Saturday , April 19 2025

CISA Warns to patch Industrial Control Systems Vulnerabilities Immediately

CISA has released three Industrial Control Systems (ICS) advisories on July 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:

ICSA-23-187-01 PiiGAB M-Bus
ICSA-23-187-02 ABUS TVIP
ICSA-23-143-03 Mitsubishi Electric MELSEC Series CPU module (Update A)

CVE-2025-2492
ASUS warns of critical auth bypass flaw in routers

Hackers can exploit a vulnerability in Asus routers to execute unauthorized functions. This serious issue, rated 9.2 out of 10,...
Read More
CVE-2025-2492  ASUS warns of critical auth bypass flaw in routers

16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia

According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called "symlink". This number...
Read More
16,000+  Fortinet devices compromised with symlink backdoor, Mostly in Asia

Patch now! Critical Erlang/OTP SSH Vuln Allows UCE

A critical security flaw has been found in the Erlang/Open Telecom Platform (OTP) SSH implementation, allowing an attacker to run...
Read More
Patch now! Critical Erlang/OTP SSH Vuln Allows UCE

CISA warns of increasing risk tied to Oracle legacy Cloud leak

On Wednesday, CISA alerted about increased breach risks due to the earlier compromise of legacy Oracle Cloud servers, emphasizing the...
Read More
CISA warns of increasing risk tied to Oracle legacy Cloud leak

CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App

Cisco issued a security advisory about a serious vulnerability in its Webex App that allows unauthenticated remote code execution (RCE)...
Read More
CVE-2025-20236  Cisco Patches Unauthenticated RCE Flaw in Webex App

Apple released emergency security updates for 2 zero-day vulns

On Wednesday, Apple released urgent operating system updates to address two security vulnerabilities that had already been exploited in highly...
Read More
Apple released emergency security updates for 2 zero-day vulns

Oracle Released Patched for 378 flaws for April 2025

On April 15, 2025, Oracle released a Critical Patch Update for 378 flaws for its products. The patch update covers...
Read More
Oracle Released Patched for 378 flaws for April 2025

CVE-2025-24054
Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild

Check Point Research warns of the active exploitation of a new vulnerability, CVE-2025-24054, which lets hackers leak NTLMv2-SSP hashes using...
Read More
CVE-2025-24054  Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild

Bengaluru firm got ransomware attack, Hacker demanded $70,000

Bengaluru's Whiteboard Technologies Pvt Ltd was hit by a ransomware attack, with hackers demanding a ransom of up to $70,000...
Read More
Bengaluru firm got ransomware attack, Hacker demanded $70,000

MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today

MITRE Vice President Yosry Barsoum warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness...
Read More
MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today

Industrial Control Systems vulnerabilities: PiiGAB M-Bus

These vulnerabilities include:

Code injection (CVE-2023-36859)

Improper restriction of authentication attempts (CVE-2023-33868)

Unprotected transport of credentials (CVE-2023-31277)

Use of hard-coded credentials (CVE-2023-35987)

Plaintext storage of passwords (CVE-2023-35765)

Cross-site scripting (CVE-2023-32652)

Weak password requirements (CVE-2023-34995)

Use of weak password hash (CVE-2023-34433)

Cross-site request forgery (CVE-2023-35120)

Industrial Control Systems vulnerabilities: ABUS TVIP

ABUS, a vendor of security camera systems, has identified vulnerability in their ABUS TVIP indoor security camera that could allow remote attackers to execute arbitrary code. The vulnerability, known as command injection, occurs when an attacker is able to inject malicious code into a system by exploiting a flaw in the application’s input validation. In this case, the vulnerability exists in a specific field of the camera’s configuration.

Once the attacker has successfully injected the malicious code, they can then execute it on the system, which could lead to a variety of consequences, such as arbitrary file reads or remote code execution. The severity of this vulnerability is rated as moderate, and public exploits are available. ABUS has released a patch for the vulnerability, and users are advised to update their cameras as soon as possible.

ICS vulnerabilities: Mitsubishi Electric MELSEC Series CPU Module

Mitsubishi Electric has released a firmware update to address vulnerability in their MELSEC Series CPU modules. The vulnerability, tracked as CVE-2023-1424, is a classic buffer overflow that could allow a remote attacker to cause a denial-of-service condition or execute malicious code.

The vulnerability exists due to inadequate input size checks in the affected modules. An attacker could exploit this vulnerability by sending specially crafted packets to the affected modules. If successful, the attacker could cause a denial-of-service condition or execute malicious code on the affected system.

Mitsubishi Electric has released firmware updates to address this vulnerability. Users are advised to update their firmware as soon as possible.

 

Check Also

CISA warns of increasing risk tied to Oracle legacy Cloud leak

On Wednesday, CISA alerted about increased breach risks due to the earlier compromise of legacy …

Leave a Reply

Your email address will not be published. Required fields are marked *