Bulletins

1. EXECUTIVE SUMMARY CVSS v3.1 6.8 ATTENTION : Exploitable remotely Vendor : Mitsubishi Electric Equipment : MELSEC-Q Series CPU module Vulnerability : Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial of service (DoS). 3. TECHNICAL DETAILS …

1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Low attack complexity Vendor : Viessmann Equipment : Vitogate 300 Vulnerabilities : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Client-Side Enforcement of Server-Side Security 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker …

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Low Attack Complexity Vendor : Schneider Electric Equipment : SESU Vulnerability : Improper Link Resolution Before File Access ('Link Following') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary data to protected locations, potentially leading …

1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : AutomationDirect Equipment : CLICK PLUS Vulnerabilities : Cleartext Storage of Sensitive Information, Use of Hard-coded Cryptographic Key, Use of a Broken or Risky Cryptographic Algorithm, Predictable Seed in Pseudo-Random Number Generator, Improper Resource Shutdown or Release, …

Advisory at a Glance Executive Summary CISA began incident response efforts at a U.S. federal civilian executive branch (FCEB) agency following the detection of potential malicious activity identified through security alerts generated by the agency’s endpoint detection and response (EDR) tool. CISA identified three lessons learned from the engagement that …

1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Cognex Equipment : In-Sight Explorer, In-Sight Camera Firmware Vulnerabilities : Use of Hard-coded Password, Cleartext Transmission of Sensitive Information, Incorrect Default Permissions, Improper Restriction of Excessive Authentication Attempts, Incorrect Permission Assignment for Critical Resource, Authentication Bypass …

1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION : Exploitable remotely Vendor : Westermo Network Technologies Equipment : WeOS 5 Vulnerability : Improper Validation of Syntactic Correctness of Input 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the device to reboot. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Westermo reports …