CVE-2022-37301

A CWE-191: Integer Underflow Wrap or Wraparound vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU part numbers BMXP34V3.40 and prior, Modicon M580 CPU part numbers BME...

CVE-2022-37301

A CWE-191: Integer Underflow Wrap or Wraparound vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU part numbers BMXP34V3.40 and prior, Modicon M580 CPU part numbers BME...

KB5021653: Out-of-band update for Windows Server 2012 R2: November 17, 2022

KB5021653: Out-of-band update for Windows Server 2012 R2: November 17, 2022 Summary This update includes improvements for the following issue: Addresses a known issue that affects Windows Servers that have the Domain Controller DC role. They might have Kerberos authentication issues if both of th...

November 17, 2022—KB5021655 (OS Build 17763.3653) Out-of-band

November 17, 2022—KB5021655 OS Build 17763.3653 Out-of-band 10/11/22 REMINDER As of September 20, 2022, there are no more optional, non-security preview releases for the 2019 LTSC editions and Windows Server 2019. Only cumulative monthly security updates known as the "B" or Update Tuesday release...

KB5021657: Out-of-band update for Windows Server 2008 SP2: November 17, 2022

KB5021657: Out-of-band update for Windows Server 2008 SP2: November 17, 2022 Summary This update includes improvements for the following issue: Addresses a known issue that affects Windows Servers that have the Domain Controller DC role. They might have Kerberos authentication issues if both of t...

November 17, 2022—KB5021656 (OS Build 20348.1251) Out-of-band

November 17, 2022—KB5021656 OS Build 20348.1251 Out-of-band 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B”...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-2767)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enabl...

High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies

Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The high-severity issue, tracked as CVE-2022-0902 CVSS score: 8.1, is a path-traversal vulnerabili...

Multiple vulnerabilities in OMRON products

Overview Machine automation controller NJ/NX series, Automation software "Sysmac Studio", and programmable terminal PT NA series provided by OMRON Corporation contain multiple vulnerabilities in the communication function. The vulnerabilities are as follows. Use of Hard-coded Credentials CWE-798 ...

Omron NJ/NX-series Machine Automation Controllers

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely, public exploits are available Vendor: Omron Equipment: NJ/NX-series Machine Automation Controllers Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain...

Aruba Networks ArubaOS Input Validation Error Vulnerability

Aruba Networks ArubaOS, an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, is vulnerable to an input validation error. The vulnerability can be exploited to interrupt the normal operation of the affected access poin...

Siemens Web Server Login Page of Industrial Controllers

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SINUMERIK ONE and SINUMERIK MC Insufficiently Protected Credentials (CVE-2022-38465)

A vulnerability has been identified in SIMATIC Drive Controller family All versions V2.9.2, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions V21.9, SIMATIC S7-1200 CPU family incl...

CVE-2022-37908

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller...

CVE-2022-37908

CVE-2022-37908 affects ArubaOS bootloader on Aruba 7xxx series controllers. The root cause, as described in connected sources, is a bootloader integrity issue that allows an authenticated attacker to impact the integrity of the bootloader and, consequently, compromise the hardware chain of trust ...

CVE-2022-37907

ArubaOS bootloader on 7xxx series Mobility Controllers is affected by a DoS vulnerability that can cause a system hang requiring a power cycle. The issue stems from the bootloader and impacts availability (CVE-2022-37907). The public description consistently states DoS as the outcome; explicit ex...

CVE-2022-37907

A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service DoS condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller...

CVE-2022-37907

A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service DoS condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller...

CVE-2022-37905

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system...

CVE-2022-37905

CVE-2022-37905 affects ArubaOS on 7xxx series controllers. The embedded OS vulnerability enables an attacker to execute arbitrary code during the boot sequence, potentially causing permanent modification of the underlying operating system. Documents corroborate this boot-time code execution risk ...