Saturday , March 29 2025

CISA Warns to patch Industrial Control Systems Vulnerabilities Immediately

CISA has released three Industrial Control Systems (ICS) advisories on July 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:

ICSA-23-187-01 PiiGAB M-Bus
ICSA-23-187-02 ABUS TVIP
ICSA-23-143-03 Mitsubishi Electric MELSEC Series CPU module (Update A)

FBI investigating cyberattack at Oracle, Bloomberg News reports

The Federal Bureau of Investigation (FBI) is probing the cyberattack at Oracle (ORCL.N), opens new tab that has led to...
Read More
FBI investigating cyberattack at Oracle, Bloomberg News reports

OpenAI Offering $100K Bounties for Critical Vulns

OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
OpenAI Offering $100K Bounties for Critical Vulns

Splunk Alert User RCE and Data Leak Vulns

Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
Splunk Alert User RCE and Data Leak Vulns

CIRT alert Situational Awareness for Eid Holidays

As the Eid holidays near, cybercriminals may try to take advantage of weakened security during this time. The CTI unit...
Read More
CIRT alert Situational Awareness for Eid Holidays

Cyberattack on Malaysian airports: PM rejected $10 million ransom

Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4...
Read More
Cyberattack on Malaysian airports: PM rejected $10 million ransom

Micropatches released for Windows zero-day leaking NTLM hashes

Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...
Read More
Micropatches released for Windows zero-day leaking NTLM hashes

VMware Patches Authentication Bypass Flaw in Windows Tool

On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a...
Read More
VMware Patches Authentication Bypass Flaw in Windows Tool

IngressNightmare
Over 40% of cloud environments are vulnerable to RCE

Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities,...
Read More
IngressNightmare  Over 40% of cloud environments are vulnerable to RCE

(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass

Next.js, a widely used React framework for building full-stack web applications, has fixed a serious security vulnerability. Used by many...
Read More
(CVE-2025-29927)  Urgently Patch Your Next.js for Authorization Bypass

Oracle refutes breach after hacker claims 6 million data theft

A hacker known as “rose87168” claims to have stolen six million records from Oracle Cloud servers. The stolen data includes...
Read More
Oracle refutes breach after hacker claims 6 million data theft

Industrial Control Systems vulnerabilities: PiiGAB M-Bus

These vulnerabilities include:

Code injection (CVE-2023-36859)

Improper restriction of authentication attempts (CVE-2023-33868)

Unprotected transport of credentials (CVE-2023-31277)

Use of hard-coded credentials (CVE-2023-35987)

Plaintext storage of passwords (CVE-2023-35765)

Cross-site scripting (CVE-2023-32652)

Weak password requirements (CVE-2023-34995)

Use of weak password hash (CVE-2023-34433)

Cross-site request forgery (CVE-2023-35120)

Industrial Control Systems vulnerabilities: ABUS TVIP

ABUS, a vendor of security camera systems, has identified vulnerability in their ABUS TVIP indoor security camera that could allow remote attackers to execute arbitrary code. The vulnerability, known as command injection, occurs when an attacker is able to inject malicious code into a system by exploiting a flaw in the application’s input validation. In this case, the vulnerability exists in a specific field of the camera’s configuration.

Once the attacker has successfully injected the malicious code, they can then execute it on the system, which could lead to a variety of consequences, such as arbitrary file reads or remote code execution. The severity of this vulnerability is rated as moderate, and public exploits are available. ABUS has released a patch for the vulnerability, and users are advised to update their cameras as soon as possible.

ICS vulnerabilities: Mitsubishi Electric MELSEC Series CPU Module

Mitsubishi Electric has released a firmware update to address vulnerability in their MELSEC Series CPU modules. The vulnerability, tracked as CVE-2023-1424, is a classic buffer overflow that could allow a remote attacker to cause a denial-of-service condition or execute malicious code.

The vulnerability exists due to inadequate input size checks in the affected modules. An attacker could exploit this vulnerability by sending specially crafted packets to the affected modules. If successful, the attacker could cause a denial-of-service condition or execute malicious code on the affected system.

Mitsubishi Electric has released firmware updates to address this vulnerability. Users are advised to update their firmware as soon as possible.

 

Check Also

VMware

VMware Patches Authentication Bypass Flaw in Windows Tool

On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools …

Leave a Reply

Your email address will not be published. Required fields are marked *