Wednesday, August 10, 2022
DHS

Mitsubishi Electric GT SoftGOT2000

This advisory contains mitigations for Infinite Loop and OS Command Injection vulnerabilities in versions of Mitsubishi Electric GT SoftGOT2000 software. 
DHS

Emerson ControlWave

This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerabilities in Emerson ControlWave products, a programmable controller.
DHS

Emerson OpenBSI

This advisory contains mitigations for Use of Broken or Risky Cryptographic Algorithm and Use of Hard-coded Cryptographic Key vulnerabilities in Emerson OpenBSI, a set of network communication services.
DHS

Digi ConnectPort X2D

This advisory contains mitigations for an Execution with Unnecessary Privileges vulnerability in Digi ConnectPort X2D, a connection gateway.
DHS

Delta Electronics DIAEnergie (Update C)

This updated advisory is a follow-up to the advisory update titled ICSA-21-238-03 Delta Electronics DIAEnergie (Update B) that was published March 22, 2022, on the ICS webpage at www.cisa.gov/ics. This advisory contains mitigations for Use of Password Hash with...
DHS

Delta Electronics DIAEnergie (Update C)

This updated advisory is a follow-up to the advisory update titled ICSA-22-081-01 Delta Electronics DIAEnergie (Update B) that was published April 28, 2022, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for Path Traversal, Incorrect Default Permissions,...
DHS

Mitsubishi Electric FA Engineering Software Products (Update F)

his updated advisory is a follow-up to the advisory update titled ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update E) that was published May 24, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Heap-based Buffer...
DHS

Mitsubishi Electric Factory Automation Engineering Products (Update H)

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update E) that was published May 24, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Unquoted...
DHS

Mitsubishi Electric Factory Automation Engineering Software (Update C)

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-02 Mitsubishi Electric Factory Automation Engineering Software (Update B) that was published May 31, 2021, to the ICS webpage on ucisa.gov/ics.
DHS

Rockwell Products Impacted by Chromium Type Confusion

This advisory contains mitigations for a Type Confusion vulnerability in various Rockwell Automation products.
DHS

Mitsubishi Electric FA Engineering Software (Update B)

This updated advisory is a follow-up to the advisory update titled ICSA-21-350-05 Mitsubishi Electric FA Engineering Software (Update A) that was published December 16, 2021, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Out-of-bounds Read and...
DHS

MOXA NPort 5110

This advisory contains mitigations for an Out-of-bounds Write vulnerability in MOXA NPort 5110, a device server.
DHS

Honeywell Saia Burgess PG5 PCD

This advisory contains mitigations for Authentication Bypass and Use of a Broken or Risky Cryptographic Algorithm vulnerabilities in Honeywell Saia Burgess PG5 PCD, a PLC.
DHS

Honeywell Safety Manager

This advisory contains mitigations for Insufficient Verification of Data Authenticity, Missing Authentication for Critical Function, and Use of Hard-coded Credentials vulnerabilities in Honeywell Safety Manager, a safety solution of the Experion Process Knowledge System.
DHS

Inductive Automation Ignition

This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in versions of Inductive Automation Ignition software.
DHS

Mitsubishi Electric MELSEC and MELIPC Series (Update D)

This updated advisory is a follow up to the advisory update titled ICSA-21-334-02 Mitsubishi Electric MELSEC and MELIPC Series (Update C) that was published June 7, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Uncontrolled...
DHS

AutomationDirect Stride Field I/O

This advisory contains mitigations for an Cleartext Transmission of Sensitive Information vulnerability in AutomationDirect products.
DHS

ICONICS Suite and Mitsubishi Electric MC Works64 Products

This advisory contains mitigations for an Path Traversal, Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere, Out-of-Bounds Read vulnerabilities in the SCADA products.
DHS

Rockwell Automation ISaGRAF Update A

This updated advisory is a follow-up to the original advisory titled Rockwell Automation ISaGRAF that was published March 29, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Improper Restriction of XML External Entity Reference...
DHS

Rockwell Automation ISaGRAF Workbench

This advisory contains mitigations for a Missing Authentication for Critical Function vulnerability in the ISaGRAF Workbench.

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images) At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Brian Krebs

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....

One of 5G's Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
The Register

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …