#CriticalFlaws

ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others

December 11, 2024 by Xynik

December 11, 2024 at 06:34AM The December 2024 ICS Patch Tuesday featured advisories from CISA and several industrial companies, notably Schneider Electric and Siemens. Significant vulnerabilities were reported, including critical flaws in Modicon controllers and high-severity issues in various products, prompting numerous patches and mitigations for affected systems. Rockwell Automation and Phoenix Contact also released … Read more

Adobe Patches Over 160 Vulnerabilities Across 16 Products

December 10, 2024 by Xynik

December 10, 2024 at 02:05PM Adobe’s December 2024 Patch Tuesday updates addressed over 160 vulnerabilities across 16 products, notably Adobe Experience Manager and Adobe Animate. The patches include medium to critical severity issues, particularly concerning arbitrary code execution. While no known exploits exist, users are urged to apply the updates promptly for security. ### Meeting … Read more

Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

November 28, 2024 by Xynik

November 28, 2024 at 12:27PM Advantech EKI wireless access points have 20 disclosed vulnerabilities, including six critical ones that allow unauthenticated remote code execution and potential backdoor access. Recent firmware updates address these issues, but attackers can exploit them via physical proximity and rogue access points. Vulnerabilities could lead to significant network breaches and data … Read more

Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities

September 24, 2024 by Xynik

September 24, 2024 at 02:24PM Cybersecurity warnings about vulnerabilities in automatic tank gauge (ATG) systems persist nearly a decade later, with critical security holes found in widely-deployed devices across various industries. Bitsight’s analysis revealed 10 vulnerabilities, with the potential for remote hacking leading to physical damage and financial theft. Despite their findings, the number of … Read more

D-Link Patches Critical Router Vulnerabilities

September 17, 2024 by Xynik

September 17, 2024 at 10:21AM D-Link announced patches for critical vulnerabilities in wireless routers, including stack-based buffer overflow flaws and hardcoded credentials that could lead to remote code execution. The issues impact COVR-X1870, DIR-X5460, and DIR-X4860 models, with fixes released on September 13. D-Link urges researchers not to disclose vulnerabilities before patches are available. Meeting … Read more

Adobe Patches Critical, Code Execution Flaws in Multiple Products

September 10, 2024 by Xynik

September 10, 2024 at 12:57PM Adobe released patches for 28 security vulnerabilities across its products, warning of code execution attacks on both Windows and macOS systems. The most pressing issue affects Acrobat and PDF Reader, with two memory corruption vulnerabilities allowing arbitrary code execution. A critical Adobe ColdFusion flaw (CVE-2024-41874) with a severity score of … Read more

Veeam warns of critical RCE flaw in Backup & Replication software

September 5, 2024 by Xynik

September 5, 2024 at 10:23AM Veeam has released a security bulletin addressing 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and ONE. The most severe is a remote code execution vulnerability on Veeam Backup & Replication, posing a high risk of ransomware exploitation. Multiple critical vulnerabilities have also been … Read more

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

June 18, 2024 by Xynik

June 18, 2024 at 04:33AM VMware has issued updates to fix critical vulnerabilities affecting Cloud Foundation, vCenter Server, and vSphere ESXi. These flaws could lead to privilege escalation and remote code execution. The vulnerabilities include heap-overflow flaws and local privilege escalation issues. While there are no known active exploits, users are urged to promptly apply … Read more

Germany warns of 17K vulnerable Microsoft Exchange servers exposed online

March 26, 2024 by Xynik

March 26, 2024 at 03:26PM The German national cybersecurity authority warned that 17,000 Microsoft Exchange servers in Germany are exposed and vulnerable to critical security flaws. Approximately 45,000 servers have Outlook Web Access enabled, with 12% using outdated versions. The BSI advised updating to secure versions, installing security updates, and restricting access to web-based services. … Read more

Microsoft’s March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws

March 13, 2024 by Xynik

March 13, 2024 at 02:03AM Microsoft released a monthly security update addressing 61 vulnerabilities, including 2 critical issues in Windows Hyper-V with potential for denial-of-service and remote code execution. None of the flaws were publicly known or under active attack, but updates were also made to the Chromium-based Edge browser. Other vendors have also released … Read more