Category: Uncategorized

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity… Read more

CISA released nine Industrial Control Systems (ICS) advisories on April 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-102-01 Siemens SIMATIC S7-1500 ICSA-24-102-02 Siemens SIMATIC WinCC ICSA-24-102-03 Siemens RUGGEDCOM APE1808 before V11.0.1 ICSA-24-102-04 Siemens RUGGEDCOM APE1808 ICSA-24-102-05 Siemens Scalance W1750D ICSA-24-102-06 Siemens Parasolid ICSA-24-102-07 Siemens SINEC NMS… Read more

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack… Read more

CISA is collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense, a company that provides data analytics services. CISA urges Sisense customers to: Reset credentials and secrets potentially exposed to, or used to access, Sisense services.  Investigate—and report to CISA—any suspicious activity involving credentials potentially exposed… Read more

Post Content Read more

Adobe has released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following Adobe Security Bulletins and apply the necessary updates:   Adobe After Effects Adobe Photoshop Adobe Commerce and Magento… Read more

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   Users and administrators are encouraged to review the following and apply the necessary updates:   Microsoft Security Update Guide for April Read more

Fortinet released security updates to address vulnerabilities in multiple products, including OS and FortiProxy. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply necessary updates:    FR-IR-23-345 FortiClientMac – Lack of configuration file validation FG-IR-23-493… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Low attack complexity Vendor: SUBNET Solutions Inc. Equipment: PowerSYSTEM Server, Substation Server 2021 Vulnerabilities: Reliance on Insufficiently Trustworthy Component 2. RISK EVALUATION Successful exploitation of the vulnerabilities in components used by PowerSYSTEM Server 2021 and Substation Server 2021 could allow privilege escalation, denial of service, or… Read more

CISA released one Industrial Control Systems (ICS) advisory on April 9, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-100-01 SUBNET PowerSYSTEM Server and Substation Server CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations. Read more