Saturday, July 20, 2019
DHS

Johnson Controls exacqVision Server

This advisory includes mitigations for an unquoted search path or element vulnerability reported in the Johnson Controls exacqVision Server.
DHS

Philips Holter 2010 Plus

This advisory provides information about, and mitigations for, a vulnerability reported in the Philips Holter 2010 Plus.
DHS

Delta Industrial Automation CNCSoft ScreenEditor

This advisory includes mitigations for heap-based buffer overflow and out-of-bounds read vulnerabilities reported in the Delta Electronics CNCSoft ScreenEditor.
DHS

Siemens SIMATIC WinCC and PCS7

This advisory includes mitigations for an unrestricted upload of file with dangerous type vulnerability reported in the Siemens SIMATIC WinCC and SIMATIC PCS7 industrial products.
DHS

Siemens TIA Administrator (TIA Portal)

This advisory provides information about, and mitigations for, a vulnerability in the Siemens TIA Administrator (TIA Portal) application.
DHS

Siemens SIMATIC RF6XXR

This advisory provides information about, and mitigations for, several vulnerabilities in the Siemens SIMATIC RF6XXR series devices.
DHS

AVEVA Vijeo Citect and Citect SCADA Floating License Manager

This advisory provides information about, and mitigations for, several vulnerabilities reported in the AVEVA Vijeo Citect and Citect SCADA Floating License Manager applications.
DHS

Schneider Electric Interactive Graphical SCADA System

This advisory includes mitigations for an out-of-bounds write vulnerability in the Schneider Electric Interactive Graphical SCADA System software.
DHS

Schneider Electric Floating License Manager

This advisory includes mitigations for improper input validation and memory corruption vulnerabilities in the Schneider Electric Floating License Manager software.  
DHS

GE Aestiva and Aespire Anesthesia

This medical advisory includes mitigations for an improper authentication vulnerability reported in GE’s Aestiva and Aespire Anesthesia machines.
DHS

Emerson DeltaV Distributed Control System

This advisory includes mitigations for a use of hard-coded credentials vulnerability reported in Emerson’s DeltaV Distributed Control System.
DHS

Rockwell Automation PanelView 5510

This advisory includes mitigations for an improper access control vulnerability reported in Rockwell Automation’s PanelView 5510.
DHS

Schneider Electric Zelio Soft 2

This advisory includes mitigations for a use after free vulnerability reported in Schneider Electric’s Zelio Soft 2 programming platform.
DHS

Siemens Spectrum Power

This advisory includes mitigations for a cross-site scripting vulnerability in the Siemens Spectrum Power software.
DHS

Siemens SIPROTEC 5 and DIGSI 5

This advisory includes mitigations for improper input validation vulnerabilities reported in Siemens’ SIPROTEC 5 and DIGISI 5 products.
DHS

Schneider Electric Modicon Controllers

This advisory includes mitigations for an improper check for unusual or exceptional conditions vulnerability reported in Schneider Electric’s Modicon Controllers, a PLC and PAC controller for industrial control systems.
DHS

Quest KACE Systems Management Appliance

This advisory includes mitigations for an improper input validation vulnerability reported in the Quest KACE Systems Management Appliance (SMA).
DHS

Medtronic MiniMed 508 and Paradigm Series Insulin Pumps

This advisory includes mitigations for an improper access control vulnerability reported in Medtronic’s MiniMed 508 and Paradigm series insulin pumps.
DHS

ABB PB610 Panel Builder 600

This advisory includes mitigations for use of hard-coded credentials, improper authentication, relative path traversal, improper input validation, and stack-based buffer overflow vulnerabilities reported in ABB’s PB610 Panel Builder 600, an engineering tool for designing HMI applications and the runtime...
DHS

ABB CP651 HMI

  This advisory includes mitigations for a use of hard-coded credentials vulnerability reported in ABB’s CP651 HMI products.

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.