICS) advisories on September 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-263-01 Rockwell Automation RSLogix 5 and RSLogix 500 ICSA-24-263-02 IDEC PLCs ICSA-24-263-03 IDEC CORPORATION WindLDR and WindO/I-NV4 ICSA-24-263-04 MegaSys Computer Technologies Telenium Online Web Application ICSA-24-263-05 Kastle Systems Access…
IDEC CORPORATION WindLDR and WindO/I-NV4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: IDEC Corporation Equipment: WindLDR, WindO/I-NV4 Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of WindLDR and WindO/I-NV4 are affected: WindLDR:…
Kastle Systems Access Control System
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kastle Systems Equipment: Access Control System Vulnerabilities: Use of Hard-coded Credentials, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information on the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED…