Summary A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform a ..read more

1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerability: Truncation of Security-relevant Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to bypass integrity checks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens are affected: RUGGEDCOM APE1808: All versions 3.2 Vulnerability Overview 3.2.1 TRUNCATION OF SECURITY-RELEVANT INFORMATION CWE-222 The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and ..read more

1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC WinCC Vulnerability: Exposure of Private Personal Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to retrieve information such as users and passwords. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following versions of SIMATIC WinCC are affected: Siemens SIMATIC PCS 7 V9.1: all versions Siemens SIMATIC WinCC Runtime Professional V18: all versions Siemens SIMATIC WinCC Run ..read more

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, iQ-L Series and MELIPC Series Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in the module’s ethernet communication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports this vulnerability affects the following MELSEC iQ-R, iQ-L series CPU module, and MELIPC series: MELSEC iQ-R Series R00CPU: firmwa ..read more

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE XM-400/XR-500 Vulnerabilities: Inadequate Encryption Strength, Double Free, Use-After-Free, Improper Input Validation, Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a memory leak or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products, are affected: Siemens SCALANCE XM408-4C (6GK5408-4GP00-2AM2): All versions prior to V6.6.1 Siemens SCALANC ..read more

1. EXECUTIVE SUMMARY CVSS v4 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix Applications Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation requires to guess the identification of a target role which contains the elevated access rights. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products, are affected: Siemens Mendix Applications using Mendix 9: Versions prior to V9.24.22 and after V9.3.0 Siemens Mendix Applications using Mendix 10: Versions prior to V10.11.0 Siemens Mendix Applications using Mendix 10 (V10.6 ..read more

Summary Multiple vulnerabilities in the Cisco Crosswork Network Services Orchestrator (NSO) CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com ..read more

Notice The information in this document is subject to change without notice, and should not be construed as a commitment by ABB. ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or s ..read more

12 March 2024 Overview Schneider Electric is aware of multiple vulnerabilities in its Easergy T200 products. The Easergy T200 RTU Product Line (T200I, T200E, T200P) is a modular platform for medium voltage and low voltage public distribution network management. Note, this product has been obsoleted since December 31st, 2021, and is no longer available for purchase. Failure to apply the remediations provided below may allow a brute force attack, which could result in unauthorized data access, and/or compromise of the device Affected Products and Models Vulnerability Details CVE ID: CVE-2024-20 ..read more

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks: An actively exploited vulnerability in Contec’s SolarView solar power monitoring product poses a significant threat to energy organizations, potentially exposing them to attacks. This news item highlights the vulnerability, its impact on the affected organizations, and the need for immediate action to mitigate the risks. Actively exploited solar power product vulnerability: Contec’s SolarView solar power monitoring product has a vulnerability that is actively being exploited, putting hundreds of ene ..read more