Search
Close this search box.
Login
Login
Login
Search
Close this search box.

Cyber Security News

CIS Security Advisories

CIS Security News

CISA News

ISACA SmartBrief

RSS Cyber Security Advisories – MS-ISAC
  • A Vulnerability in Fortinet FortiManager Could Allow for Remote Code Execution 2024-10-23
    A vulnerability has been discovered in Fortinet FortiManager which could allow for remote code execution. FortiManager is a network and security management tool that provides centralized management of Fortinet devices from a single console. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. […]
  • Multiple Vulnerabilities in Microsoft Edge (Chromium-based) Could Allow for Arbitrary Code Execution 2024-10-18
    Multiple vulnerabilities have been discovered in Microsoft Edge (Chromium-based), the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then […]
  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2024-10-16
    Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install […]
  • Oracle Quarterly Critical Patches Issued October 15, 2024 2024-10-16
    Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution.
  • Multiple Vulnerabilities in Palo Alto Network’s Expedition Could Allow for Arbitrary Code Execution 2024-10-14
    Multiple Vulnerabilities in Palo Alto Network’s Expedition have been discovered, the most severe of which could allow for arbitrary code execution on Palo Alto Firewalls. Palo Alto Network’s Expedition is a migration tool designed to help organizations move configurations from other firewall platforms to Palo Alto’s PAN-OS. Successful exploitation of these vulnerabilities could allow for […]
  • A Vulnerability in Mozilla Firefox Could Allow for Arbitrary Code Execution 2024-10-10
    A vulnerability has been discovered in Mozilla Firefox which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Successful exploitation could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create […]
  • Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution 2024-10-09
    Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Ivanti EPMM is a mobile device management solution designed to secure mobile devices, apps and content.Ivanti Cloud Service Appliance (CSA) is an Internet appliance that provides secure communication and functionality over the Internet.Ivanti Velocity License Server […]
  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2024-10-08
    Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install […]
  • Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2024-10-08
    Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe is a software that is used for creating and publishing a wide variety of contents including graphics, photography, illustration, animation, multimedia, motion pictures and print.Successful exploitation of the most severe of these vulnerabilities could allow for […]
  • Critical Patches Issued for Microsoft Products, October 8, 2024 2024-10-08
    Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose […]
RSS Blog Feed – Center for Internet Security
RSS ICS Advisories
  • VIMESA VHF/FM Transmitter Blue Plus 2024-10-24
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: VIMESA Equipment: VHF/FM Transmitter Blue Plus Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a Denial-of-Service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of VIMESA VHF/FM […]
    CISA
  • iniNet Solutions SpiderControl SCADA PC HMI Editor 2024-10-24
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: iniNet Solutions Equipment: SpiderControl SCADA PC HMI Editor Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain remote control of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of iniNet […]
    CISA
  • Deep Sea Electronics DSE855 2024-10-24
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: low attack complexity/public exploits are available Vendor: Deep Sea Electronics Equipment: DSE855 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access stored credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Deep Sea […]
    CISA
  • ICONICS and Mitsubishi Electric Products 2024-10-22
    View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite, Mitsubishi Electric MC Works64 Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could result in disclosure of confidential information, data tampering, or a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS […]
    CISA
  • Elvaco M-Bus Metering Gateway CMe3100 2024-10-17
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elvaco Equipment: M-Bus Metering Gateway CMe3100 Vulnerabilities: Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Insufficiently Protected Credentials. 2. RISK EVALUATION Successful exploitation of these vulnerabilities could […]
    CISA
  • LCDS LAquis SCADA 2024-10-17
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to steal cookies, inject arbitrary code, or perform unauthorized actions. 3. TECHNICAL DETAILS […]
    CISA
  • Mitsubishi Electric CNC Series 2024-10-17
    View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: CNC Series Vulnerability: Improper Validation of Specified Quantity in Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service (DoS) condition on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS […]
    CISA
  • HMS Networks EWON FLEXY 202 2024-10-17
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: HMS Networks Equipment: EWON FLEXY 202 Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to sniff and decode credentials that are transmitted using weak encoding techniques. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The […]
    CISA
  • Kieback&Peter DDC4000 Series 2024-10-17
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kieback&Peter Equipment: DDC4000 Series Vulnerabilities: Path Traversal, Insufficiently Protected Credentials, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full administrator rights on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS […]
    CISA
  • Schneider Electric Data Center Expert 2024-10-15
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Data Center Expert Vulnerability: Improper Verification of Cryptographic Signature, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access private data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric […]
    CISA
RSS ISACA SmartBrief on Cybersecurity
Ohio Department of Education & Workforce
MS-ISAC
CIS-Logo
Management Council Logo