Alert Details

Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                   

Current Alerts

AlertTitleSCADA

We weren't going to publish GHOST updates anymore, but since it's SCADA...

 

Siemens has updated SIMATIC HMI Basic, SINUMERIK, and Ruggedcom APE

More info.

And STEP 7 and PCS 7.  More info.

 

Siemens has identified three vulnerabilities in its SIMATIC HMI devices. These vulnerabilities could be exploited remotely.  An updated bulletin provides information on fixes for PCS 7

More info.

AlertTitleNovell

Novell has provided an update to resolve security vulnerabilities found since the original release of Novell LDAP Proxy 1.5.

More info.

AlertTitleHitachi

A vulnerability exists in Cosminexus Developer's Kit for Java(TM).  Due to setting for using TLS v1.2 with the SSL and TLS protocols, these vulnerabilities arise.

More info.

 

Cosminexus Developer's Kit for Java(TM) and Hitachi Developer's Kit for Java containsmultiple vulnerabilities.

More info.

 

A vulnerability (CVE-2014-4630) exists in Cosminexus HTTP Server and Hitachi Web Server.

More info.

AlertTitleMcAfee
The MA functionality for viewing logs remotely on Windows is vulnerable to http-generic-click-jacking. This flaw can be exploited if the attacker is able to craft a malicious 'clickjacking' page and a user clicks on a button that initiates a malicious action.  4.8.x versions patched, 5.0.1 is expected Q2.

More info.

 

Integer overflow allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory.  Last vulnerable version has been patched.

More info.

AlertTitleF5

The symmetric-key feature in ntpd requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. For BIG-IP systems using a default network time protocol (NTP) configuration, there is no impact. However, BIG-IP systems with an NTP configuration that is customized in line with the requirements of the advisory may be vulnerable. 

More info.

AlertTitleVMware

VMware has updated a previous security advisory in conjunction with the release of NSX for Multi-Hypervisor and vFabric Postgres patches released on 2015-04-23.
More info.

AlertTitleUbuntu

It was discovered that wpa_supplicant incorrectly handled SSID information when creating or updating P2P peer entries. A remote attacker could use this issue to cause wpa_supplicant to crash, resulting in a denial of service, expose memory contents, or possibly execute arbitrary code.

More info.

AlertTitleiOS

A vulnerability was reported in Apple iOS. A remote user can cause denial of service conditions on the target system in certain cases. A remote user with control of a wireless network that the target device is connected to can create a specially crafted SSL certificate that, when processed by an app that uses SSL, will cause the target app to crash.

More info.

AlertTitleF5

Remote attackers may be able to cause a denial-of-service (temporary network outage) via a packet with a crafted size.

More info.

AlertTitleSAP

SAP has released the monthly critical patch update for April 2015. This patch update closes a lot of vulnerabilities in SAP products. Most of them are potential information disclosure vulnerabilities.

More info.

AlertTitleCisco

A vulnerability in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to inject a crafted HTTP header that causes users to be redirected to a malicious website.

More info.

AlertTitleAndroid

Google has published an update for Android WebView with security fixes.

More info.

 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                  

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://secunia.com/Advisories
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

 

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/