Thursday, July 19, 2018

ABB Panel Builder 800

This advisory includes mitigation recommendations for an improper input validation vulnerability in the ABB Panel Builder 800.

WAGO e!DISPLAY Web-Based-Management

This advisory includes mitigation recommendations for cross-site scripting, unrestricted upload of file with dangerous type, and incorrect permissions for critical resource vulnerabilities in WAGO's e!DISPLAY web-based-management system.

PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client

This advisory includes mitigation recommendations for an improper authentication vulnerability in the PEPPERL+FUCHS VisuNet RM, VisuNet PC, Box Thin Client.

Eaton 9000X Drive

This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in the Eaton 9000X Drive.

Universal Robots Robot Controllers

This advisory includes mitigation recommendations for use of hard-coded credentials and missing authentication for critical function vulnerabilities reported in the Universal Robots Robot Controllers.

Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect

This advisory includes mitigations for incorrect default permissions, XXE, and resource exhaustion vulnerabilities in Schweitzer Engineering's Compass and AcSELerator software.

Rockwell Automation Allen-Bradley Stratix 5950

This advisory includes mitigations for improper input validation, improper certificate validation, and resource management error vulnerabilities in the Allen-Bradley Stratix 5950 security appliance.

Medtronic MyCareLink Patient Monitor

This advisory includes mitigation recommendations for hard-coded password and exposed dangerous method or function vulnerabilities reported in Medtronic's MyCareLink Patient Monitors.

Delta Electronics Delta Industrial Automation COMMGR

This advisory includes mitigations for a stack-based buffer overflow vulnerability in the Delta Electronics Delta Industrial Automation COMMGR software.

Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix

This advisory includes mitigation recommendations for an improper input validation vulnerability reported in Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix controllers.

Natus Xltek NeuroWorks

This medical device advisory includes mitigations for stack-based buffer overflow and out-of-bounds read vulnerabilities in the Natus Xltek NeuroWorks software.

Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C

This advisory includes mitigation recommendations for a permissions, privileges, and access controls vulnerability reported in Siemens SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C.

Schneider Electric U.motion Builder

This advisory includes mitigations for a command injection, cross-site scripting, and improper input validation vulnerabilities in the Schneider Electric U.motion Builder software.

Siemens SCALANCE X Switches

This advisory includes mitigation recommendations for a cross-site scripting vulnerability reported in Siemens SCALANCE X switches.

Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway

This advisory contains mitigation recommendations for an unquoted search path or element vulnerability in the Rockwell Automation RSLinix Classic software platform.

Philips' IntelliVue Patient and Avalon Fetal Monitors

This medical device advisory includes mitigations for improper authentication, information exposure, and stack-based buffer overflow vulnerabilities in Philips' Intellivue and Avalon monitors.

ABB IP Gateway

This advisory contains mitigation recommendations for improper authentication, cross-site request forgery, and unprotected storage of credentials vulnerabilities in the ABB IP Gateway building management system.

Delta Industrial Automation DOPSoft

This advisory contains mitigation recommendations for out-of-bounds read, heap-based buffer overflow, and stack-based buffer overflow vulnerabilities discovered in the Delta Industrial Automation DOPSoft HIM editing software.

GE MDS PulseNET and MDS PulseNET Enterprise

This advisory includes mitigations for improper authentication, improper restriction of XML external entity reference ('XXE'), and relative path traversal vulnerabilities in General Electric's MDS PulseNET products.

Yokogawa STARDOM Controllers

This advisory includes mitigations for a hard-coded credentials vulnerability in the Yokogawa STARDOM Controller products.

Why the Best Defense Is a Good Offensive Security Strategy

When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

Google hit with $5.1b fine in EU’s Android antitrust case

This could mean the end of free Android. In the meantime, Google plans to appeal.

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

IDG Contributor Network: Hack like a CISO

I have written several times over the last couple of years about how the role of today’s CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as...

Cisco patches critical vulnerabilities in Policy Suite

One of the worst security flaws permits attackers to act as root and execute arbitrary code.