CVE-2022-4286

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: B&R Industrial Automation Equipment: Systems Diagnostics Manager (SDM) Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code to exfiltrate data and perform any action within the user’s browser session. 3. TECHNICAL DETAILS 3.1 AFFECTED…

Read More

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-5741 Plex Media Server Remote Code Execution Vulnerability CVE-2021-39144 XStream Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in…

Read More

Fortinet Releases March 2023 Vulnerability Advisories

Fortinet has released its March 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review the Fortinet March 2023 Vulnerability Advisories page for more information and apply the necessary updates. Please share your thoughts. We recently…

Read More

Cisco Releases Security Advisory for IOS XR Software

Cisco has released a security advisory for a vulnerability affecting IOS XR Software for ASR 9000 Series Routers. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.    CISA encourages users and administrators to review the following advisory and apply…

Read More

CISA Releases Three Industrial Control Systems Advisories

CISA released three Industrial Control Systems (ICS) advisories on February 28, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.      CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:   ICSA-23-059-01 Hitachi Energy Gateway Station ICSA-23-059-02 Hitachi Energy Gateway…

Read More

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems (ICS) advisories on March 2, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.      CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:   ICSA-23-061-01 Mitsubishi Electric MELSEC Series ICSA-23-061-02 Baicells Nova ICSA-23-061-03…

Read More

Baicells Nova

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Baicells  Equipment: Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430  Vulnerability: Command injection  2. RISK EVALUATION Successful exploitation of this vulnerability could allow commands performed using pre-login execution and with root permissions.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Baicells reports this vulnerability…

Read More

Cisco Releases Security Advisory for Cisco IP Phones

Cisco has released a security advisory for vulnerabilities affecting the 6800, 7800, 7900, and 8800 Series of Cisco IP Phones. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the…

Read More

Rittal CMC III Access systems

1. EXECUTIVE SUMMARY CVSS v3 4.8 Vendor: Rittal  Equipment: CMC III  Vulnerability: Improper Access Control  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to open control cabinets secured with Rittal locks.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rittal reports this vulnerability affects the following control cabinet locks:   CMC III  3.2…

Read More

Mitsubishi Electric MELSEC iQ-F Series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Mitsubishi Electric   Equipment: MELSEC iQ-F Series  Vulnerability: Plaintext Storage of a Password  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated malicious actor to login to a file transfer protocol (FTP) server or web server by obtaining plaintext credentials…

Read More