Tuesday, September 25, 2018
DHS

Tec4Data SmartCooler

This advisory includes mitigations for a missing authentication for critical function vulnerability in Tec4Data's SmartCooler, a cooling appliance.
DHS

Rockwell Automation RSLinx Classic

This advisory includes mitigations for stack-based buffer overflow, heap-based buffer overflow, and resource exhaustion vulnerabilities in Rockwell Automation’s RSLinx Classic.
DHS

WECON PLC Editor

This advisory includes mitigations for a stack-based buffer overflow vulnerability in WECON’s PLC Editor, a ladder logic software.
DHS

Honeywell Mobile Computers with Android Operating Systems

This advisory includes mitigations for an improper privilege management vulnerability in the Honeywell mobile computers running the Android Operating System.
DHS

Fuji Electric V-Server

This advisory includes mitigations for use-after free, untrusted pointer dereference, heap-based buffer overflow, out-of-bounds write, integer underflow, out-of-bounds read, and stack-based buffer overflow vulnerabilities in the Fuji Electric V-Server software.
DHS

Fuji Electric V-Server Lite

This advisory includes mitigation recommendations for a classic buffer overflow vulnerability in Fuji Electric's V-Server Lite, a data collection and management service.
DHS

Siemens TD Keypad Designer

This advisory includes mitigation recommendations for an uncontrolled search path element vulnerability in Siemens' TD Keypad Designer.
DHS

Siemens SIMATIC WinCC OA

This advisory includes mitigation recommendations for an improper access control vulnerability in Siemens' SIMATIC WinCC OA.
DHS

Siemens SCALANCE X Switches

This advisory includes mitigation recommendations for an improper input validation vulnerability in Siemens' SCALANCE X switches used to connect industrial components like PLCs or HMIs.
DHS

Ice Qube Thermal Management Center

This advisory includes mitigation recommendations for improper authentication and unprotected storage of credentials vulnerabilities in Ice Qube's Thermal Management Center, an environmental software management platform.
DHS

Opto22 PAC Control Basic and PAC Control Professional

This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in Opto22's PAC Control software.
DHS

Philips e-Alert Unit

This advisory includes mitigation recommendations for numerous vulnerabilities in Phillips' e-Alert Unit, a non-medical device.
DHS

Qualcomm Life Capsule

This advisory includes mitigations for a code weakness vulnerability in the Qualcomm Life Capsule Datacaptor Terminal Server software.
DHS

Schneider Electric Modicon M221

This advisory includes mitigation recommendations for information management errors, and permissions, privileges, and access controls vulnerabilities in Schneider Electric's Modicon 221 programmable logic controller.
DHS

Schneider Electric Modicon M221

This advisory includes mitigation recommendations for an improper check for unusual or exceptional conditions vulnerability in Schneider Electric’s Modicon M221 programmable logic controller.
DHS

Schneider Electric PowerLogic PM5560

This advisory includes mitigation recommendations for a cross-site scripting vulnerability in Schneider Electric's PowerLogic PM5560 power management system.
DHS

ABB eSOMS

This advisory includes mitigation recommendations for an improper authentication vulnerability in ABB’s eSOMS.
DHS

BD Alaris Plus

This medical device advisory includes mitigation recommendations for an improper authentication vulnerability in specific versions of BD’s Alaris Plus medical syringe pumps.
DHS

Philips IntelliVue Information Center iX

This medical device advisory includes mitigation recommendations for a resource exhaustion vulnerability in Philips' IntelliVue Information Center iX real-time central monitoring system.
DHS

Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows

This advisory includes mitigation recommendations for stack-based buffer overflow vulnerabilities in Yokogawa's iDefine, STARDOM, ASTPLANNER, and TriFellows products.

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...