Mozilla has released a security update to address multiple vulnerabilities in Thunderbird.
A remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
VMware ESXi, Workstation and Fusion updates address multiple security vulnerabilities.
A remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
Google has released Chrome version 63.0.3239.108 for Windows, Mac,
and Linux.
This version addresses a vulnerability that an attacker could exploit to take control of an
affected system.
Apple has released security updates to address vulnerabilities in
multiple products.
A remote attacker could exploit one of these vulnerabilities to take control of an affected
system.
CERT Coordination Center (CERT/CC) has released information on a
Transport Layer Security (TLS) vulnerability. Exploitation of this vulnerability could allow
an attacker to access sensitive information.The TLS vulnerability is also known as Return of
Bleichenbacher's Oracle Threat (ROBOT). Remediation : Affected users and system administrators are encouraged to disable TLS
RSA cyphers if possible.
A vulnerability was reported in Adobe Flash Player. Security settings
may be reset.
Remediation : Microsoft has issued a fix for CVE-2017-11305.The Microsoft advisory is
available at:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170022
Apple has released security updates to address vulnerabilities in
AirPort Base Station. An attacker could exploit some of these vulnerabilities to take
control of an affected system.
Microsoft has released updates to address vulnerabilities in
Microsoft software. A remote attacker could exploit some of these vulnerabilities to take
control of an affected system.
Mozilla has released security updates to address vulnerabilities in
Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take
control of an affected system.
Microsoft has released updates to address a vulnerability in
Microsoft Malware Protection Engine affecting multiple products. A remote attacker could
exploit this vulnerability to take control of an affected system.
Apple has released security updates to address vulnerabilities in
multiple products. A remote attacker could exploit some of these vulnerabilities to take
control of an affected system.
Google has released Chrome version 63.0.3239.84 for Windows, Mac, and
Linux. This version addresses vulnerabilities that an attacker could exploit to take control
of an affected system.
WordPress versions 4.9 and earlier are affected by four security
issues which could potentially be exploited as part of a multi-vector attack.
Remediation : fixes have been implemented in WordPress 4.9.1
Cisco has released security updates to address vulnerabilities in its
WebEx Network Recording Player for
Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker
could exploit these vulnerabilities to take control of an affected system.
The United Kingdom's National Cyber Security Centre (NCSC) has
released an advisory to highlight Neuron and Nautilus tools
used alongside Snake—malware that provides a platform to steal sensitive data. NCSC provides
enhanced cybersecurity services
to protect against cybersecurity threats.
Intel has released recommendations to address vulnerabilities in the
firmware of the following Intel products:
Management Engine, Server Platform Services, and Trusted Execution Engine.
An attacker could exploit some of these vulnerabilities to take control of an affected
system.
Symantec has released an update to address a vulnerability in the
Symantec Management Console.
A remote attacker could exploit this vulnerability to take control of an affected system.
The CERT Coordination Center (CERT/CC) has released information on a
vulnerability in
Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and
Windows 10.
A remote attacker could exploit this vulnerability to take control of an affected
system.
Cisco has released a security update to address a vulnerability in
its Voice Operating System software platform.
Exploitation of this vulnerability could allow a remote attacker to take control of an
affected system.
Mozilla has released security updates to address multiple
vulnerabilities in Firefox 57 and ESR 52.5.
An attacker could exploit these vulnerabilities to take control of an affected
system.
Microsoft has released updates to address vulnerabilities in
Microsoft software.
A remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
Adobe has released security updates to address vulnerabilities in
Flash Player,
Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player,
and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote
attacker to take control of an affected system.
Microsoft has released an advisory that provides guidance on securing
Dynamic Data Exchange (DDE) fields in Microsoft Office applications.
Exploitation of this protocol may allow an attacker to take control of an affected
system
Joomla! has released version 3.8.2 of its Content Management System
(CMS) software to address multiple vulnerabilities.
A remote attacker could exploit one of these vulnerabilities to obtain sensitive
information.
There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. No
EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
as a result of this defect would be very difficult to perform and are not
believed likely.
Cisco has released updates to address vulnerabilities affecting
multiple products.
A remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
A vulnerability was reported in Apache HTTPD on Red Hat Enterprise
Linux. A remote user can bypass security controls on the
target system. The system may not properly parse comments in the 'Allow' and 'Deny'
configuration lines. as a result, a remote
user may be able to access an ostensibly restricted HTTP resource. Remediation : Red hat has issued a fix.
A remote attacker may be able recover the RSA private key from a
victim's public key,
if it was generated by the Infineon RSA library. Remediation : Apply appropriate updates
A Critical Patch Update (CPU) is a collection of patches for multiple
security vulnerabilities.
Critical Patch Update patches are usually cumulative, but each advisory describes only the
security fixes added since the previous Critical Patch Update advisory.
Thus, prior Critical Patch Update advisories should be reviewed for information regarding
earlier published security fixes. Remediation : Apply appropriate Patches
Severe vulnerabilities have brought all modern secure WiFi networks
under serious Threat. Researchers have unearthed flaws in WPA2 protocol implementation in
WiFi Clients and Wireless Access points (APs).
Remediation : Apply appropriate updates from OEMs on all WiFi devices frequently.
E.g. OS of Clients (Systems/Phones)
and Firmware of APs. Security updates will assure a key is only installed once and therefore
likely to
preventing possible attack.
Mozilla has released a security update to address multiple
vulnerabilities in Thunderbird. Exploitation of some of these vulnerabilities may allow a
remote attacker to take control of an affected system.
It has been intimated that several high-volume FormBook malware
distribution campaigns were observed primarily taking aim at Aerospace, Defense Contractor,
and Manufacturing sectors within the U.S. and South Korea during the past few months.
Dubbed FormBook, the data stealer malware is distributed u sing different methods which
steal clipboard contents, log keystrokes and extract data from HTTP sessions.
Remediation: Since FormBook targets Windows devices, it is high time for high-profile
institutions to either upgrade their Windows OS to the latest or move to a secure one.
Moreover, don’t open any unknown or suspicious emails, don’t click links in an anonymous
email and avoid downloaded attachments from the email address you are not familiar with
Microsoft has released updates to address vulnerabilities in
Microsoft software. A remote attacker could exploit some of these vulnerabilities to take
control of an affected system.
In this release, Microsoft has resolved three publicly disclosed issues, one of which has
been actively exploited in the wild. The Windows zero day
vulnerability is memory corruption vulnerability in Microsoft Office (CVE-2017-11826).
According to Microsoft, the Windows zero day could allow remote code execution by an
attacker and affects programs in Office 2007, 2010, 2013 and 2016. Remediation: It is recommended to apply the available patches for the above
vulnerabilities.
A vulnerability in Siemens 7KT PAC1200 data manager could allow an
unauthenticated, remote attacker to bypass authentication mechanisms and perform
unauthorized administrative actions on a targeted system.
Apple has released a supplemental security update to address
vulnerabilities in macOS High Sierra 10.13. An attacker could exploit these vulnerabilities
to obtain sensitive information.
Cisco has released updates to address vulnerabilities affecting
multiple products. A remote attacker could exploit some of these vulnerabilities to cause a
denial-of-service condition.
The Apache Software Foundation has released Apache Tomcat 9.0.1 and
8.5.23 to address a vulnerability in previous versions of the software. A remote attacker
could exploit this vulnerability to take control of an affected server.
Remediation: Users of the affected versions should apply mitigationsprovided on link
"http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3cf7229e11-5e8d-aa00-ff22-f0a795669010@apache.org%3e"
Dnsmasq is a widely used piece of open-source software. These
vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to remote
code execution, information exposure, and denial of service. In some cases an attacker would
need to induce one or more DNS requests.
Remediation:Version 2.78 has been released to address these
vulnerabilities.
A vulnerability in Linux Kernel could allow a local attacker to gain
elevated privileges on a targeted system
Remediation:The vendor has issued a source code fix.
Multiple vulnerabilities were reported in Apple iOS. A remote user on
the wireless network can obtain potentially sensitive information and execute arbitrary
code. A remote user can cause denial of service conditions on the target system. A remote
user can spoof the address bar. A remote user can conduct cross-site scripting attacks.
Remediation:The vendor has issued a fix (11.0).
Several vulnerabilities were reported in Apple Safari. A remote user
can execute arbitrary code on the target system. A remote user can spoof the address bar. A
remote user can conduct cross-site scripting attacks. Remediation:The vendor has issued a fix (11.0).
A vulnerability was reported in IBM WebSphere Portal. A remote user
can view files on the target system.
Remediation: IBM has issued a fix (APAR PI87495).
Successful exploitation of these vulnerabilities could lead to a
malicious attacker escalating his or her privileges or assuming the identity of an
authenticated user and obtaining sensitive data..
Remediation: Hikvision has released updates to mitigate the improper authentication
vulnerability in cameras sold through authorized distributers. Hikvision has not mitigated
the password in configuration file vulnerability.
Joomla! has released version 3.8.0 of its Content Management System
(CMS) software to address a vulnerability. A remote attacker could exploit this
vulnerability to obtain access to sensitive information.
The Samba Team has released security updates to address several
vulnerabilities in Samba. An attacker could exploit any of these vulnerabilities to obtain
access to potentially sensitive information.
Cisco has released updates to address vulnerabilities affecting
multiple products. A remote attacker could exploit one of these vulnerabilities to take
control of an affected system.
Multiple vulnerabilities have been reported in Microsoft Windows,
which could be exploited by an attacker to obtain sensitive information, remote code
execution, spoofing and bypass certain security feature to gain elevated privileges on the
targeted system..
Remediation: Apply appropriate patch as mentioned in Microsoft Security
Bulletin
Multiple vulnerabilities have been reported in Microsoft Edge ,
which could be exploited by an unauthenticated remote attacker to obtain sensitive
information, remote code execution , spoofing ,security feature bypass and gain elevated
privileges on the targeted system.
Remediation: Apply appropriate Patches.
Multiple memory corruption vulnerabilities have been reported in
Adobe Flash Player which could allow a remote attacker to execute arbitrary code on the
targeted system.
Remediation: Apply appropriate security updates
Multiple vulnerabilities have been reported in Microsoft Edge ,
which could be exploited by an unauthenticated remote attacker to obtain sensitive
information, remote code execution , spoofing ,security feature bypass and gain elevated
privileges on the targeted system.
Remediation: Apply appropriate Patches.
VMware has released security updates to address vulnerabilities in
ESXi, vCenter Server, Fusion, and Workstation. Exploitation of one of these vulnerabilities
could allow a remote attacker to take control of an affected system
A vulnerability has been reported in Cisco Aironet 1830 Series and
Cisco Aironet 1850 Series Access Points which could be exploited by a remote attacker to
unauthenticated complete control of an affected device.
Remediation: Apply appropriate updates.
A Vulnerability has been reported in the Traversal Using Relay NAT
(TURN) server included with Cisco Meeting Server (CMS) that can be exploited to allow an
authenticated, remote attacker to gain unauthenticated or unauthorized access to sensitive
information on an affected system.
Remediation: Apply appropriate updates.
A collection of Bluetooth implementation vulnerabilities known as
"BlueBorne" has been released. These vulnerabilities collectively affect Windows, iOS, and
Linux-kernel-based operating systems including Android and Tizen, and may in worst case
allow an unauthenticated attacker to perform commands on the device.
Remediation: 1. Apply an update. 2. Disable Bluetooth on your device.
Microsoft has released updates to address vulnerabilities in
Microsoft software. A remote attacker could exploit some of these vulnerabilities to take
control of a system.
Google has released Chrome version 61.0.3163.79 for Windows, Mac, and
Linux. This version addresses multiple vulnerabilities that an attacker could exploit to
take control of an affected system.
The Apache Software Foundation has released a security update to
address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to
take control of an affected system.
Successful exploitation of this vulnerability may allow an attacker
to access various resources.
Remediation: Siemens provides fixes and recommends users upgrade to the newest
version.
Successful exploitation of these vulnerabilities could allow an
attacker to hijack existing web sessions.Siemens reports that the vulnerabilities affect the
LOGO!8 BM: All versions.
Remediation: Siemens provides LOGO!8 BM FS-05 with firmware Version V1.81.2, which
fixes the first vulnerability. And also recommends applying the suggested mitigations for
users with existing installations, and for mitigation of the second vulnerability.
Successful exploitation of this vulnerability could cause a
denial-of-service condition in the affected component that may require a manual restart of
the main device to recover.
Remediation: Siemens provides firmware Version V2.1.3 [1] for 7KM PAC Switched
Ethernet PROFINET expansion modules, which fixes the vulnerability, and recommends users to
update to the new fixed version.
Successful exploitation of these vulnerabilities could allow an
unauthorized user to create an account on the device or access the device’s database.
Remediation: OPW have issued “Service Bulletin 462†and a letter to users to
inform them of the availability of free upgrades (firmware Version 17Q2.1) to mitigate these
vulnerabilities.
Successful exploitation of this vulnerability could allow an
unauthenticated user to access SoftCMS Live Viewer without knowing the user’s password.
Remediation: Moxa has provided software update Version 1.7 for SoftCMS Live Viewer
which fixes this vulnerability.
The vulnerability, if exploited, could lead to the disclosure of
confidential data, denial of service (DoS), spoofing of a request from an upstream device,
port scanning from the perspective of the machine where the parser is located, and other
system impacts.
Remediation: ALC applications should always be installed and maintained in accordance
with the Provided guidelines.
Smartphone is a mobile phone that performs many of the functions of a
computer, typically having a touchscreen interface, Internet access,
and an operating system capable of running downloaded apps. Users rarely secure their mobile
device, making it a target rich environment
for malware.
. Remediation: User need to follow the best practices while using Smartphone.
Successful exploitation of these vulnerabilities may allow a nearby
attacker to gain unauthorized access to a pacemaker and issue commands, change settings, or
otherwise interfere with the intended function of the pacemaker.
Remediation: Abbott has developed a firmware update to help mitigate the identified
vulnerabilities.
Successful exploitation of these vulnerabilities could allow
authenticated system users to escalate their privileges and modify or replace application
files.
Remediation: According to AzeoTech, the newest version (Version 17.1) gives write
privileges only to administrators and no longer searches for dlls outside of the application
directory.
Successful exploitation of these vulnerabilities may allow remote
code execution or unauthorized access and could cause the device that the attacker is
accessing to crash.
Remediation: Advantech has released a new version of WebAccess to address the
reported vulnerabilities.
This vulnerability is due to improper handling of authentication
requests and policy assignment for externally authenticated users.
Remediation: Apply Appropriate Update.
This vulnerability is due to a design defect in the extension. A
remote user can create specially crafted web content that, when loaded by the target user,
will trigger input validation flaws in the Cisco WebEx browser extensions for Google Chrome
and Mozilla Firefox on Windows-based systems and execute arbitrary code on the target users
system.
Remediation: Apply Appropriate Update.
A vulnerability has been reported in IBM WebSphere Application server
which could be exploited by a
remote attacker to access sensitive information on the target system.
Remediation: Apply Appropriate Update.
Successful exploitation of these vulnerabilities could allow a remote
attacker to obtain hard-coded cryptographic keys, hard-coded credentials, or trick a user
into submitting a malicious request, resulting in the attacker gaining unauthorized access
to the device and running arbitrary code.
Successful exploitation of these vulnerabilities could allow an
authenticated, remote attacker to execute code on an affected system or cause an affected
system to crash and reload.
The Federal Communications Commission (FCC) of USA has released a
public notice encouraging communications service providers to voluntarily use security best
practices recommended by the Communications Security, Reliability, and Interoperability
Council (CSRIC), a federal advisory committee to the FCC.
These best practices help prevent exploitation of Signaling System 7 (SS7) network
infrastructure, a signaling protocol that connects communication networks.
Successful exploitation of this vulnerability could cause an attacker
to gain read access to system files through directory traversal.
Remediation: SpiderControl has produced a new version of the software (Version
2.02.0100)
Successful exploitation of this vulnerability could allow an attacker
to gain access to the system, manipulate system files, and potentially render the system
unavailable.
Remediation: SpiderControl has produced a new version of the software (Version
1.6.40.148).
Successful exploitation of these vulnerabilities could allow an
authenticated user to elevate his or her privileges to execute arbitrary code on the system.
Remediation: ALC provides support for WebCTRL, i-Vu, SiteScan Web versions 6.0
and greater. Those users using prior versions, including 5.5 and 5.2, must upgrade to
supported versions in order to install these mitigation patches.
On October 11, 2017, the Internet Corporation for Assigned Names and
Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the domain name
system (DNS) Security Extensions (DNSSEC) protocol.
Mozilla has released a security update to address multiple
vulnerabilities in Thunderbird. A remote attacker could exploit some of these
vulnerabilities to take control of an affected system.
Remediation: Apply Necessary Updates.
Philips has identified Hard-coded Credentials and Cleartext Storage
of Sensitive Information vulnerabilities in Philips’ DoseWise Portal (DWP) web application.
Philips has updated product documentation and produced a new version that mitigates these
vulnerabilities.
These vulnerabilities could be exploited remotely.
Remediation: Philips is scheduled to release a new product version and
supporting product documentation in August 2017.
It has been reported that a few recent versions of NetSarang's
network connectivity and server management software suites are allegedly modified and
included a malicious backdoor module which provides flexible remote control capabilities to
an adversary
in the victim network.
Remediation: The vendor advised to update to the latest builds which are
Xmanager Enterprise Build 1236, Xmanager Build 1049, Xshell Build 1326,Xftp Build 1222, and
Xlpd Build 1224.
Cisco has released updates to address vulnerabilities affecting
multiple products. A remote attacker could exploit one of these vulnerabilities to take
control of an affected system..
Remediation: Apply the necessary updates
Drupal has released an advisory to address several vulnerabilities in
Drupal 8.x. A remote attacker could exploit one of these vulnerabilities to obtain or modify
sensitive information.
Remediation: Apply Security Updates
A vulnerability has been reported in Juniper Junos by which a network
based attacker on unauthorized access to the RE can cause the Junos OS snmpd daemon to crash
and restart by sending a crafted SNMP packet.
Workaround: 1.Disable SNMP (disabled by default) 2.Utilize edge filtering
with source-address validation (uRPF, etc.) 3.Access control lists (ACLs)
4. SNMP v3 authentication to limit access.
Multiple vulnerabilities have been reported in Adobe Flash Player
which could allow a remote attacker to execute arbitrary code and
bypass security controls on the affected system which could lead to information disclosure.
Remediation: Apply appropriate updates
Multiple vulnerabilities have been reported in Microsoft Windows
which could be exploited by a remote attacker to cause Denial of Service (DoS),obtain
potentially sensitive information and execute arbitrary code on the targeted system. .
Remediation: Apply appropriate software fixes
Symantec has released an update to address vulnerabilities in the
Symantec Messaging Gateway. Exploitation of one of these vulnerabilities may allow a remote
attacker to take control of an affected system.
Remediation: Apply necessary patches
Multiple vulnerabilities have been reported in Microsoft Internet
Explorer that could allow a remote attacker to bypass security restrictions and execute
arbitrary code on the targeted system.
Remediation: Apply appropriate patches
A Vulnerability has been reported in Microsoft SharePoint Server
which could allow remote attacker to perform the cross site scripting attack on the targeted
system.
Remediation: Apply appropriate security updates
Multiple vulnerabilities have been reported in Microsoft Edge which
could allow a remote attacker to execute arbitrary code, bypass security restrictions, gain
elevated privileges or obtain sensitive information of the targeted system.
Remediation: Apply appropriate patches
A vulnerability has been reported in Microsoft SQL Server which could
allow a remote authenticated attacker to obtain sensitive information on the targeted
system.
Remediation: Apply Appropriate Updates.
Successful exploitation of this vulnerability may allow arbitrary
code execution.
Remediation: Solar Controls has not responded to requests to coordinate with
NCCIC/ICS-CERT.
Successful exploitation of this vulnerability may allow arbitrary
code execution.
Remediation: Solar Controls has not responded to requests to coordinate with
NCCIC/ICS-CERT.
Successful exploitation of this vulnerability could allow an attacker
to execute arbitrary code.
Remediation: SIMPlight has not responded to requests to work with
NCCIC/ICS-CERT to mitigate this vulnerability.
Successful exploitation of this vulnerability could allow an attacker
to cause a crash of the device’s Wi-Fi module resulting in a denial-of-service condition
affecting the Wi-Fi module chipset. This does not affect the device’s ability to deliver
therapy.
Remediation: This vulnerability has been addressed in devices released after
July 1, 2017. For devices released prior to July 1, 2017, BMC Medical and 3B Medical offer
no mitigations.
Successful exploitation of this vulnerability could cause the target
device to crash and may allow arbitrary code execution.
Remediation: Advantech was unable to verify the validity of this
vulnerability. ZDI recommends that this product be restricted to interact with trusted files
only.
Multiple vulnerabilities have been reported in Adobe Acrobat and
Reader which could allow a remote attacker to execute arbitrary code and bypass security
controls on the target system.
Remediation: Apply appropriate security updates
An attacker who successfully exploits this vulnerability could access
files on the affected products’ file systems, view data, change configuration, retrieve
password hash codes, and potentially insert and send commands to connected devices without
authorization.
Remediation: Install necessary patch
Successful exploitation of these vulnerabilities could allow remote
code execution or cause the software that the attacker is accessing to crash. The improper
privilege management vulnerability could allow an attacker with local access to escalate
privileges.
Remediation: Fuji Electric has released a new version of Monitouch V-SFT,
Version 5.4.43.0, to fix these vulnerabilities.
Multiple vulnerabilities have been reported in Adobe Flash Player
which could allow a remote attacker to execute arbitrary code and obtain potentially
sensitive information on the target system..
Remediation: Apply appropriate security updates
Juniper Networks has released a security advisory that addresses a
vulnerability in Junos OS. A remote attacker could exploit this vulnerability to cause a
denial-of-service condition.
Remediation: The following software releases have been updated to resolve this
specific issue: Junos OS 12.1X46-D65 12.3X48-D40 14.2R8 15.1F7 15.1R5 15.1X49-D70
15.1X53-D47 16.1R4 16.2R2 17.1R1, and all subsequent releases.
A vulnerability has been reported in multiple Red Hat products which
could allow an unauthenticated, remote attacker to access sensitive information.
Remediation: Apply Apporopiate Updates
A vulnerability has been reported in Linux Kernel NFS Server which
could allow an unauthenticated remote attacker to execute arbitrary code on a targeted
system.
Remediation: Apply Apporopiate Updates
Mozilla has released security updates to address multiple
vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these
vulnerabilities to take control of an affected system.
Remediation: Apply necessary updates
Successful exploitation of this vulnerability may allow an attacker
to execute code from a malicious DLL on the affected system with the same privileges as the
application that loaded the malicious DLL.
Remediation: Moxa has provided software update Version 3.4 for SoftNVR-IA Live
Viewer which fixes this vulnerability.
Successful exploitation of these vulnerabilities could allow an
unauthorized attacker to gain privileged access to the system. An attacker may also be able
to store a malicious script in the application database.
Remediation: OSIsoft recommends that users update their software at the
earliest opportunity.
Siemens is warning customers that some of its CT and PET scanning
machines have a pair of remotely exploitable vulnerabilities that attackers can use to
execute arbitrary code.
Successful exploitation of this vulnerability may allow arbitrary
code execution.
Remediation: Schneider Electric recommends that users update to the latest
software Version 4.07.100 or newer
Multiple vulnerabilities have been reported in the Google Chrome
which could be exploited by a remote attacker to execute arbitrary code, bypass security
restrictions, access sensitive information, conduct URL spoofing attacks, or cause denial of
service (DoS) conditions on the targeted system.
Remediation: Upgrade to Google chrome version 60.0.3112.78
Successful exploitation of these vulnerabilities can result in
corruption of sensitive information, system crash, denial of service, and arbitrary code
execution.
Remediation: Mitsubishi recommends the following actions to mitigate these
vulnerabilities:
1. Use E-Designer in a safe, firewalled network.
2. Replace E-Designer HMIs with interfaces built with Mitsubishi’s new product, GT Works.
E-Designer has been discontinued.
Exploitation of these vulnerabilities may allow a remote attacker to
compromise the Trio TView Management Suite.
Remediation: The Java Runtime Environment 1.8.0u131 is provided with TView
Version 3.29.0 and is not affected by these vulnerabilities.
Multiple vulnerabilities have been reported in Microsoft Office
Outlook, which could be exploited by an attacker to obtain sensitive information or execute
remote commands on the targeted system.
Remediation: Apply appropriate patches
Successful exploitation of these vulnerabilities could allow a remote
attacker to execute arbitrary code. Remediation: Continental has validated the
reported vulnerabilities but has not yet identified a mitigation plan.
Successful exploitation of these vulnerabilities could allow an
attacker to transmit fraudulent data or perform a denial of service.
Remediation: Mirion Technologies recommends that users of 900 MHz devices
compare data received with expected results and past results. Inconsistencies could indicate
the presence of an interfering device.
Successful exploitation of these vulnerabilities may allow a remote
attacker to gain unauthorized access to the affected system and to issue unexpected commands
to impact the intended operation of the system.
Remediation: PDQ Manufacturing, Inc. (“PDQ”) has validated the vulnerabilities
and is developing product fixes for the affected systems
Cisco has released updates to address several vulnerabilities
affecting multiple products. Exploitation of one of these vulnerabilities may allow a remote
attacker to cause a denial-of-service condition.
Remediation: Apply necessary updates
Open Shortest Path First (OSPF) protocol implementations may
improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber.
Attackers with the ability to transmit messages from a routing domain router may send
specially crafted OSPF messages to poison routing tables within the domain.
Remediation: Install Updates.
McAfee has released a security bulletin to address multiple
vulnerabilities in Web Gateway. Some of these vulnerabilities could allow a remote attacker
to take control of an affected system.
Remediation: Apply necessary updates
Multiple Vulnerability have been reported in Joomla, which could be
exploited by a remote attacker to perform cross-site script (XSS) attacks or access
sensitive information on the targeted system.
Remediation: Upgrade to Joomla version 3.7.4
Multiple Vulnerabilities have been reported in various in Oracle
Products which could be exploited by an attacker to disclose sensitive information, gain
elevated privileges or cause Denial of Service (DoS) conditions on the targeted system.
Remediation: Apply appropriate patches as mentioned in Oracle Security Advisory
Multiple Vulnerabilities have been reported in various Oracle
Products which could be exploited by a remote attacker to cause denial of service conditions
via network, disclosure of system information and user information, Modification of system
information and user information, user access via local system and via network
Remediation: Apply appropriate patches as mentioned in Oracle Security Bulletin
issue. All affected users should update their firmware as soon as possible.
Multiple Vulnerability have been reported in IBM Tivoli Enterprise
Portal Server , which could be exploited by a attacker to execute arbitrary code , modify
data and obtain elevated privilieges on the target system.
Remediation: Apply appropriate patches.
The Telerik Web UI, versions R2 2017 (2017.2.503) and prior, is
vulnerable to a cryptographic weakness which an attacker can exploit to extract encryption
keys.
Remediation: Apply an Update.
Google has released Chrome version 60.0.3112.78 for Windows, Mac, and
Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an
attacker to take control of an affected system.
Remediation: Apply an Update.
Successful exploitation of these vulnerabilities could allow an
attacker to cause a denial of service on the device due to a buffer overflow condition.
Remediation: Because this is a hardware vulnerability, there are no software
workarounds available.
A Vulnerability has been reported in Gnome Files which could allow a
local attacker to compromise the target system withot further user interaction.
Remediation: Apply source code fix.
Inmarsat Solutions offers a shipboard email client service,
AmosConnect 8 (AC8), which was designed to be utilized over satellite networks in a highly
optimized manner. A third-party security research firm has identified two security
vulnerabilities in the client software.
IBM has released a security update to address some vulnerabilities in
its IBM Cisco MDS Series Switches Data Center Network Manager (DCNM) software. Exploitation
of these vulnerabilities may allow a remote attacker to take control of an affected system.
Remediation: Apply necessary updates
Cisco has released a security update to address a vulnerability in
its Web Security Appliance (WSA). A remote attacker could exploit this vulnerability to take
control of a system.
Remediation: Apply necessary updates
Successful exploitation of these vulnerabilities could allow an
attacker to perform actions on behalf of a legitimate user, perform network reconnaissance,
or gain access to resources beyond those intended with normal operation of the product.
Multiple Vulnerabilities have been reported in Google Android which
could allow a remote attacker to cause obtain elevated privileges or execute arbitrary code
on the targeted system.
Remediation: Contact device vendor or manufacturer for appropiate over-the-air
updates
Apple has released security updates to address vulnerabilities in
multiple products. A remote attacker may exploit some of these vulnerabilities to take
control of an affected system.
Dahua IP camera products using firmware versions prior to
V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be
vulnerable to a stack buffer overflow.
Remediation: Dahua has released firmware version
DH_IPC-ACK-Themis_Eng_P_V2.400.0000.14.R.20170713.bin to address this issue. All affected
users should update their firmware as soon as possible. If you have any questions, you may
contact cybersecurity@dahuatech.com.
Successful exploitation of this vulnerability could cause the device
that the attacker is accessing to enter a Denial-of-Service (DoS) condition.
Remediation: Rockwell Automation recommends updating to the latest firmware
revision of MicroLogix 1100 controllers, Version FRN 16.0 or later
Successful exploitation of these vulnerabilities could allow
attackers to gain unauthorized access to privileged information.
Remediation: ABB recommends that users update firmware to version 1.9.0 or
newer for WiFi Logger Card, and version 2.2.5 or newer for WiFi Logger Card for React.
Multiple vulnerabilities have been reported in Microsoft Windows,
which could be exploited by an attacker to obtain sensitive information, remote code
execution, security feature bypass and gain elevated privilege on the targeted system.
Remediation: Apply appropriate patch as mentioned in Microsoft Security
Guidances
(https://portal.msrc.microsoft.com/en-us/security-guidance)
Multiple vulnerabilities have been reported in Apache HTTP Server,
which could allow a remote attacker to cause Denial of Service (DoS) and access sensitive
information on a targeted system.
Remediation: Apply appropriate updates as mention in the following link:
http://httpd.apache.org/download.cgi
Juniper has released ScreenOS 6.3.0r24 to address multiple cross-site
scripting vulnerabilities found in prior versions. An attacker could exploit one of these
vulnerabilities to take control of an affected system. US-CERT encourages users and
administrators to review Juniper’s Security Bulletin (link is external) and update all
affected ScreenOS versions.
Successful exploitation of these vulnerabilities could allow an
unauthenticated attacker with network access to the server to perform administrative
operations.
Remediation: Siemens provides SiPass integrated V2.70, which fixes the
vulnerabilities, and recommends users update to the new version.
Successful exploitation of these vulnerabilities could allow an
attacker in a privileged network position to read and modify data within a Transport Layer
Security TLS session.
Remediation: Siemens has released SIMATIC WinCC Sm@rtClient V1.0.2.2 for
Android to address these vulnerabilities and recommends updating as soon as possible.
The Samba Team has released security updates that address a
vulnerability in all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos. A
remote attacker could exploit this vulnerability to take control of an affected system.
A vulnerability exists in Microsoft Common Object Runtime Library due
to improperly handling of web requests. An unauthenticated remote attacker could exploit
this vulnerability by injecting a specially crafted web requests to the .NET application to
cause a denial of service condition (DoS) on targeted system.
Remediation: Apply appropriate update as mentioned in the Microsoft Security
Guidance. (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8585)
Multiple vulnerabilities have been reported in Microsoft Edge which
could allow remote attacker to bypass same origin policy and spoof content and execute
arbitrary code on the target system. Remediation: Apply appropriate patches as
mentioned in the Microsoft Security Guidance from link :
https://portal.msrc.microsoft.com/en-us/security-guidance
Multiple vulnerabilities have been reported in Microsoft Office that
could allow a remote attacker to execute arbitrary code and gain elevated privileges on the
target system.
Remediation: Apply appropriate software fixes as available on the vendor
website.
Multiple vulnerabilities have been reported in Microsoft Internet
Explorer that could allow a remote attacker to bypass security restrictions , spoof content
and execute arbitrary code on the targeted system.
Remediation: Apply appropriate updates as mentioned in the Microsoft Security
Bulletins.
Successful exploitation of this vulnerability may allow access to the
PI System resulting in unauthorized viewing or alteration of PI System data.
Remediation: OSIsoft recommends that users upgrade to PI Vision 2017 or greater to
mitigate this vulnerability.
Successful exploitation of this vulnerability could allow attackers
to cause a denial of service of the SIMATIC Logon Remote Access service under certain
conditions.
Remediation: Siemens created a software upgrade V1.6 for SIMATIC Logon which
fixes the vulnerability, and they recommend users upgrade to the newest version.
Adobe has released security updates to address vulnerabilities in
Adobe Flash Player and Adobe Connect. A remote attacker could exploit some of these
vulnerabilities to take control of an affected system.
Microsoft has released updates to address vulnerabilities in
Microsoft software. A remote attacker could exploit some of these vulnerabilities to take
control of a system.
Successful exploitation of this vulnerability could compromise
credentials used to connect to third party databases or compromise credentials of Ampla
users configured with Simple Security.
Remediation: Schneider Electric recommends that users of Ampla MES versions 6.4 and
prior should upgrade to Ampla MES version 6.5 as soon as possible. Software updates can be
downloaded from Schneider Electric’s Ampla Support “Shopping Kiosk” area or from the link :
"http://shoppingkiosk.schneider-electric.com/doc_info.aspx?DocRef=Ampla2016R1Software&isdvd=False&df=12&gid=411131"
Successful exploitation of these vulnerabilities could allow a remote
attacker to execute code or cause a denial of service.
Remediation: Schneider Electric recommends that users of any Wonderware, Avantis,
SimSci, or Skelta product that installs the Wonderware ArchestrA Logger version
2017.426.2307.1 or prior should apply the Wonderware ArchestrA Logger Security Patch
v2017.517.2328.1 as soon as possible.
Successful exploitation of these vulnerabilities could cause a
denial-of-service condition, allow an attacker access to sensitive information, or allow an
attacker to perform administrative functions.
Remediation: Siemens provides updates and recommends users update to the latest
version
Successful exploitation of these vulnerabilities could allow an
attacker to access sensitive device information, circumvent authentication, and perform
administrative actions.
Remediation: Siemens has released a new firmware version (V4.29.01) to address these
vulnerabilities. It can be found at the SIPROTEC 4 downloads area at the following Siemens
web site: http://www.siemens.com/downloads/siprotec-4
Joomla! has released version 3.7.3 of its Content Management System
(CMS) software to address several vulnerabilities. A remote attacker could exploit some of
these vulnerabilities to take control of an affected website.
Cisco has released updates to address vulnerabilities affecting
multiple products. A remote attacker could exploit one of these vulnerabilities to take
control of a system.
A new variant of Petya ransomware, also known as Petrwrap, is
spreading rapidly with the help of same Windows SMBv1 vulnerability that the WannaCry
ransomware abused using EternalBlue exploit.
Ransom.Haknata is a Trojan horse that encrypts files on the
compromised computer and demands a payment to decrypt them.
Remediation: Run a full system scan. If that does not resolve the problem you can
try one of the options available in link
https://www.symantec.com/security_response/writeup.jsp?docid=2017-070415-3657-99&tabid=3
OZW672 and OZW772 devices are affected by two vulnerabilities, which
could allow
attackers to read and write historical measurement data under certain conditions, or to read
and modify data in TLS sessions.
Remediation: Siemens recommends customers to apply specific mitigations.
Successful exploitation of this vulnerability could allow a remote
attacker to upload and execute arbitrary code.
Remediation: Siemens recommends the following mitigations until patches can be
applied:
> Protect access to Port 443/TCP and Port 80/TCP of the affected product with
appropriate measures.
> Disable Port 80/TCP and use TLS client certificates (PKI) to access Port 443/TCP.
> Apply Defense-in-Depth.
A remote attacker can gain system privileges by exploiting this
vulnerability.
Remediation: Siemens strongly recommends users protect network access to the
non-perimeter industrial products with appropriate mechanisms. Siemens also advises that
users configure the operational environment according to Siemens’ Operational Guidelines for
Industrial Security.
A successful exploit of these vulnerabilities could allow an attacker
to execute arbitrary commands or compromise the confidentiality, integrity, and availability
of the system.
Remediation: Schneider Electric says a firmware update which includes fixes for
these vulnerabilities, is scheduled for availability to download by the end of August.
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of
exploitation of these vulnerabilities. Specifically, users should:
>Minimize network exposure for all control system devices and/or systems, and ensure
that they are not accessible from the Internet.
>Locate control system networks and remote devices behind firewalls, and isolate them
from the business network.
>When remote access is required, use secure methods, such as Virtual Private Networks
(VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most
current version available. Also recognize that VPN is only as secure as the connected
devices.
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS
and IOS XE Software contains multiple vulnerabilities that could allow an authenticated,
remote attacker to remotely execute code on an affected system or cause an affected system
to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet
to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be
used to exploit these vulnerabilities.
Multiple vulnerabilities have been reported in Red Hat JBoss which
could allow a remote attacker to bypass security restrictions or obtain sensitive
information.
Remediation: Apply appropriate patches as mentioned by the vendor from the link :
https://access.redhat.com/errata/RHSA-2017:1549
The National Institute of Standards and Technology (NIST) has
released the Digital Identity Guidelines document suite. The four-volume suite offers
technical guidelines for organisations that use digital identity services.
The attacks on SCADA systems are on the rise, and it is possible that
many infiltrated systems have gone undetected. Cyber criminals often infect systems and
silently monitor traffic, observe the activities and wait for months or even years before
taking any action. This allow them to strike when they can cause the maximum damage.
Multiple vulnerabilities are reported in Solaris which could be
exploited by a local attacker to disclose sensitive information and cause partial denial of
service conditions (partial DoS) on the targeted system.
Remediation: Apply the source code fix as mentioned in the link:
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-3757403.html
Drupal has released an advisory to address several vulnerabilities in
Drupal versions 7.x and 8.x. A remote attacker could exploit one of these vulnerabilities to
take control of an affected system.
US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade
to version 7.56 or 8.3.4.
Cisco has released updates to address several vulnerabilities
affecting multiple products. A remote attacker could exploit one of these vulnerabilities to
take control of a system.
US-CERT encourages users and administrators to review the following Cisco Security
Advisories and apply the necessary updates:
(a) Prime Infrastructure and Evolved Programmable Network Manager XML Injection
Vulnerability cisco-sa-20170621-piepnm1 (link is external)
(b) Virtualized Packet Core – Distributed Instance Denial-of-Service Vulnerability
cisco-sa-20170621-vpc (link is external)
(c) WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities
cisco-sa-20170621-wnrp (link is external)
Multiple information disclosure vulnerabilities exists in Microsoft
Windows Graphics Component due to Windows kernel related to
improper initialization of objects in memory or improper handling of objects in memory. A
remote attacker could successfully exploit these
vulnerabilities by running arbitrary code in kernel mode which could then allow attacker to
install programs; view, change, or delete data;
or create new accounts with full user rights.
In order to exploit these vulnerabilities, a remote attacker would first have to log on to
the system then run a specially crafted application
that could exploit these vulnerabilities and take control of an affected system.
Remediation: Apply appropriate patches as mentioned in Microsoft Security Bulletin.
Multiple memory corruption vulnerabilities exists in Microsoft Edge
due to improper handling of objects in memory. An attacker could
exploit these vulnerabilities by convincing a user to open or visit a specially crafted web
page.
Successful exploitation of this vulnerability could allow a remote attacker to execute
arbitrary code with the privileges of currently loggedin
user. Remediattion: Apply appropriate patches as mentioned in Microsoft Security Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
A memory corruption vulnerability has been discovered in Shockwave.
This vulnerability is caused due to insufficient validation on the data
inside "rcsL" atom which could be exploited by remote attacker to execute arbitrary code on
affected system via a crafted DIR file.
Successful exploitation of these vulnerabilities could allow a remote attacker to disclose
sensitive information or execute arbitrary code on
the targeted system with the context of the affected application.
Remediation: Apply appropriate updates as mentioned in the Adobe Security Bulletin
APSB17-18
Several malicious internet worms, targeting embedded/Internet of
Things ("IoT") IP cameras of various OEM's spreads by scanning the public internet for
devices
running with insecure default credentials/ inherent security weaknesses is reported.
A remote attacker can completely control the vulnerable device, can remotely control the
camera operations, can view the video feeds, upload and download files
from attacker controlled remote servers. Additionally these compromised devices can also be
used for activities such as DDoS or other malicious activities
leading to full loss of confidentiality, integrity and availability, depending on the
actions of the attacker.
These successors of IOT Mirai botnets [dubeed Persirai, TheMoon, DvrHelper, TheMoon, Hajime]
leverage default-insecure user credentials, hidden
functionalities, missing authorizations, command injection vulnerabilities, UPnP protocols,
in the device firmware to own the devices and further spreading.
Remediation: Review IOT devices [home Internet routers, DVRs, IP cameras] to ensure
they support the latest security protocols and standards and disable older insecure
protocols. (check the vendors websites for updates & patches).
Run updates and contact manufacturers to confirm devices are patched with the latest
software and firmware.
Change the default OEM credentials and ensure that passwords meet the minimum
complexity.
Disable Universal Plug and Play (UPnP) unless absolutely necessary.
Implement account lockout policies to reduce the risk of brute forcing attacks.
Telnet and SSH should be disabled on device if there is no requirement of remote
management.
Configure VPN and SSH to access device if remote access is required.
Configure certificate based authentication for telnet client for remote management of
devices
Implement Egress and Ingress filtering at router level.
Unnecessary port and services should be stopped and closed.
Logging must be enabled on the device to log all the activities.
Enable and monitor perimeter device logs to detect scan attempts towards critical
devices/systems.
The Internet Systems Consortium (ISC) has released updates that
address two vulnerabilities in BIND. An attacker could exploit one of these vulnerabilities
to take control of an affected system.
Samsung Magician fails to securely check for and retrieve updates,
which an allow an authenticated attacker to execute arbitrary code with administrator
privileges.
Mozilla has released a security update to address multiple
vulnerabilities in Thunderbird. A remote attacker could exploit some of these
vulnerabilities to take control of an affected system.
Google has released Chrome version 59.0.3071.104 for Windows, Mac,
and Linux. This version addresses several vulnerabilities, including one that an attacker
could exploit to cause a denial-of-service condition.
Multiple Valunerabilities have been reported in microsoft Outlook
which could allow an attacker to bypass security restriction and execute arbiratory code on
the targeted system.
Multiple Information Disclosure Valunerabilities have been reported
in microsoft windows kernel which could allow a local authenticated user to gain access and
disclose sensative information from the target system.
Microsoft has released updates to address vulnerabilities in
Microsoft software. A remote attacker could exploit some of these vulnerabilities to take
control of a system.
Mozilla has released security updates to address multiple
vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these
vulnerabilities to take control of an affected system.
Adobe has released security updates to address vulnerabilities in
Adobe Flash Player, Shockwave Player, Captivate, and Digital Editions. A remote attacker
could exploit some of these vulnerabilities to take control of an affected system.
The purpose of this advisory is to bring attention to a recently
discovered vulnerability to Rockwell Automation PanelView Plus 6 700-1500 graphic terminals
and logic module products.
Remediation: System administrators test and deploy the vendor released firmware
updates that address this vulnerability at your earliest convenience:
V7.00: Apply V7.00-20150209
V8.00: Apply V8.00-20160418
V8.10: Apply V8.10-20151026 or later
V8.20: Apply V8.20-20160308 or later
V9.00: Apply V9.00-20170328 or later
The purpose of this advisory is to bring attention to a security
advisory released by VMware.
Remediation: System administrators test and deploy the vendor released updates on
affected platforms accordingly.
Samba has released version 4.7.5 that contains security fixes to
address a vulnerability. Exploitation of this vulnerability could allow a malicious client
to upload a shared library to a writable share, and then cause the server to load and
execute it.
Emerging sophisticated campaign, that uses multiple malware implants.
Initial victims have been identified in several sectors, including Information Technology,
Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.
Remediation: Multiple defensive techniques and programs should be adopted and
implemented in a layered approach to provide a complex barrier to entry, increase the
likelihood of detection, and decrease the likelihood of a successful compromise. This
layered mitigation approach is known as defense-in-depth.
Applications developed using the Portrait Display SDK, versions 2.30
through 2.34, default to insecure configurations which allow arbitrary code execution.
Remediation: Apply an update .Ensure that affected applications are updated to the
most recent versions.Portrait Displays has provided patch for affected applications.
The IBM Lotus Domino server IMAP service contains a stack-based
buffer overflow vulnerability in IMAP commands that refer to a mailbox name. This can allow
a remote, authenticated attacker to execute arbitrary code with the privileges of the Domino
server.
Remediation: Apply an update.This issue is addressed in IBM Domino 9.0.1 Fix Pack 8
Interim Fix 2, and 8.5.3 Fix Pack 6 Interim Fix 17. Please see the IBM Security Bulletin for
more details.
The Pandora iOS app fails to properly validate SSL certificates provided by HTTPS
connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
Remediation: Apply an update.Pandora has released iOS app version 8.3.2 which
addresses this issue. Affected users should update their Pandora app as soon as possible.
Many organisations use HTTPS interception products for several purposes, including detecting
malware that uses HTTPS connections to malicious servers.
Remediation: Organizations using an HTTPS inspection product should verify that their
product properly validates certificate chains and passes any warnings or errors to the
client.
D-Link DIR-850L, firmware versions 1.14B07, 2.07.B05, and possibly others, contains a
stack-based buffer overflow vulnerability in the web administration interface HNAP service.
Other models may also be affected.
Remediation: The vendor has publicly disclosed the issue along with beta firmware
releases (versions 1.14B07 h2ab BETA1 and 2.07B05 h1ke BETA1, depending on the device's
hardware revision).
Sage XRT Treasury, version 3, fails to properly restrict database access to authorized
users, which may enable any authenticated user to gain full access to privileged database
functions.
Remediation: Apply an upgrade.The vendor has indicated that XRT Treasury version 4
addresses this issue. Users are encouraged to update to the latest release and to encrypt
connections to the database server.
Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may
allow a remote, unauthenticated attacker to cause a denial of service on a vulnerable
system.
Remediation: Apply an update.This issue is addressed in Microsoft Security Bulletin
MS17-012.
The Cisco WebEx extensions for Chrome, Firefox, and Internet Explorer allow a remote,
unauthenticated attacker to execute arbitrary code on a vulnerable Windows system.
Remediation: Apply an update.Cisco has addressed this vulnerability in the Chrome web
browser extension version 1.0.7 .
ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to
properly validate SSL certificates provided by HTTPS connections, which may enable an
attacker to conduct man-in-the-middle (MITM) attacks.
Remediation: Apply an update.ShoreTel has released version 9.1.5.104 for all devices
to address the vulnerability.