Post Content Read more

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-31200 Apple Multiple Products Memory Corruption Vulnerability CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability CVE-2025-24054 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: GX10, GX20, GP10, GP20, GM Data Acquisition System, DX1000, DX2000, DX1000N, FX1000, μR10000, μR20000, MW100, DX1000T, DX2000T, CX1000, CX2000 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate… Read more

CISA released six Industrial Control Systems (ICS) advisories on April 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-107-01 Schneider Electric Trio Q Licensed Data Radio ICSA-25-107-02 Schneider Electric Sage Series ICSA-25-107-03 Schneider Electric ConneXium Network Manager ICSA-25-107-04 Yokogawa Recorder Products ICSA-24-326-04 Schneider Electric Modicon M340, MC80,… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.4 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Trio Q Licensed Data Radio Vulnerabilities: Insecure Storage of Sensitive Information, Initialization of a Resource with an Insecure Default 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access confidential information, compromise the integrity, or… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: ConneXium Network Manager Vulnerabilities: Files or Directories Accessible to External Parties, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access sensitive data, escalate privileges, or perform remote code execution. 3.… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Sage series Vulnerabilities: Out-of-bounds Write, Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Incorrect Default Permissions, Unchecked Return Value, Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’), Out-of-bounds Read 2. RISK EVALUATION Successful… Read more

CISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals, particularly where credential material may be exposed, reused across separate, unaffiliated systems, or embedded (i.e., hardcoded into scripts, applications,… Read more

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-20035 SonicWall SMA100 Appliances OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Lantronix Equipment: Xport Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker unauthorized access to the configuration interface and cause disruption to monitoring and operations. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The… Read more