Security Flaws & Fixes - W/E - 072018
Analysis of Russia's Vuln Database Finds Deep Focus, Few Publications of Bugs (07/16/2018)
Recorded Future assessed vulnerabilities published by the Federal Service for Technical and Export Control of Russia (FSTEC) and learned that Russia's vulnerability database is highly focused, incomplete, and slow. FSTEC is the military organization responsible for protecting state secrets and supporting counterintelligence and counterespionage operations and it runs Russia's vulnerability database. Generally, Russia publishes only 10% of known vulnerabilities, is on average 83 days slower than China's National Vulnerability Database (NVD), 50 days slower than the US NVD, and incomplete in the few technologies it does cover.
Recorded Future assessed vulnerabilities published by the Federal Service for Technical and Export Control of Russia (FSTEC) and learned that Russia's vulnerability database is highly focused, incomplete, and slow. FSTEC is the military organization responsible for protecting state secrets and supporting counterintelligence and counterespionage operations and it runs Russia's vulnerability database. Generally, Russia publishes only 10% of known vulnerabilities, is on average 83 days slower than China's National Vulnerability Database (NVD), 50 days slower than the US NVD, and incomplete in the few technologies it does cover.
Cisco Advises on Multiple Vulnerabilities (07/18/2018)
Cisco has issued multiple advisories to address security issues across its product lines. Among the most severe issues are four critical vulnerabilities in the vendor's Policy Suite. Cisco posted the advisories on July 18 and recommends that users immediately update their products.
Cisco has issued multiple advisories to address security issues across its product lines. Among the most severe issues are four critical vulnerabilities in the vendor's Policy Suite. Cisco posted the advisories on July 18 and recommends that users immediately update their products.
Eaton 9000X Drive Vulnerable to Stack-Based Overflow (07/16/2018)
A stack-based overflow bug in Eaton's 9000X Drive can be exploited to allow for a remote code execution, the ICS-CERT has warned. Eaton has issued an update.
A stack-based overflow bug in Eaton's 9000X Drive can be exploited to allow for a remote code execution, the ICS-CERT has warned. Eaton has issued an update.
Improper Input Bug Affecting ABB Panel Builder 800 (07/17/2018)
ABB's Panel Builder 800 is vulnerable to an improper input validation, according to an ICS-CERT advisory. All versions are affected. The advisory offers recommended security practices for mitigation purposes.
ABB's Panel Builder 800 is vulnerable to an improper input validation, according to an ICS-CERT advisory. All versions are affected. The advisory offers recommended security practices for mitigation purposes.
Juniper Networks Issues Security Bulletins (07/16/2018)
Juniper Networks released multiple bulletins to address vulnerabilities across its product lines. The bulletins focus on vulnerabilities in Juno OS and Contrail Service Orchestration.
Juniper Networks released multiple bulletins to address vulnerabilities across its product lines. The bulletins focus on vulnerabilities in Juno OS and Contrail Service Orchestration.
Multiple Products from PEPPERL+FUCHS Plagued by Improper Authentication (07/17/2018)
An improper authentication vulnerability exists in VisuNet RM, VisuNet PC, and Box Thin Client from PEPPERL+FUCHS. Mitigation techniques are listed in an ICS-CERT's advisory.
An improper authentication vulnerability exists in VisuNet RM, VisuNet PC, and Box Thin Client from PEPPERL+FUCHS. Mitigation techniques are listed in an ICS-CERT's advisory.
Oracle Boots 334 Bugs Across Multiple Product Lines (07/17/2018)
Oracle's Critical Patch Update, which was issued on July 17, resolves 334 vulnerabilities across multiple product portfolios. The massive bulletin contains fixes for, among other products, MySQL, Fusion Middleware, Java SE, retail applications, financial services applications, and supply chain products.
Oracle's Critical Patch Update, which was issued on July 17, resolves 334 vulnerabilities across multiple product portfolios. The massive bulletin contains fixes for, among other products, MySQL, Fusion Middleware, Java SE, retail applications, financial services applications, and supply chain products.
Siemens Assessing Products for Vulnerabilities to New Spectre, Meltdown Variants (07/18/2018)
In an updated advisory, Siemens has advised that it is assessing its products to see if they are vulnerable to the newest versions of the zero-day Meltdown and Spectre vulnerabilities known as LazyFP and Spectre 1.1.
In an updated advisory, Siemens has advised that it is assessing its products to see if they are vulnerable to the newest versions of the zero-day Meltdown and Spectre vulnerabilities known as LazyFP and Spectre 1.1.
VPNFilter Malware Can Still Afflict Home Routers (07/17/2018)
Trend Micro has analyzed the VPNFilter malware that has infected over a half million devices across 54 countries including those from Linksys and Netgear. While scanning the Internet for vulnerable devices, Trend Micro noted that 34% of home networks scanned between June 1 and July 12 had at least one device with a known vulnerability and that 9% of vulnerable devices can be exploited by VPNFilter.
Trend Micro has analyzed the VPNFilter malware that has infected over a half million devices across 54 countries including those from Linksys and Netgear. While scanning the Internet for vulnerable devices, Trend Micro noted that 34% of home networks scanned between June 1 and July 12 had at least one device with a known vulnerability and that 9% of vulnerable devices can be exploited by VPNFilter.
WAGO e!DISPLAY Web-Based-Management Has Multiple Bugs (07/17/2018)
Multiple vulnerabilities were found in WAGO's e!DISPLAY Web-Based-Management and are detailed in an advisory from the ICS-CERT. WAGO recommends affected users update to the latest firmware (FW 02).
Multiple vulnerabilities were found in WAGO's e!DISPLAY Web-Based-Management and are detailed in an advisory from the ICS-CERT. WAGO recommends affected users update to the latest firmware (FW 02).