Guidance

Read more about the article ICS Advisory: Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks Virtual NGFW

ICS Advisory: Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks Virtual NGFW

  • Post author:
  • Post category:

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack

Continue ReadingICS Advisory: Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks Virtual NGFW
Read more about the article ICS Advisory: Hitachi Energy MACH SCM

ICS Advisory: Hitachi Energy MACH SCM

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: MACH SCM Vulnerabilities: Improper Control of Generation of Code, Improper Neutralization of Directives in Dynamically Evaluated Code 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The

Continue ReadingICS Advisory: Hitachi Energy MACH SCM
Read more about the article ICS Advisory: Multiple Vulnerabilities in Hitachi Energy RTU500 Series

ICS Advisory: Multiple Vulnerabilities in Hitachi Energy RTU500 Series

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 Series Vulnerabilities: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's

Continue ReadingICS Advisory: Multiple Vulnerabilities in Hitachi Energy RTU500 Series
Read more about the article Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms

Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms

  • Post author:
  • Post category:

Today, Cisco released security updates to address ArcaneDoor—exploitation of Cisco Adaptive Security Appliances (ASA) devices and Cisco Firepower Threat Defense (FTD) software. A cyber threat actor could exploit vulnerabilities (CVE-2024-20353, CVE-2024-20359, CVE-2024-20358) to take control of an affected system.  Cisco has reported active exploitation of CVE 2024-20353 and CVE-2024-20359 and CISA has added these vulnerabilities to

Continue ReadingCisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms
Read more about the article CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA Adds Three Known Exploited Vulnerabilities to Catalog

  • Post author:
  • Post category:

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20353 Cisco ASA and FTD Denial of Service Vulnerability CVE-2024-20359 Cisco ASA and FTD Privilege Escalation Vulnerability CVE-2024-4040 CrushFTP VFS Sandbox Escape Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks

Continue ReadingCISA Adds Three Known Exploited Vulnerabilities to Catalog