The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat. Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day.
Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.
Contec has identified several vulnerabilities in its CONPROSYS HMI System (CHS) Web HMI/SCADA software. These vulnerabilities could be exploited by a remote attacker to steal information. CVSSv3 score of 7.5
More info.
Apple has published an update for Xcode that fixes two sandbox vulnerabilities in Dev Tools
More info.
IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities. Highest CVSSv3 score of 9.8
More info.
IBM QRadar SIEM includes components with known vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps. Highest CVSSv3 score of 9.8
More info.
Multiple vulnerabilities were fixed in IBM Robotic Process Automation for Cloud Pak. Highest CVSSv3 score of 9.1
More info.
NetApp has published 11 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 7.8. Four have patches.
More info.
QNAP is updating their products for the Samba vulnerabilities.
More info.
Veritas has identified their products that include a vulnerable version of XStream.
More info.
3CX DesktopApp was shipped with malware.
More info.
Alpine Linux has published new releases. More info.
When the recursor detects and deters a spoofing attempt or receives certain malformed DNS packets, it throttles the server that was the target of the impersonation attempt. Unfortunately this mechanism can be used by an attacker with the ability to send queries to the recursor, guess the correct source port of the corresponding outgoing query and inject packets with a spoofed IP address to force the recursor to mark specific authoritative servers as not available, leading to a DoS for the zones served by those servers. CVSSv3 score of 3.7
More info.
Thunderbird users who use the Matrix chat protocol were vulnerable to a DoS.
More info.
Tenable.sc has been updated to correct a vulnerability in Apache. CVSSv3 score of 9.8
More info.
Apple has published updates for Studio Display firmware, Safari, iOS, iPadOS, watchOS, tvOS, and macOS. Three vulnerabilities are rated Critical, with one in WebKit being exploited.
More info.
There is a security vulnerability in Altenergy Power System Control Software, which is caused by an operating system command injection vulnerability in /set_timezone. A remote attacker can execute arbitrary commands to obtain server privileges. CVSSv3 score of 9.8
More info.
Multiple vulnerabilities exist in the MicroSCADA System Data Manager SDM600. A remote attacker who successfully exploited this vulnerability could take remote control. Highest CVSSv3 score of 9.9
More info.
An update for Streaming Data Platform is available that fixes multiple security vulnerabilities. Dell rates this Critical.
More info.
BD has published updates for vulnerabilities in third-party software included in Synapsys and BD MAX.
More info.
Vulnerabilities in Bash affect SAN Volume Controller and Storwize Family. Some vulnerabilities are from 2014. Highest CVSSv3 score of 10
More info. And here.
Vulnerabilities in Network Security Services (NSS) and Netscape Portable Runtime (NSPR) could allow a remote attacker to obtain sensitive information or cause a DoS. Highest CVSSv3 score of 9.3
More info.
NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.1
Only 1 bulletin has patches.
More info.
Red Hat has updated the kernel and kpatch. More info.
ManageEngine ADSelfService Plus pertains to an OTP–brute-force issue in the Password Sync Agent that could affect integrated third-party applications. Attackers could exploit this vulnerability using specialized, highly sophisticated machines to reset passwords and take control over integrated third-party applications. This is rated High.
More info.
Osprey Pump Controller contains several vulnerabilities. Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, retrieve sensitive information, modify data, cause a denial-of-service, and/or gain administrative control. Highest CVSSv3 score of 9.8
No response from ProPump and Controls.
More info.
SAUTER EY-modulo 5 Building Automation Stations contains multiple vulnerabilities. Successful exploitation of these vulnerabilities could lead to privilege escalation, unauthorized execution of actions, a DoS, or retrieval of sensitive information. Highest CVSSv3 score of 8.8
No patch will be available because encryption is not supported.
More info.
Spectrum Protect Plus contains security vulnerabilities in third-party software included in the product. Highest CVSSv3 score of 10
More info.
Xerox has updated third-party software in several of their Print Server products.
More info.
Tenable.sc has been updated with fixes for multiple vulnerabilities in third-party software. Highest CVSSv3 score of 9.8
More info.
Ubuntu has updated the kernel. More info.
The vulnerability dubbed "Acropalypse" originally identified and fixed in Pixel has now cropped up (see what we did there) in Windows 11's Snipping Tool and Windows 10's Snip & Sketch tool. When editing a saved screenshot and resaving, parts of the original image are recoverable.
More info. And here.
Hard-coded credentials in Web-UI of multiple VARTA Storage products allows an unauthorized attacker to gain administrative access to the Web-UI via network. CVSSv3 score of 9.1
No patch yet.
More info.
LANTIME firmware has been updated to fix vulnerabilities in third-party software.
More info.
A DoS vulnerability in certificate chains has been patched.
More info.
Philips has identified 5 products that are vulnerable to the recently patched RCE vulnerabilities in Microsoft. They are working on mitigation.
More info.
Vulnerabilities were discovered in the ThinManager ThinServer software. Successful exploitation of this vulnerability could allow an attacker to potentially perform remote code execution on the target or crash the software. Highest CVSSv3 score of 9.8
More info.
Delta Electronics InfraSuite Device Master contains several vulnerabilities. Successful exploitation of these vulnerabilities could allow a remote attacker to obtain access to files and credentials, escalate privileges, and remotely execute arbitrary code. Highest CVSSv3 score of 9.8
More info.
Dell Technologies PowerProtect DD remediation is available for various security vulnerabilities that could be exploited by malicious users to compromise the affected system. Dell rates this Critical.
More info.
A vulnerability exists in Tomcat when using the RemoteIpFilter leads to Tomcat not including the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
More info.
The Veritas NetBackup IT Analytics application upgrade process included unsigned files which could be exploited and result in a customer installing unauthentic components. CVSSv3 score of 5.3
More info.
Three command injection vulnerabilities have been identified in the Atos Unify OpenScape 4000 Platform and the Atos Unify OpenScape 4000 Manager Platform. A remote attacker can run arbitrary commands on the platform operating system and get administrative access to the system. Highest CVSSv3 score of 9.8
More info.
Google has published the Monthly Patch Update for Pixel phones. There are 46 patched vulnerabilities, plus Android and Qualcomm. This includes a fix for the Samsung 0-Day reported on Friday.
More info.
D-Link DIR-456U has hardcoded passwords, but was EOL 5 years ago.
More info.
Several vulnerabilities have been identified in curl that allows connection reuse when options have changed that should trigger a new session, as well as improper evaluation of tilde (~) in a path string, and passing TELNET values without input scrubbing. Most are rated Low, 1 is rated Medium.
More info.
SUSE has updated the kernel. More info.
Honeywell OneWireless Wireless Device Manager contains several vulnerabilities, including Command Injection, Use of Insufficiently Random Values, and Missing Authentication for Critical Function. Highest CVSSv3 score of 9.8
More info.
Eighteen 0-day vulnerabilities have been reported in Exynos Modems produced by Samsung Semiconductor. The four most severe of these eighteen vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number.
More info.
IBM Cognos Command Center is affected by multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.
NetApp has published 11 new bulletins identifying vulnerabilities third-party software in their products. Highest CVSSv3 score of 9.8
Five have patches.
More info.
BD has updated third-party software in BACTEC FX40.
More info.
Modbus TCP Server Add-On Instructions (AOI) for ControlLogix and CompactLogix controllers contains a vulnerability that would allow a remote attacker to gain information when the Modbus TCP Server AOI accepts a malformed request. CVSSv3 score of 5.3
More info.
IBM Sterling B2B Integrator has addressed security vulnerabilities in Dojo Toolkit. Highest CVSSv3 score of 9.8
More info.
Mozilla has published a bulletin rated High for Thunderbird.
More info.
Microsoft Monthly Patches include 76 vulnerabiltiies, 9 rated Critical and 2 are being Exploited. Highest CVSSv3 score of 9.8
More info. And here.
There is a RCE affecting HTTP Protocol Stack vulnerability. A prerequisite for a server to be vulnerable is that the binding has HTTP/3 enabled and the server uses buffered I/O. HTTP/3 support for services is a new feature of Windows Server 2022. CVSSv3 score of 9.8
More info.
ICMP contains a RCE vulnerability. An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket. CVSSv3 score of 9.8
More info.
Attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim. This is being exploited. CVSSv3 score of 9.8
More info. And here.
There is a RCE vulnerability in RPC. A remote attacker can send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. CVSSv3 score of 9.8
More info.
AVEVA Plant SCADA and Telemetry Server have an Improper Authorization vulnerability. A remote attacker could remotely read data, cause a DoS, and tamper with alarm states. CVSSv3 score of 9.8
More info. And here.
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere contain several vulnerabilities, including a Path Traversal and third-party OpenSSL. CVSSv3 score of 9.8
More info.
Two vulnerabilities affect the NPort 6000 Series and Windows driver manager. An attacker may perform a MitM attack and eavesdrop on the secure connection between the NPort 6000 Series and the Windows driver manager.
More info.
ClearPass Policy Manager has been udpated to address multiple security vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Mozilla has published updates for Firefox and Firefox ESR, both rated High.
More info.
Siemens Monthly Patches are out, with 7 new bulletins and 23 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.8
More info.
Multiple third-party component vulnerabilities were reported for the Busybox applet, the Linux Kernel, OpenSSL, OpenVPN and various other components used by the RUGGEDCOM and SCALANCE products. Highest CVSSv3 score of 9.8
More info.
The Mendix SAML module insufficiently verifies the SAML assertions. This could allow a remote attacker to bypass authentication and get access to the application. CVSSv3 score of 9.1
More info.
The RADIUS client implementation of the VxWorks platform in SIPROTEC 5 devices contains a DoS that could be triggered when a specially crafted packet is sent by a RADIUS server. CVSSv3 score of 7.5
More info.
Multiple vulnerabilities affecting various third-party components of SCALANCE W-700 IEEE 802.11ax devices could allow a remote attacker to cause a DoS, disclose sensitive data or violate the system integrity. Highest CVSSv3 score of 8.1
More info.
Schneider Electric Monthly Patches include 3 new bulletins and 15 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.8
More info.
PowerLogic HDPM6000 products contain an improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in DoS or RCE. CVSSv3 score of 9.8
More info.
Multiple vulnerabilities exist in Data Server, Dashboard and Custom Reports modules for the IGSS. Highest CVSSv3 score of 8.8
More info.
SAP Patch Day is here, with 19 new Security Notes. 5 are rated Hot News, 4 rated High, and 10 rated Medium. Highest CVSSv3 score of 9.9
More info.
ENERGY AXC PU uses CODESYS Control V3 runtime system, which contains several vulnerabilities. Highest CVSSv3 score of 8.1
More info.
Microsoft has updated Edge with the latest chromium security fixes.
More info.
Monthly Patches are expected out later today.
Improper Access Control vulnerabilities exist in the CS/CJ/CP-series Programmable Controllers. A remote attacker can use these vulnerabilities to bypass protection system of the user memory, disable a password, overwrite a new password, and overwrite a code for executing the user program (object code) or a function block. CVSSv3 score of 9.1
More info.
GUARDED
This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.
INCREASED
This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.
HIGH
This alert state indicates a more serious vulnerability which is exploitable.
CRITICAL
This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.
NEW
This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.
+24hrs
This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.
PATCH
This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported. It could be paired with Increased or High, and on rare occasions Critical.
EXPLOIT
This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported. It could be paired with High or Critical.
ZERO DAY
This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known. It could be paired with High or Critical.
© Computer Network Defence Limited 2023