Mozilla has released a security update to address multiple vulnerabilities in Thunderbird.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
VMware ESXi, Workstation and Fusion updates address multiple security vulnerabilities.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Google has released Chrome version 63.0.3239.108 for Windows, Mac, and Linux.
This version addresses a vulnerability that an attacker could exploit to take control of an affected system.
Apple has released security updates to address vulnerabilities in multiple products.
A remote attacker could exploit one of these vulnerabilities to take control of an affected system.
CERT Coordination Center (CERT/CC) has released information on a Transport Layer Security (TLS) vulnerability. Exploitation of this vulnerability could allow an attacker to access sensitive information.The TLS vulnerability is also known as Return of Bleichenbacher's Oracle Threat (ROBOT). Remediation : Affected users and system administrators are encouraged to disable TLS RSA cyphers if possible.
A vulnerability was reported in Adobe Flash Player. Security settings may be reset.
Remediation : Microsoft has issued a fix for CVE-2017-11305.The Microsoft advisory is available at:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170022
Apple has released security updates to address vulnerabilities in AirPort Base Station. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system.
Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products. A remote attacker could exploit this vulnerability to take control of an affected system.
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack.
Remediation : fixes have been implemented in WordPress 4.9.1
Cisco has released security updates to address vulnerabilities in its WebEx Network Recording Player for
Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit these vulnerabilities to take control of an affected system.
The United Kingdom's National Cyber Security Centre (NCSC) has released an advisory to highlight Neuron and Nautilus tools
used alongside Snake—malware that provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services
to protect against cybersecurity threats.
Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products:
Management Engine, Server Platform Services, and Trusted Execution Engine.
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Symantec has released an update to address a vulnerability in the Symantec Management Console.
A remote attacker could exploit this vulnerability to take control of an affected system.
The CERT Coordination Center (CERT/CC) has released information on a vulnerability in
Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10.
A remote attacker could exploit this vulnerability to take control of an affected system.
Cisco has released a security update to address a vulnerability in its Voice Operating System software platform.
Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.
Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5.
An attacker could exploit these vulnerabilities to take control of an affected system.
Microsoft has released updates to address vulnerabilities in Microsoft software.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Adobe has released security updates to address vulnerabilities in Flash Player,
Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player,
and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote
attacker to take control of an affected system.
Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications.
Exploitation of this protocol may allow an attacker to take control of an affected system
Joomla! has released version 3.8.2 of its Content Management System (CMS) software to address multiple vulnerabilities.
A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.
There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
as a result of this defect would be very difficult to perform and are not
believed likely.
Cisco has released updates to address vulnerabilities affecting multiple products.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
A vulnerability was reported in Apache HTTPD on Red Hat Enterprise Linux. A remote user can bypass security controls on the
target system. The system may not properly parse comments in the 'Allow' and 'Deny' configuration lines. as a result, a remote
user may be able to access an ostensibly restricted HTTP resource. Remediation : Red hat has issued a fix.
A remote attacker may be able recover the RSA private key from a victim's public key,
if it was generated by the Infineon RSA library. Remediation : Apply appropriate updates
A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities.
Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory.
Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Remediation : Apply appropriate Patches
Severe vulnerabilities have brought all modern secure WiFi networks under serious Threat. Researchers have unearthed flaws in WPA2 protocol implementation in
WiFi Clients and Wireless Access points (APs).
Remediation : Apply appropriate updates from OEMs on all WiFi devices frequently. E.g. OS of Clients (Systems/Phones)
and Firmware of APs. Security updates will assure a key is only installed once and therefore likely to
preventing possible attack.
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
It has been intimated that several high-volume FormBook malware distribution campaigns were observed primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea during the past few months.
Dubbed FormBook, the data stealer malware is distributed u sing different methods which steal clipboard contents, log keystrokes and extract data from HTTP sessions.
Remediation: Since FormBook targets Windows devices, it is high time for high-profile institutions to either upgrade their Windows OS to the latest or move to a secure one. Moreover, don’t open any unknown or suspicious emails, don’t click links in an anonymous email and avoid downloaded attachments from the email address you are not familiar with
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
In this release, Microsoft has resolved three publicly disclosed issues, one of which has been actively exploited in the wild. The Windows zero day
vulnerability is memory corruption vulnerability in Microsoft Office (CVE-2017-11826). According to Microsoft, the Windows zero day could allow remote code execution by an attacker and affects programs in Office 2007, 2010, 2013 and 2016. Remediation: It is recommended to apply the available patches for the above vulnerabilities.
A vulnerability in Siemens 7KT PAC1200 data manager could allow an unauthenticated, remote attacker to bypass authentication mechanisms and perform unauthorized administrative actions on a targeted system.
Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13. An attacker could exploit these vulnerabilities to obtain sensitive information.
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition.
The Apache Software Foundation has released Apache Tomcat 9.0.1 and 8.5.23 to address a vulnerability in previous versions of the software. A remote attacker could exploit this vulnerability to take control of an affected server.
Remediation: Users of the affected versions should apply mitigationsprovided on link "http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3cf7229e11-5e8d-aa00-ff22-f0a795669010@apache.org%3e"
Dnsmasq is a widely used piece of open-source software. These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to remote code execution, information exposure, and denial of service. In some cases an attacker would need to induce one or more DNS requests.
Remediation:Version 2.78 has been released to address these vulnerabilities.
A vulnerability in Linux Kernel could allow a local attacker to gain elevated privileges on a targeted system
Remediation:The vendor has issued a source code fix.
Multiple vulnerabilities were reported in Apple iOS. A remote user on the wireless network can obtain potentially sensitive information and execute arbitrary code. A remote user can cause denial of service conditions on the target system. A remote user can spoof the address bar. A remote user can conduct cross-site scripting attacks.
Remediation:The vendor has issued a fix (11.0).
Several vulnerabilities were reported in Apple Safari. A remote user can execute arbitrary code on the target system. A remote user can spoof the address bar. A remote user can conduct cross-site scripting attacks. Remediation:The vendor has issued a fix (11.0).
A vulnerability was reported in IBM WebSphere Portal. A remote user can view files on the target system.
Remediation: IBM has issued a fix (APAR PI87495).
Successful exploitation of these vulnerabilities could lead to a malicious attacker escalating his or her privileges or assuming the identity of an authenticated user and obtaining sensitive data..
Remediation: Hikvision has released updates to mitigate the improper authentication vulnerability in cameras sold through authorized distributers. Hikvision has not mitigated the password in configuration file vulnerability.
Joomla! has released version 3.8.0 of its Content Management System (CMS) software to address a vulnerability. A remote attacker could exploit this vulnerability to obtain access to sensitive information.
The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit any of these vulnerabilities to obtain access to potentially sensitive information.
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been reported in Microsoft Windows, which could be exploited by an attacker to obtain sensitive information, remote code execution, spoofing and bypass certain security feature to gain elevated privileges on the targeted system..
Remediation: Apply appropriate patch as mentioned in Microsoft Security Bulletin
Multiple vulnerabilities have been reported in Microsoft Edge , which could be exploited by an unauthenticated remote attacker to obtain sensitive information, remote code execution , spoofing ,security feature bypass and gain elevated privileges on the targeted system.
Remediation: Apply appropriate Patches.
Multiple memory corruption vulnerabilities have been reported in Adobe Flash Player which could allow a remote attacker to execute arbitrary code on the targeted system.
Remediation: Apply appropriate security updates
Multiple vulnerabilities have been reported in Microsoft Edge , which could be exploited by an unauthenticated remote attacker to obtain sensitive information, remote code execution , spoofing ,security feature bypass and gain elevated privileges on the targeted system.
Remediation: Apply appropriate Patches.
VMware has released security updates to address vulnerabilities in ESXi, vCenter Server, Fusion, and Workstation. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system
A vulnerability has been reported in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points which could be exploited by a remote attacker to unauthenticated complete control of an affected device.
Remediation: Apply appropriate updates.
A Vulnerability has been reported in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) that can be exploited to allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to sensitive information on an affected system.
Remediation: Apply appropriate updates.
A collection of Bluetooth implementation vulnerabilities known as "BlueBorne" has been released. These vulnerabilities collectively affect Windows, iOS, and Linux-kernel-based operating systems including Android and Tizen, and may in worst case allow an unauthenticated attacker to perform commands on the device.
Remediation: 1. Apply an update. 2. Disable Bluetooth on your device.
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.
Google has released Chrome version 61.0.3163.79 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.
The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system.
Successful exploitation of this vulnerability may allow an attacker to access various resources.
Remediation: Siemens provides fixes and recommends users upgrade to the newest version.
Successful exploitation of these vulnerabilities could allow an attacker to hijack existing web sessions.Siemens reports that the vulnerabilities affect the LOGO!8 BM: All versions.
Remediation: Siemens provides LOGO!8 BM FS-05 with firmware Version V1.81.2, which fixes the first vulnerability. And also recommends applying the suggested mitigations for users with existing installations, and for mitigation of the second vulnerability.
Successful exploitation of this vulnerability could cause a denial-of-service condition in the affected component that may require a manual restart of the main device to recover.
Remediation: Siemens provides firmware Version V2.1.3 [1] for 7KM PAC Switched Ethernet PROFINET expansion modules, which fixes the vulnerability, and recommends users to update to the new fixed version.
Successful exploitation of these vulnerabilities could allow an unauthorized user to create an account on the device or access the device’s database.
Remediation: OPW have issued “Service Bulletin 462†and a letter to users to inform them of the availability of free upgrades (firmware Version 17Q2.1) to mitigate these vulnerabilities.
Successful exploitation of this vulnerability could allow an unauthenticated user to access SoftCMS Live Viewer without knowing the user’s password.
Remediation: Moxa has provided software update Version 1.7 for SoftCMS Live Viewer which fixes this vulnerability.
The vulnerability, if exploited, could lead to the disclosure of confidential data, denial of service (DoS), spoofing of a request from an upstream device, port scanning from the perspective of the machine where the parser is located, and other system impacts.
Remediation: ALC applications should always be installed and maintained in accordance with the Provided guidelines.
Smartphone is a mobile phone that performs many of the functions of a computer, typically having a touchscreen interface, Internet access,
and an operating system capable of running downloaded apps. Users rarely secure their mobile device, making it a target rich environment
for malware.
. Remediation: User need to follow the best practices while using Smartphone.
Successful exploitation of these vulnerabilities may allow a nearby attacker to gain unauthorized access to a pacemaker and issue commands, change settings, or otherwise interfere with the intended function of the pacemaker.
Remediation: Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
Successful exploitation of these vulnerabilities could allow authenticated system users to escalate their privileges and modify or replace application files.
Remediation: According to AzeoTech, the newest version (Version 17.1) gives write privileges only to administrators and no longer searches for dlls outside of the application directory.
Successful exploitation of these vulnerabilities may allow remote code execution or unauthorized access and could cause the device that the attacker is accessing to crash.
Remediation: Advantech has released a new version of WebAccess to address the reported vulnerabilities.
This vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users.
Remediation: Apply Appropriate Update.
This vulnerability is due to a design defect in the extension. A remote user can create specially crafted web content that, when loaded by the target user, will trigger input validation flaws in the Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox on Windows-based systems and execute arbitrary code on the target users system.
Remediation: Apply Appropriate Update.
A vulnerability has been reported in IBM WebSphere Application server which could be exploited by a
remote attacker to access sensitive information on the target system.
Remediation: Apply Appropriate Update.
Successful exploitation of these vulnerabilities could allow a remote attacker to obtain hard-coded cryptographic keys, hard-coded credentials, or trick a user into submitting a malicious request, resulting in the attacker gaining unauthorized access to the device and running arbitrary code.
Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to execute code on an affected system or cause an affected system to crash and reload.
The Federal Communications Commission (FCC) of USA has released a public notice encouraging communications service providers to voluntarily use security best practices recommended by the Communications Security, Reliability, and Interoperability Council (CSRIC), a federal advisory committee to the FCC.
These best practices help prevent exploitation of Signaling System 7 (SS7) network infrastructure, a signaling protocol that connects communication networks.
Successful exploitation of this vulnerability could cause an attacker to gain read access to system files through directory traversal.
Remediation: SpiderControl has produced a new version of the software (Version 2.02.0100)
Successful exploitation of this vulnerability could allow an attacker to gain access to the system, manipulate system files, and potentially render the system unavailable.
Remediation: SpiderControl has produced a new version of the software (Version 1.6.40.148).
Successful exploitation of these vulnerabilities could allow an authenticated user to elevate his or her privileges to execute arbitrary code on the system.
Remediation: ALC provides support for WebCTRL, i-Vu, SiteScan Web versions 6.0 and greater. Those users using prior versions, including 5.5 and 5.2, must upgrade to supported versions in order to install these mitigation patches.
On October 11, 2017, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the domain name system (DNS) Security Extensions (DNSSEC) protocol.
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Remediation: Apply Necessary Updates.
Philips has identified Hard-coded Credentials and Cleartext Storage of Sensitive Information vulnerabilities in Philips’ DoseWise Portal (DWP) web application. Philips has updated product documentation and produced a new version that mitigates these vulnerabilities.
These vulnerabilities could be exploited remotely.
Remediation: Philips is scheduled to release a new product version and supporting product documentation in August 2017.
It has been reported that a few recent versions of NetSarang's network connectivity and server management software suites are allegedly modified and included a malicious backdoor module which provides flexible remote control capabilities to an adversary
in the victim network.
Remediation: The vendor advised to update to the latest builds which are Xmanager Enterprise Build 1236, Xmanager Build 1049, Xshell Build 1326,Xftp Build 1222, and Xlpd Build 1224.
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system..
Remediation: Apply the necessary updates
Drupal has released an advisory to address several vulnerabilities in Drupal 8.x. A remote attacker could exploit one of these vulnerabilities to obtain or modify sensitive information.
Remediation: Apply Security Updates
A vulnerability has been reported in Juniper Junos by which a network based attacker on unauthorized access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet.
Workaround: 1.Disable SNMP (disabled by default) 2.Utilize edge filtering with source-address validation (uRPF, etc.) 3.Access control lists (ACLs)
4. SNMP v3 authentication to limit access.
Multiple vulnerabilities have been reported in Adobe Flash Player which could allow a remote attacker to execute arbitrary code and
bypass security controls on the affected system which could lead to information disclosure.
Remediation: Apply appropriate updates
Multiple vulnerabilities have been reported in Microsoft Windows which could be exploited by a remote attacker to cause Denial of Service (DoS),obtain potentially sensitive information and execute arbitrary code on the targeted system. .
Remediation: Apply appropriate software fixes
Symantec has released an update to address vulnerabilities in the Symantec Messaging Gateway. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.
Remediation: Apply necessary patches
Multiple vulnerabilities have been reported in Microsoft Internet Explorer that could allow a remote attacker to bypass security restrictions and execute arbitrary code on the targeted system.
Remediation: Apply appropriate patches
A Vulnerability has been reported in Microsoft SharePoint Server which could allow remote attacker to perform the cross site scripting attack on the targeted system.
Remediation: Apply appropriate security updates
Multiple vulnerabilities have been reported in Microsoft Edge which could allow a remote attacker to execute arbitrary code, bypass security restrictions, gain elevated privileges or obtain sensitive information of the targeted system.
Remediation: Apply appropriate patches
A vulnerability has been reported in Microsoft SQL Server which could allow a remote authenticated attacker to obtain sensitive information on the targeted system.
Remediation: Apply Appropriate Updates.
Successful exploitation of this vulnerability may allow arbitrary code execution.
Remediation: Solar Controls has not responded to requests to coordinate with NCCIC/ICS-CERT.
Successful exploitation of this vulnerability may allow arbitrary code execution.
Remediation: Solar Controls has not responded to requests to coordinate with NCCIC/ICS-CERT.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
Remediation: SIMPlight has not responded to requests to work with NCCIC/ICS-CERT to mitigate this vulnerability.
Successful exploitation of this vulnerability could allow an attacker to cause a crash of the device’s Wi-Fi module resulting in a denial-of-service condition affecting the Wi-Fi module chipset. This does not affect the device’s ability to deliver therapy.
Remediation: This vulnerability has been addressed in devices released after July 1, 2017. For devices released prior to July 1, 2017, BMC Medical and 3B Medical offer no mitigations.
Successful exploitation of this vulnerability could cause the target device to crash and may allow arbitrary code execution.
Remediation: Advantech was unable to verify the validity of this vulnerability. ZDI recommends that this product be restricted to interact with trusted files only.
Multiple vulnerabilities have been reported in Adobe Acrobat and Reader which could allow a remote attacker to execute arbitrary code and bypass security controls on the target system.
Remediation: Apply appropriate security updates
An attacker who successfully exploits this vulnerability could access files on the affected products’ file systems, view data, change configuration, retrieve password hash codes, and potentially insert and send commands to connected devices without authorization.
Remediation: Install necessary patch
Successful exploitation of these vulnerabilities could allow remote code execution or cause the software that the attacker is accessing to crash. The improper privilege management vulnerability could allow an attacker with local access to escalate privileges.
Remediation: Fuji Electric has released a new version of Monitouch V-SFT, Version 5.4.43.0, to fix these vulnerabilities.
Multiple vulnerabilities have been reported in Adobe Flash Player which could allow a remote attacker to execute arbitrary code and obtain potentially sensitive information on the target system..
Remediation: Apply appropriate security updates
Juniper Networks has released a security advisory that addresses a vulnerability in Junos OS. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
Remediation: The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D65 12.3X48-D40 14.2R8 15.1F7 15.1R5 15.1X49-D70 15.1X53-D47 16.1R4 16.2R2 17.1R1, and all subsequent releases.
A vulnerability has been reported in multiple Red Hat products which could allow an unauthenticated, remote attacker to access sensitive information.
Remediation: Apply Apporopiate Updates
A vulnerability has been reported in Linux Kernel NFS Server which could allow an unauthenticated remote attacker to execute arbitrary code on a targeted system.
Remediation: Apply Apporopiate Updates
Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Remediation: Apply necessary updates
Successful exploitation of this vulnerability may allow an attacker to execute code from a malicious DLL on the affected system with the same privileges as the application that loaded the malicious DLL.
Remediation: Moxa has provided software update Version 3.4 for SoftNVR-IA Live Viewer which fixes this vulnerability.
Successful exploitation of these vulnerabilities could allow an unauthorized attacker to gain privileged access to the system. An attacker may also be able to store a malicious script in the application database.
Remediation: OSIsoft recommends that users update their software at the earliest opportunity.
Siemens is warning customers that some of its CT and PET scanning machines have a pair of remotely exploitable vulnerabilities that attackers can use to execute arbitrary code.
Successful exploitation of this vulnerability may allow arbitrary code execution.
Remediation: Schneider Electric recommends that users update to the latest software Version 4.07.100 or newer
Multiple vulnerabilities have been reported in the Google Chrome which could be exploited by a remote attacker to execute arbitrary code, bypass security restrictions, access sensitive information, conduct URL spoofing attacks, or cause denial of service (DoS) conditions on the targeted system.
Remediation: Upgrade to Google chrome version 60.0.3112.78
Successful exploitation of these vulnerabilities can result in corruption of sensitive information, system crash, denial of service, and arbitrary code execution.
Remediation: Mitsubishi recommends the following actions to mitigate these vulnerabilities:
1. Use E-Designer in a safe, firewalled network.
2. Replace E-Designer HMIs with interfaces built with Mitsubishi’s new product, GT Works. E-Designer has been discontinued.
Exploitation of these vulnerabilities may allow a remote attacker to compromise the Trio TView Management Suite.
Remediation: The Java Runtime Environment 1.8.0u131 is provided with TView Version 3.29.0 and is not affected by these vulnerabilities.
Multiple vulnerabilities have been reported in Microsoft Office Outlook, which could be exploited by an attacker to obtain sensitive information or execute remote commands on the targeted system.
Remediation: Apply appropriate patches
Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code. Remediation: Continental has validated the reported vulnerabilities but has not yet identified a mitigation plan.
Successful exploitation of these vulnerabilities could allow an attacker to transmit fraudulent data or perform a denial of service.
Remediation: Mirion Technologies recommends that users of 900 MHz devices compare data received with expected results and past results. Inconsistencies could indicate the presence of an interfering device.
Successful exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access to the affected system and to issue unexpected commands to impact the intended operation of the system.
Remediation: PDQ Manufacturing, Inc. (“PDQ”) has validated the vulnerabilities and is developing product fixes for the affected systems
Cisco has released updates to address several vulnerabilities affecting multiple products. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.
Remediation: Apply necessary updates
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. Attackers with the ability to transmit messages from a routing domain router may send specially crafted OSPF messages to poison routing tables within the domain.
Remediation: Install Updates.
McAfee has released a security bulletin to address multiple vulnerabilities in Web Gateway. Some of these vulnerabilities could allow a remote attacker to take control of an affected system.
Remediation: Apply necessary updates
Multiple Vulnerability have been reported in Joomla, which could be exploited by a remote attacker to perform cross-site script (XSS) attacks or access sensitive information on the targeted system.
Remediation: Upgrade to Joomla version 3.7.4
Multiple Vulnerabilities have been reported in various in Oracle Products which could be exploited by an attacker to disclose sensitive information, gain elevated privileges or cause Denial of Service (DoS) conditions on the targeted system.
Remediation: Apply appropriate patches as mentioned in Oracle Security Advisory
Multiple Vulnerabilities have been reported in various Oracle Products which could be exploited by a remote attacker to cause denial of service conditions via network, disclosure of system information and user information, Modification of system information and user information, user access via local system and via network
Remediation: Apply appropriate patches as mentioned in Oracle Security Bulletin issue. All affected users should update their firmware as soon as possible.
Multiple Vulnerability have been reported in IBM Tivoli Enterprise Portal Server , which could be exploited by a attacker to execute arbitrary code , modify data and obtain elevated privilieges on the target system.
Remediation: Apply appropriate patches.
The Telerik Web UI, versions R2 2017 (2017.2.503) and prior, is vulnerable to a cryptographic weakness which an attacker can exploit to extract encryption keys.
Remediation: Apply an Update.
Google has released Chrome version 60.0.3112.78 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.
Remediation: Apply an Update.
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial of service on the device due to a buffer overflow condition.
Remediation: Because this is a hardware vulnerability, there are no software workarounds available.
A Vulnerability has been reported in Gnome Files which could allow a local attacker to compromise the target system withot further user interaction.
Remediation: Apply source code fix.
Inmarsat Solutions offers a shipboard email client service, AmosConnect 8 (AC8), which was designed to be utilized over satellite networks in a highly optimized manner. A third-party security research firm has identified two security vulnerabilities in the client software.
IBM has released a security update to address some vulnerabilities in its IBM Cisco MDS Series Switches Data Center Network Manager (DCNM) software. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.
Remediation: Apply necessary updates
Cisco has released a security update to address a vulnerability in its Web Security Appliance (WSA). A remote attacker could exploit this vulnerability to take control of a system.
Remediation: Apply necessary updates
Successful exploitation of these vulnerabilities could allow an attacker to perform actions on behalf of a legitimate user, perform network reconnaissance, or gain access to resources beyond those intended with normal operation of the product.
Multiple Vulnerabilities have been reported in Google Android which could allow a remote attacker to cause obtain elevated privileges or execute arbitrary code on the targeted system.
Remediation: Contact device vendor or manufacturer for appropiate over-the-air updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow.
Remediation: Dahua has released firmware version DH_IPC-ACK-Themis_Eng_P_V2.400.0000.14.R.20170713.bin to address this issue. All affected users should update their firmware as soon as possible. If you have any questions, you may contact cybersecurity@dahuatech.com.
Successful exploitation of this vulnerability could cause the device that the attacker is accessing to enter a Denial-of-Service (DoS) condition.
Remediation: Rockwell Automation recommends updating to the latest firmware revision of MicroLogix 1100 controllers, Version FRN 16.0 or later
Successful exploitation of these vulnerabilities could allow attackers to gain unauthorized access to privileged information.
Remediation: ABB recommends that users update firmware to version 1.9.0 or newer for WiFi Logger Card, and version 2.2.5 or newer for WiFi Logger Card for React.
Multiple vulnerabilities have been reported in Microsoft Windows, which could be exploited by an attacker to obtain sensitive information, remote code execution, security feature bypass and gain elevated privilege on the targeted system.
Remediation: Apply appropriate patch as mentioned in Microsoft Security Guidances
(https://portal.msrc.microsoft.com/en-us/security-guidance)
Multiple vulnerabilities have been reported in Apache HTTP Server, which could allow a remote attacker to cause Denial of Service (DoS) and access sensitive information on a targeted system.
Remediation: Apply appropriate updates as mention in the following link: http://httpd.apache.org/download.cgi
Juniper has released ScreenOS 6.3.0r24 to address multiple cross-site scripting vulnerabilities found in prior versions. An attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Juniper’s Security Bulletin (link is external) and update all affected ScreenOS versions.
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker with network access to the server to perform administrative operations.
Remediation: Siemens provides SiPass integrated V2.70, which fixes the vulnerabilities, and recommends users update to the new version.
Successful exploitation of these vulnerabilities could allow an attacker in a privileged network position to read and modify data within a Transport Layer Security TLS session.
Remediation: Siemens has released SIMATIC WinCC Sm@rtClient V1.0.2.2 for Android to address these vulnerabilities and recommends updating as soon as possible.
The Samba Team has released security updates that address a vulnerability in all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos. A remote attacker could exploit this vulnerability to take control of an affected system.
A vulnerability exists in Microsoft Common Object Runtime Library due to improperly handling of web requests. An unauthenticated remote attacker could exploit this vulnerability by injecting a specially crafted web requests to the .NET application to cause a denial of service condition (DoS) on targeted system.
Remediation: Apply appropriate update as mentioned in the Microsoft Security Guidance. (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8585)
Multiple vulnerabilities have been reported in Microsoft Edge which could allow remote attacker to bypass same origin policy and spoof content and execute arbitrary code on the target system. Remediation: Apply appropriate patches as mentioned in the Microsoft Security Guidance from link : https://portal.msrc.microsoft.com/en-us/security-guidance
Multiple vulnerabilities have been reported in Microsoft Office that could allow a remote attacker to execute arbitrary code and gain elevated privileges on the target system.
Remediation: Apply appropriate software fixes as available on the vendor website.
Multiple vulnerabilities have been reported in Microsoft Internet Explorer that could allow a remote attacker to bypass security restrictions , spoof content and execute arbitrary code on the targeted system.
Remediation: Apply appropriate updates as mentioned in the Microsoft Security Bulletins.
Successful exploitation of this vulnerability may allow access to the PI System resulting in unauthorized viewing or alteration of PI System data.
Remediation: OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.
Successful exploitation of this vulnerability could allow attackers to cause a denial of service of the SIMATIC Logon Remote Access service under certain conditions.
Remediation: Siemens created a software upgrade V1.6 for SIMATIC Logon which fixes the vulnerability, and they recommend users upgrade to the newest version.
Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Connect. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.
Successful exploitation of this vulnerability could compromise credentials used to connect to third party databases or compromise credentials of Ampla users configured with Simple Security.
Remediation: Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible. Software updates can be downloaded from Schneider Electric’s Ampla Support “Shopping Kiosk” area or from the link : "http://shoppingkiosk.schneider-electric.com/doc_info.aspx?DocRef=Ampla2016R1Software&isdvd=False&df=12&gid=411131"
Successful exploitation of these vulnerabilities could allow a remote attacker to execute code or cause a denial of service.
Remediation: Schneider Electric recommends that users of any Wonderware, Avantis, SimSci, or Skelta product that installs the Wonderware ArchestrA Logger version 2017.426.2307.1 or prior should apply the Wonderware ArchestrA Logger Security Patch v2017.517.2328.1 as soon as possible.
Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow an attacker access to sensitive information, or allow an attacker to perform administrative functions.
Remediation: Siemens provides updates and recommends users update to the latest version
Successful exploitation of these vulnerabilities could allow an attacker to access sensitive device information, circumvent authentication, and perform administrative actions.
Remediation: Siemens has released a new firmware version (V4.29.01) to address these vulnerabilities. It can be found at the SIPROTEC 4 downloads area at the following Siemens web site: http://www.siemens.com/downloads/siprotec-4
Joomla! has released version 3.7.3 of its Content Management System (CMS) software to address several vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.
A new variant of Petya ransomware, also known as Petrwrap, is spreading rapidly with the help of same Windows SMBv1 vulnerability that the WannaCry ransomware abused using EternalBlue exploit.
Ransom.Haknata is a Trojan horse that encrypts files on the compromised computer and demands a payment to decrypt them.
Remediation: Run a full system scan. If that does not resolve the problem you can try one of the options available in link https://www.symantec.com/security_response/writeup.jsp?docid=2017-070415-3657-99&tabid=3
OZW672 and OZW772 devices are affected by two vulnerabilities, which could allow
attackers to read and write historical measurement data under certain conditions, or to read
and modify data in TLS sessions.
Remediation: Siemens recommends customers to apply specific mitigations.
Successful exploitation of this vulnerability could allow a remote attacker to upload and execute arbitrary code.
Remediation: Siemens recommends the following mitigations until patches can be applied:
> Protect access to Port 443/TCP and Port 80/TCP of the affected product with appropriate measures.
> Disable Port 80/TCP and use TLS client certificates (PKI) to access Port 443/TCP.
> Apply Defense-in-Depth.
A remote attacker can gain system privileges by exploiting this vulnerability.
Remediation: Siemens strongly recommends users protect network access to the non-perimeter industrial products with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security.
A successful exploit of these vulnerabilities could allow an attacker to execute arbitrary commands or compromise the confidentiality, integrity, and availability of the system.
Remediation: Schneider Electric says a firmware update which includes fixes for these vulnerabilities, is scheduled for availability to download by the end of August.
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
>Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
>Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
>When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.
Multiple vulnerabilities have been reported in Red Hat JBoss which could allow a remote attacker to bypass security restrictions or obtain sensitive information.
Remediation: Apply appropriate patches as mentioned by the vendor from the link :
https://access.redhat.com/errata/RHSA-2017:1549
The National Institute of Standards and Technology (NIST) has released the Digital Identity Guidelines document suite. The four-volume suite offers technical guidelines for organizations that use digital identity services.
The attacks on SCADA systems are on the rise, and it is possible that many infiltrated systems have gone undetected. Cyber criminals often infect systems and silently monitor traffic, observe the activities and wait for months or even years before taking any action. This allow them to strike when they can cause the maximum damage.
Multiple vulnerabilities are reported in Solaris which could be exploited by a local attacker to disclose sensitive information and cause partial denial of service conditions (partial DoS) on the targeted system.
Remediation: Apply the source code fix as mentioned in the link:
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-3757403.html
Drupal has released an advisory to address several vulnerabilities in Drupal versions 7.x and 8.x. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.
US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.56 or 8.3.4.
Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.
US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
(a) Prime Infrastructure and Evolved Programmable Network Manager XML Injection Vulnerability cisco-sa-20170621-piepnm1 (link is external)
(b) Virtualized Packet Core – Distributed Instance Denial-of-Service Vulnerability cisco-sa-20170621-vpc (link is external)
(c) WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities cisco-sa-20170621-wnrp (link is external)
Multiple information disclosure vulnerabilities exists in Microsoft Windows Graphics Component due to Windows kernel related to
improper initialization of objects in memory or improper handling of objects in memory. A remote attacker could successfully exploit these
vulnerabilities by running arbitrary code in kernel mode which could then allow attacker to install programs; view, change, or delete data;
or create new accounts with full user rights.
In order to exploit these vulnerabilities, a remote attacker would first have to log on to the system then run a specially crafted application
that could exploit these vulnerabilities and take control of an affected system.
Remediation: Apply appropriate patches as mentioned in Microsoft Security Bulletin.
Multiple memory corruption vulnerabilities exists in Microsoft Edge due to improper handling of objects in memory. An attacker could
exploit these vulnerabilities by convincing a user to open or visit a specially crafted web page.
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code with the privileges of currently loggedin
user. Remediattion: Apply appropriate patches as mentioned in Microsoft Security Guidance https://portal.msrc.microsoft.com/en-us/security-guidance
A memory corruption vulnerability has been discovered in Shockwave. This vulnerability is caused due to insufficient validation on the data
inside "rcsL" atom which could be exploited by remote attacker to execute arbitrary code on affected system via a crafted DIR file.
Successful exploitation of these vulnerabilities could allow a remote attacker to disclose sensitive information or execute arbitrary code on
the targeted system with the context of the affected application.
Remediation: Apply appropriate updates as mentioned in the Adobe Security Bulletin APSB17-18
Several malicious internet worms, targeting embedded/Internet of Things ("IoT") IP cameras of various OEM's spreads by scanning the public internet for devices
running with insecure default credentials/ inherent security weaknesses is reported.
A remote attacker can completely control the vulnerable device, can remotely control the camera operations, can view the video feeds, upload and download files
from attacker controlled remote servers. Additionally these compromised devices can also be used for activities such as DDoS or other malicious activities
leading to full loss of confidentiality, integrity and availability, depending on the actions of the attacker.
These successors of IOT Mirai botnets [dubeed Persirai, TheMoon, DvrHelper, TheMoon, Hajime] leverage default-insecure user credentials, hidden
functionalities, missing authorizations, command injection vulnerabilities, UPnP protocols, in the device firmware to own the devices and further spreading.
Remediation: Review IOT devices [home Internet routers, DVRs, IP cameras] to ensure they support the latest security protocols and standards and disable older insecure
protocols. (check the vendors websites for updates & patches).
Run updates and contact manufacturers to confirm devices are patched with the latest software and firmware.
Change the default OEM credentials and ensure that passwords meet the minimum complexity.
Disable Universal Plug and Play (UPnP) unless absolutely necessary.
Implement account lockout policies to reduce the risk of brute forcing attacks.
Telnet and SSH should be disabled on device if there is no requirement of remote management.
Configure VPN and SSH to access device if remote access is required.
Configure certificate based authentication for telnet client for remote management of devices
Implement Egress and Ingress filtering at router level.
Unnecessary port and services should be stopped and closed.
Logging must be enabled on the device to log all the activities.
Enable and monitor perimeter device logs to detect scan attempts towards critical devices/systems.
The Internet Systems Consortium (ISC) has released updates that address two vulnerabilities in BIND. An attacker could exploit one of these vulnerabilities to take control of an affected system.
Samsung Magician fails to securely check for and retrieve updates, which an allow an authenticated attacker to execute arbitrary code with administrator privileges.
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Google has released Chrome version 59.0.3071.104 for Windows, Mac, and Linux. This version addresses several vulnerabilities, including one that an attacker could exploit to cause a denial-of-service condition.
Multiple Valunerabilities have been reported in microsoft Outlook which could allow an attacker to bypass security restriction and execute arbiratory code on the targeted system.
Multiple Information Disclosure Valunerabilities have been reported in microsoft windows kernel which could allow a local authenticated user to gain access and disclose sensative information from the target system.
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.
Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Shockwave Player, Captivate, and Digital Editions. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The purpose of this advisory is to bring attention to a recently discovered vulnerability to Rockwell Automation PanelView Plus 6 700-1500 graphic terminals and logic module products.
Remediation: System administrators test and deploy the vendor released firmware updates that address this vulnerability at your earliest convenience:
V7.00: Apply V7.00-20150209
V8.00: Apply V8.00-20160418
V8.10: Apply V8.10-20151026 or later
V8.20: Apply V8.20-20160308 or later
V9.00: Apply V9.00-20170328 or later
The purpose of this advisory is to bring attention to a security advisory released by VMware.
Remediation: System administrators test and deploy the vendor released updates on affected platforms accordingly.
Samba has released version 4.7.5 that contains security fixes to address a vulnerability. Exploitation of this vulnerability could allow a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Emerging sophisticated campaign, that uses multiple malware implants. Initial victims have been identified in several sectors, including Information Technology, Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.
Remediation: Multiple defensive techniques and programs should be adopted and implemented in a layered approach to provide a complex barrier to entry, increase the likelihood of detection, and decrease the likelihood of a successful compromise. This layered mitigation approach is known as defense-in-depth.
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution.
Remediation: Apply an update .Ensure that affected applications are updated to the most recent versions.Portrait Displays has provided patch for affected applications.
The IBM Lotus Domino server IMAP service contains a stack-based buffer overflow vulnerability in IMAP commands that refer to a mailbox name. This can allow a remote, authenticated attacker to execute arbitrary code with the privileges of the Domino server.
Remediation: Apply an update.This issue is addressed in IBM Domino 9.0.1 Fix Pack 8 Interim Fix 2, and 8.5.3 Fix Pack 6 Interim Fix 17. Please see the IBM Security Bulletin for more details.
The Pandora iOS app fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
Remediation: Apply an update.Pandora has released iOS app version 8.3.2 which addresses this issue. Affected users should update their Pandora app as soon as possible.
Many organizations use HTTPS interception products for several purposes, including detecting malware that uses HTTPS connections to malicious servers.
Remediation: Organizations using an HTTPS inspection product should verify that their product properly validates certificate chains and passes any warnings or errors to the client.
D-Link DIR-850L, firmware versions 1.14B07, 2.07.B05, and possibly others, contains a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Other models may also be affected.
Remediation: The vendor has publicly disclosed the issue along with beta firmware releases (versions 1.14B07 h2ab BETA1 and 2.07B05 h1ke BETA1, depending on the device's hardware revision).
Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions.
Remediation: Apply an upgrade.The vendor has indicated that XRT Treasury version 4 addresses this issue. Users are encouraged to update to the latest release and to encrypt connections to the database server.
Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service on a vulnerable system.
Remediation: Apply an update.This issue is addressed in Microsoft Security Bulletin MS17-012.
The Cisco WebEx extensions for Chrome, Firefox, and Internet Explorer allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable Windows system.
Remediation: Apply an update.Cisco has addressed this vulnerability in the Chrome web browser extension version 1.0.7 .
ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
Remediation: Apply an update.ShoreTel has released version 9.1.5.104 for all devices to address the vulnerability.
