Our news

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Motorola Solutions Equipment: Vigilant Fixed LPR Coms Box (BCAV1F2-C600) Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Cleartext Storage in a File or on Disk, Use of Hard-coded Credentials, Insufficiently Protected Credentials, Missing Encryption of Sensitive Data, Authentication Bypass by…

READ MORE →

CISA released twenty Industrial Control Systems (ICS) advisories on June 13, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-165-01 Siemens Mendix Applications ICSA-24-165-02 Siemens SIMATIC S7-200 SMART Devices ICSA-24-165-03 Siemens TIA Administrator ICSA-24-165-04 Siemens ST7 ScadaConnect ICSA-24-165-05 Siemens SITOP UPS1600 ICSA-24-165-06 Siemens TIM 1531 IRC ICSA-24-165-07 Siemens…

READ MORE →

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4610 ARM Mali GPU Kernel Driver Use-After-Free Vulnerability CVE-2024-4577 PHP-CGI OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD)…

READ MORE →

Impersonation scams are on the rise and often use the names and titles of government employees. The Cybersecurity and Infrastructure Security Agency (CISA) is aware of recent impersonation scammers claiming to represent the agency. As a reminder, CISA staff will never contact you with a request to wire money, cash, cryptocurrency, or use gift cards…

READ MORE →

 Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   Users and administrators are encouraged to review the following advisory and apply the necessary updates:   Microsoft Security Update Guide for June

READ MORE →

Fortinet has released security updates to address a vulnerability in FortiOS. A cyber threat actor could exploit this vulnerability to take control of an affected system.    Users and administrators are encouraged to review the following Fortinet Security Bulletin and apply the necessary updates:   FG-IR-23-460: Multiple Buffer Overflows in Diag Npu Command

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Improper Authorization in Handler for Custom URL Scheme, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to both retrieve and plant medical image files on a victim’s system and…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Intrado Equipment: 911 Emergency Gateway (EGW) Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code, exfiltrate data, or manipulate the database. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, CompactLogix Vulnerability: Always-Incorrect Control Flow Implementation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise the availability of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the following controllers are affected: ControlLogix…

READ MORE →

CISA released six Industrial Control Systems (ICS) advisories on June 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-163-01 Rockwell Automation ControlLogix, GuardLogix, and CompactLogix ICSA-24-163-02 AVEVA PI Web API ICSA-24-163-03 AVEVA PI Asset Framework Client ICSA-24-163-04 Intrado 911 Emergency Gateway ICSA-23-108-02 Schneider Electric APC Easy UPS…

READ MORE →