Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Friday 03 December 2021


WebHMI

Patch

Distributed Data Systems WebHMI contains an Authentication Bypass by Primary Weakness vulnerability, and an Unrestricted Upload of File with Dangerous Type vulnerability.  Highest CVSSv3 score of 10.
More info.


Hitachi

Patch

Hitachi Energy is aware of a vulnerability in the RTU500 series. An attacker could exploit this vulnerability only on RTU500 series in which BCI IEC 60870-5-104 is configured and enabled by project configuration. An attacker could cause the product to reboot. CVSSv3 score of 7.5
More info.

Hitachi Energy is aware of vulnerabilities in OpenSSL and libxml2 used in the RTU500 series An attacker who successfully exploited this vulnerability could eavesdrops on the traffic, retrieve information from memory or to cause a DoS.  Highest CVSSv3 score of 8.6
More info.


IBM

Patch

Security vulnerabilities in third party software have been addressed in IBM Cognos Analytics. Highest CVSSv3 score of 9.8
More info.

In response to a security issue with BMC's IPMI LAN+ interface, a new Power System firmware update is being released. CVSSv3 score of 10.
More info.

Multiple vulnerabilities in VMware vCenter plugins affect IBM Cloud Pak System. IBM Cloud Pak System. CVSSv3 score of 9.8
More info.


NetApp

New

NetApp has published 5 new bulletins for vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Linux

Patch

CentOS has updated the kernel. More info.


  

Thursday 02 December 2021


Mozilla

Patch

NSS is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Mozilla rates this Critical.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Mageia has updated the systemd, glibc, and others. More info.


  

Wednesday 01 December 2021


Xylem

Patch

A vulnerability exists that could allow an unauthenticated attacker to invoke queries to manipulate the Aanderaa GeoView database server. CVSSv3 score of 8.2
More info. And here.


Moxa

New

Multiple product vulnerabilities were identified in Moxa’s ioPAC 8500 Series and ioPAC 8600 Series rugged modular programmable controllers, including RCE, cleartext transmission of sensitive information, hard-coded cryptographic key, and unprotected storage of credentials. No patches yet.
More info.


IBM

Patch

Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprise. CVSSv3 score of 9.8
More info.


Linux

Patch

Red Hat has updated the kernel. More info.
Ubuntu has updated the kernel. More info.


  

Tuesday 30 November 2021


Mitsubishi
Electric

Patch

Multiple DoS vulnerabilities exist in MELSEC iQ-R/Q/L series CPU module and MELIPC series. A remote attacker may stop the program execution or Ethernet communication of  the products by sending specially crafted packets. CVSSv3 score of 7.5
More info.


CODESYS

Patch

CODESYS Git lacks server certificate validation using HTTPS protocol. Therefore, the server connection is vulnerable to a man-in-the-middle attack. CVSSv3 score of 8.0
More info.


B&R

Patch

Number:Jack is a set of vulnerabilities in TCP/IP stacks in which ISNs are improperly generated, leaving TCP connections of a device open to attacks. B&R Vision cameras, Safe Logic, Bus Controller, and Motion components are impacted.  CVSSv3 score of 5.7
More info.


IBM

Patch

IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. CVSSv3 score of 9.8
More info.


  

Monday 29 November 2021


IBM

Patch

A vulnerability in IBM SDK Java affects IBM Cloud Pak System. A stack-based buffer overflow exists allowing a remote attacker to send an overly long string and execute arbitrary code on the system or cause the application to crash. CVSSv3 score of 9.8
More info.


Hitachi

Patch

Multiple vulnerabilities have been found in Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint. Highest CVSSv3 score of 7.5
More info.


QNAP

Patch

A command injection vulnerability and an improper authentication vulnerability have been reported to affect QNAP VS Series NVR running QVR. If exploited, these vulnerabilities allow remote attackers to run arbitrary commands and compromise the security of the system. QNAP rates these Critical and High.
More info. And here.


  

Friday 26 November 2021


LibreSSL

Patch

In some situations the X.509 verifier would discard an error on an unverified certificate chain, resulting in an authentication bypass.
More info.


BitDefender

Patch

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. CVSSv3 score of 9.0
More info.

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. CVSSv3 score of 5.3
More info.


F-Secure

Patch

A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to DoS. The vulnerability can be exploited remotely by an attacker, resulting in DoS of the antivirus engine.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
Mageia has updated the kernel. More info.


  

Thursday 25 November 2021


Cisco

New

Cisco Expressway Series is vulnerable to recently reported issues in Apache HTTP Server.  Highest CVSSv3 score of 9.0  No patches yet.
More info.


NetApp

New

NetApp has published 5 bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Linux

Patch

OpenSUSE has updated the kernel. More info.
Alpine Linux 3.15.0 is out. More info.


  

Wednesday 24 November 2021


F5

Patch

An issue was discovered in the Linux kernel used in Traffix SDC. The TIPC functionality allows remote attackers to exploit an insufficient validation vulnerability to access restricted information, modify files, or cause a DoS attack. CVSSv3 score of 8.1
More info.


VMware

Patch

The vSphere Web Client (FLEX/Flash) contains unauthorized arbitrary file read and SSRF vulnerabilities. Highest CVSSv3 score of 7.5.
More info.


Linux

Patch

Oracle Linux has updated the kernel. More info.


  

Tuesday 23 November 2021


Moxa

Patch

Multiple product vulnerabilities were identified in Moxa’s NPort IAW5000A-I/O Series Servers, including Hard-coded cryptographic keys in firmware and program module, Exposure of sensitive information, and vulnerabilities in third-party software.
More info.

Multiple product vulnerabilities were identified in Moxa’s ioLogik E2200 Series Controllers and I/Os and ioAdmin Configuration Utility, including Improper authentication, Use of client-side authentication, Hard-coded password, Improper access control, and several Buffer overflows.
More info.


Dell

Patch

Dell EMC Data Protection Central remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell rates this Critical.
More info.

DELL EMC VNXe1600 contains remediation for multiple third-party components that may be exploited by malicious users to compromise the affected system. Dell rates this High.
More info.


Zyxel

Patch

An improper password management vulnerability has been found in specific home routers and WiFi systems. The vulnerability could allow an attacker to gain root access to the device if the remote assistance feature has been enabled by an authenticated user.
More info.


McAfee

Patch

Reflected Cross-Site Scripting vulnerabilities in McAfee Policy Auditor allow a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID and UID request parameters.  Highest CVSSv3 score of 6.1
More info.


Linux

Patch

Red Hat has updated the kernel. More info.


  

Monday 22 November 2021


Sierra
Wireless

Patch

Sierra Wireless has published a bulletin covering multiple ALEOS security issues in AirLink products.  Highest CVSSv3 score of 7.5
More info.


Microsoft

Patch

Microsoft has updated chromium-based Edge to fix the latest security vulnerabilities.
More info.


Kaspersky

Patch

Kaspersky has fixed several security problems in consumer products for Windows, including issues with installer being vulnerable to arbitrary file deletion and loading a specially crafted XML file. Also a component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High.
More info.


Linux

Patch

SUSE has updated the kernel. More info.


  

Friday 19 November 2021


BlackBerry

Patch

A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP could potentially allow a successful attacker to execute code in the context of the affected process. CVSSv3 score of 9.8
More info.


Dell

Patch

Dell EMC Secure Connect Gateway contains remediation for multiple security vulnerabilities including third-party software. Dell rates this Critical.
More info.

Dell EMC Streaming Data Platform contains remediation for multiple security vulnerabilities that may be exploited by remote attackers.  Dell rates this High. Highest CVSSv3 score of 8.8
More info.


Hitachi

Patch

Hitachi has published security bulletins for JP1/Automatic Operation, Command Suite, Automation Director, Configuration Manager, Infrastructure Analytics Advisor, Ops Center, and Cosminexus.
More info.


QNAP

Patch

A heap-based buffer overflow vulnerability has been reported to affect QNAP NAS devices that have Apple File Protocol (AFP) enabled in QTS or QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP rates this High.
More info.

A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP NAS running QmailAgent. If exploited, this vulnerability allows remote attackers to trick a victim into performing unintended actions on the web application while the victim is logged in.  QNAP rates this Medium.
More info.

A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP rates this Medium, and recommends uninstalling Ragic Cloud DB until a patch is available.
More info.


NetApp

New

NetApp has published 6 security bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.


  

Thursday 18 November 2021


HPE

Patch

Remote buffer overflow and file management vulnerabilities have been identified in an optional management utility named the Emulex HBA Manager for use with HPE Fibre Channel Host Bus Adapters. Highest CVSSv3 score of 9.8
More info.


CODESYS

Patch

Crafted communication requests may cause a Null pointer dereference in affected CODESYS products and may result in a DoS. CVSSv3 score of 7.5
More info.


Thales

New

Thales CPL has recently identified a vulnerability in SafeNet Agent for Windows Logon under specific configurations. Login required to see bulletin.
More info.


Philips

Patch

Philips has identified that IntelliBridge EC40 and EC80 systems contains hard-coded credentials and authentication bypass using an alternate path or channel. These issues may allow an unauthorized attacker to execute software, modify device configuration, or view/update files, including unidentifiable patient data.
More info.

Philips has identified vulnerabilities in Patient Information Center iX  and Efficia CM Series software including Improper input validation, a hard-coded cryptographic key, and Insecure cryptographic algorithm. Successful exploitation of these vulnerabilities may allow an unauthorized attacker access to data and cause a DoS resulting in temporary interruption of viewing of physiological data at the central station. Exploitation does not enable modification or change to point of care devices.
More info.


Wireshark

Patch

Wireshark has fixed nine vulnerabilities leading to DoS.
More info.


FatPipe
Networks

Exploit

A vulnerability in the web management interface of FatPipe software could allow a remote attacker to upload a file to any location on the filesystem on an affected device. Actively being exploited.
More info. And here.


Linux

Patch

Red Hat has updated binutils. More info.
CentOS has updated the kernel and binutils. More info.
Oracle Linux has updated the kernel and binutils. More info.


  

Wednesday 17 November 2021


TIBCO

Patch

TIBCO PartnerExpress contains vulnerabilities that allows an remote attacker with network access to execute a clickjacking attack or obtain session tokens for the affected system on the affected system. An attacker can gain full administrative access to the affected system. CVSSv3 score of 9.8
More info. And here.


WAGO

Patch

WAGO has published 3 new bulletins identifying vulnerabilities in CODESYS Runtime, WebVisualisation, and Nucleus RTOS TCP stack that affect their products. Highest CVSSv3 score of 9.8
More info.


Dell

Patch

Dell has published an EMC Avamar Security Update for vulnerabilities in third-party software included in the product. Dell rates this Critical.
More info.


IBM

Patch

Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Highest CVSSv3 score of 9.8
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Oracle Linux has updated the kernel, binutils, glibc, and others. More info.


  

Tuesday 16 November 2021


Google

Patch

Google has published an update for Chrome for Desktop that includes 25 security fixes, the most severe of which could allow for arbitrary code execution.
More info. And here.


IBM

Patch

A vulnerability in IBM SDK Java affects IBM Cloud Pak System. CVSSv3 score of 9.8
More info.

A buffer overflow issue was identified in the OpenSSL component of IBM MQ and IBM Websphere MQ. CVSSv3 score of 9.8
More info. And here.


Veritas

New

Veritas has discovered an issue where Veritas Enterprise Vault could allow RCE on a vulnerable Enterprise Vault Server. CVSSv3 score of 9.8  Only mitigations, no patches yet.
More info.


Mitsubishi
Electric

New

An Information Tampering vulnerability exists in GOT2000 series, GOT SIMPLE series and GT SoftGOT2000 due to improper input validation for device value. An attacker may write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value, affecting system operation. CVSSv3 score of 7.5  Mitigations only.
More info.


Linux

Patch

OpenSUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.


  

Monday 15 November 2021


Meinberg

Patch

The LANTIME Firmware includes updates to the kernel, software tools, and changes to the Meinberg LTOS Web Interface to fix several vulnerabilities.
More info.


Linux

Patch

OpenSUSE has updated binutils. More info.
Red Hat has updated the kernel and binutils. More info.


  

Friday 12 November 2021


OMG DDS

Patch

Thirteen vulnerabilities have been found in multiple open-source and proprietary Object Management Group (OMG) Data-Distribution Service (DDS) implementations.  Seven of these are exploitable by remote attackers for DoS, RCE, or Information Exposure.  Highest CVSSv3 score of 8.6
More info.


Hitachi

Patch

A vulnerability exists in Hitachi Command Suite, Hitachi Ops Center API Configuration Manager,Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. CVSSv3 score of 9.0
More info.


QNAP

Patch

A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Console. If exploited, this vulnerability allows attackers to execute arbitrary code. CVSSv3 score of 8.5
More info.


NETGEAR

New

NETGEAR is aware of industry-wide WiFi WPS and IEEE-1905 security vulnerabilities on products containing MediaTek microchips. CVSSv3 score of 8.2
More info.


NetApp

New

NetApp has published 6 security bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Linux

Patch

Alpine Linux has updated for busybox vulnerabilities. More info. And here.


  

Thursday 11 November 2021


Palo Alto
Networks

Exploit

Palo Alto Networks has 8 new bulletins, 1 rated Critical, 6 rated High, and 1 rated Medium.  Highest CVSSv3 score of 9.8  Exploits exist.
More info.

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. CVSSv3 score of 9.8
More info.

An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. CVSSv3 score of 8.1
More info.

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. CVSSv3 score of 8.1
More info.

An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. CVSSv3 score of 7.5
More info.


Ivanti

Patch

Ivanti Avalanche contains a vulnerability that allows remote attackers to execute arbitrary code. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. CVSSv3 score of 9.8
More info.

Ivanti Avalanche contains a vulnerability that allows remote attackers to bypass authentication. The specific flaw exists within the SettingsDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. CVSSv3 score of 9.1
More info.


Apple

Patch

Apple has published a security update for iCloud for Windows. Highest CVSSv3 score of 8.8
More info.


PostgreSQL

Patch

When the server is configured to use trust authentication or cert authentication, a MitM attacker can inject arbitrary SQL queries when a connection is first established or inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
More info.


VMware

Patch

VMware Tanzu Application Service for VMs uses Cloud Controller (CAPI) from Cloud Foundry which is vulnerable to an unauthenticated DoS vulnerability. A remote attacker can cause a DoS by using REST HTTP requests and generating an enormous SQL query leading to database unavailability. CVSSv3 score of 7.5.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Mageia has updated the kernel and microcode. More info.


  

Wednesday 10 November 2021


Samba

Patch

Samba has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.
More info.


Citrix

Patch

Vulnerabilities have been discovered in Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition. These vulnerabilities, if exploited, could result in a remote attacker causing a DoS.  Note that a configuration change is required after patching.
More info.


HCC Embedded

Patch

A new bulletin has been published for InterNiche TCP/IP stack and InterNiche Lite.  Details are unavailable without a login.
More info.


Intel

Patch

Intel has published 25 new bulletins, one of which allows a remote attacker to cause a DoS, CVSSv3 score of 5.8
More info. And here.


NETGEAR

Patch

NETGEAR has released fixes for a pre-authentication buffer overflow security vulnerability for several products.
More info.


Linux

Patch

SUSE has updated the kernel and binutils. More info.
OpenSUSE has updated the kernel and binutils. More info.
Red Hat has updated the kernel and binutils. More info.
Ubuntu has updated the kernel. More info.


  

Tuesday 09 November 2021 - Part 2


Microsoft

Patch

Microsoft Monthly Patches are out with 55 vulnerabilities, 6 are rated Critical, 4 were previously disclosed, and 2 are being actively exploited. Highest CVSSv3 score of 9.0.
More info. And here. And here.


Adobe

Patch

Adobe has released 3 new bulletins in their Monthly Patch set, for Creative Cloud, InCopy, and RoboHelp Server.
More info.

Adobe has released a security hotfix for RoboHelp Server. This update resolves a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution in the context of the current user. CVSSv3 score of 8.8
More info.


  

Tuesday 09 November 2021


Siemens

Patch

Siemens Monthly Patches are out, with 13 new bulletins and 10 updated. Highest CVSSv3 score of 9.9.
More info.

NUCLEUS:13 vulnerabilities in the Nucleus TCP/IP stack affect several Siemens products lines, including Capital VSTAR and Nucleus, APOGEE, and TALON. Highest CVSSv3 score of 9.8
More info. And here.

Climatix POL909 contains an information disclosure vulnerability which could allow an attacker in a MitM position to read sensitive data, such as administrator credentials, or modify data in transit. CVSSv3 score of 6.4
More info.

Siemens has released hotfixes for Siveillance Video DLNA Server, which fix a path traversal vulnerability that could allow an unauthenticated remote attacker to access sensitive information on the DLNA server. CVSSv3 score of 8.6
More info.

The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to execute code on the affected device(s), read arbitrary files, or create a denial-of-service condition. Highest CVSSv3 score of 9.8
More info.


Schneider
Electric

Patch

Schneider Electric has released 7 new bulletins and 3 updated in their Monthly Patch set.  Vulnerabiltiies include Microsoft Print Spooler, BadAlloc, and Bluetooth.
More info.

A vulnerability in their SCADAPack 300E Series RTU products could cause a DoS of the RTU when receiving a specially crafted request over Modbus. CVSSv3 score of 7.5
More info.


SAP

Patch

SAP Security Patch Day includes 5 new bulletins and 2 updates.  Of the new bulletins, 1 is rated Hot News, 1 is rated High, and 3 are rated Medium.  The Hot News bulletin is a Missing Authorization Check in ABAP Platform kernel, with a CVSSv3 score of 9.6
More info.


F5

New

A vulnerability in BIND could be abused by an attacker to significantly degrade resolver performance in BIG-IP and BIG-IQ products. CVSSv3 score of 5.3
More info.



CODESYS

Patch

Crafted web server requests may cause invalid memory accesses to crash the CODESYS web server or may read stack or heap memory. CVSSv3 score of 8.2  POC is publicly available.
More info.



  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2021