< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2056 articles · page 16 of 103

Cisco fixes CVE-2026-20182 SD-WAN Controller bypass

🔒 Cisco has released fixes for a maximum-severity authentication bypass in Cisco Catalyst SD-WAN Controller (CVE-2026-20182) that it says has been exploited in limited attacks. The flaw allows a remote unauthenticated attacker to become an authenticated peer and obtain administrative privileges by abusing the peering authentication mechanism. Affected deployments include On-Prem, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP); Cisco urges immediate patching and recommends auditing /var/log/auth.log for suspicious peering or publickey entries.
read more →

NGINX 18-Year Heap Overflow (CVE-2026-42945) Risks DoS/RCE

🔒 Researchers at DepthFirst AI found an 18-year-old heap buffer overflow in NGINX’s ngx_http_rewrite_module (CVE-2026-42945) that can cause denial of service and, under specific conditions, remote code execution. The flaw affects NGINX Open Source 0.6.27 through 1.30.0 and several F5-managed builds. Exploitation hinges on configurations using both rewrite and set directives and problems in the internal script engine’s two-pass handling of rewrites. Patches and mitigations are available, and F5 recommends replacing unnamed PCRE capture groups with named captures if immediate upgrades are not possible.
read more →

Fragnesia: New Linux Kernel LPE Emerging from Dirty Frag

🔒Fragnesia (CVE-2026-46300) is a newly disclosed Linux kernel local privilege escalation discovered by William Bowling of Zellic and the V12 team, with a working PoC published on May 13. The flaw permits unprivileged users to overwrite kernel page-cache contents of read-only files, enabling in-memory tampering that can spawn a root shell without touching disk. It stems from shared page fragment bookkeeping failures tied to ESP-in-TCP decryption behavior and is being mitigated by interim distro backports and module hardening.
read more →

Siemens Teamcenter vulnerabilities: patches and guidance

🔔 Siemens disclosed multiple vulnerabilities in Teamcenter that could affect availability, integrity, and confidentiality of affected installations. The vendor published patches across several builds and recommends administrators update to the indicated fixed versions (examples include V2312.0009, V2406.0006, V2412.0009, V2506.0005 and later). Identified issues include improper error checking (CWE-754), cross-site scripting (CWE-79), and hard‑coded credentials (CWE-798). CISA and Siemens advise minimizing network exposure, isolating control systems, applying vendor updates promptly, and following Siemens' industrial security guidance.
read more →

Siemens SIPROTEC 5 Session ID Randomness Vulnerability

⚠️ The Siemens SIPROTEC 5 series employs insufficiently random values for session identifiers on a subset of web endpoints, enabling an unauthenticated remote actor to brute-force and hijack valid sessions. Exploitation can permit limited read access to web server information without authorization. Siemens is preparing fixes and recommends updating to V11.0 or later where available, validating updates, and applying network protections such as segmentation, firewalls, and controlled remote access procedures.
read more →

Siemens Ruggedcom Rox: Multiple Critical Vulnerabilities

🚨 Siemens reports that Ruggedcom Rox devices prior to V2.17.1 contain numerous third‑party vulnerabilities and has released updated firmware; customers are urged to update immediately. The issues include uncontrolled recursion, integer underflow/overflow, multiple stack- and heap-based buffer overflows, use‑after‑free, improper input validation and path traversal, among others. Affected components include Das U‑Boot, QEMU emulation modules, Python email parsing, linux‑pam and other supporting libraries. Apply the vendor updates to mitigate risks such as denial of service, boot bypass or potential code execution.
read more →

Siemens routers and switches vulnerable to IPv4 DoS

⚠️ A null pointer dereference vulnerability has been identified in multiple Siemens networking and industrial routers and gateways when processing specially crafted IPv4 requests. Exploitation can cause a denial-of-service condition that forces affected devices to stop responding and disrupts networked control functions. Recovery requires a manual restart of the device. Affected product families include SCALANCE, SIMATIC, RUGGEDCOM and IE/PB link variants, spanning many router, switch, and gateway models.
read more →

Siemens SIMATIC S7 Web Server Cross-Site Scripting Risks

⚠ Siemens SIMATIC S7 PLC web servers contain multiple cross-site scripting (XSS) vulnerabilities in their web interfaces that could allow an authenticated user with rights to download TIA projects to inject malicious scripts. Affected pages include the Communication parameters, Motion Control Diagnostics, and Firmware Update pages, where names or filenames are not properly sanitized. Siemens has published updates for several affected firmware lines—update to V2.9.9 or V3.1.6 or later where available—and is preparing further fixes. CISA republished the advisory and recommends restricting project downloads and firmware update rights, isolating devices, and applying vendor updates or compensating controls.
read more →

Siemens SIMATIC HMI Vulnerability in Unified Panels

🔒 Siemens reports that SIMATIC HMI Unified Comfort Panels before V21.0 are vulnerable to an unauthenticated access issue that exposes the embedded web browser via the Control Panel help link when access protections are not applied. The flaw is attributed to insecure default initialization (CWE-1188) and carries a vendor CVSS v3 score of 7.7. Siemens recommends updating affected panels to V21 or later, disabling the taskbar, and following operational security guidance to enable Control Panel access protection and change runtime autostart settings.
read more →

Siemens ROS# Path Traversal Vulnerability — Update to 2.2.2

🔒 A path traversal flaw exists in the ROS# file_server prior to 2.2.2, allowing attackers to read and write arbitrary files accessible to the account running the service. The issue arises from improper input sanitization and is tracked as CWE-23 with a CVSS v3 score of 9.1. Siemens released 2.2.2 as the vendor fix and recommends immediate updates. Temporary mitigations include running the service only on trusted networks and with restricted user rights.
read more →

Siemens Ruggedcom Rox OS Command Injection Advisory

⚠️An input validation vulnerability in the Scheduler feature of Siemens Ruggedcom Rox devices allows an authenticated remote attacker to inject OS commands via the device's Web UI. Successful exploitation can execute arbitrary commands with root privileges on the underlying operating system. Siemens has released updates and recommends upgrading to V2.17.1 or later; CISA urges operators to apply the patch and implement network protections such as firewalls, isolation, and secure remote access.
read more →

Siemens gPROMS gWAP RCE Risk from Axios Prototype Pollution

🔒 Siemens reports that gPROMS Web Applications Publisher (gWAP) is affected by a remote code execution vulnerability stemming from a third‑party Axios prototype pollution "gadget" chain. The flaw can escalate prototype pollution in dependencies into arbitrary code execution or full cloud compromise (including possible AWS IMDSv2 bypass). Siemens has released V3.1.1 and recommends updating to the latest version, restricting network access, and following Siemens industrial security guidelines.
read more →

Siemens Ruggedcom Rox OS Command Injection Fix Released

⚠ An input validation vulnerability in the feature key installation process of Siemens Ruggedcom Rox allows an authenticated remote attacker to inject OS commands and achieve arbitrary code execution with root privileges. Siemens has released updates and advises customers to upgrade affected devices to V2.17.1 or later without delay. CISA and Siemens recommend isolating control networks, restricting access, and following Siemens' operational guidelines to reduce exposure.
read more →

Siemens Ruggedcom Rox Improper Access Control Flaw

⚠ The Siemens Ruggedcom Rox product contains an improper access control vulnerability in its web server JSON‑RPC interface that can allow an authenticated remote attacker to read arbitrary files on the underlying operating system with root privileges. Siemens has released updates and advises customers to upgrade to V2.17.1 or later. The issue is tracked as CWE-88 and CISA has republished the vendor advisory to increase visibility. Administrators should restrict network access and follow Siemens' operational security guidance.
read more →

Siemens Solid Edge SE2026 PAR Parsing Flaws, Update

⚠️ Siemens released an update fixing two PAR file parsing vulnerabilities in Solid Edge SE2026 that could allow application crashes or remote code execution. The flaws involve access of an uninitialized pointer (CWE-824) and a stack-based buffer overflow (CWE-121) when handling specially crafted PAR files. Update to V226.0 Update 5 or later and limit network exposure. CISA has republished the vendor advisory and urges organizations to apply the fix and follow recommended ICS security practices.
read more →

Universal Robots Polyscope 5 Command Injection Fix

⚠️ A critical OS command injection in the Dashboard Server of Universal Robots Polyscope 5 (CVSS 9.8) allows unauthenticated attackers to execute commands on the robot's operating system. Affected releases are versions prior to 5.25.1; the vendor has issued Polyscope 5 v5.25.1 as a corrective update. CISA advises immediate patching and network defenses including segmentation, firewalling, and limiting internet exposure.
read more →

CISA Adds New Entry to Known Exploited Vulnerabilities

⚠️ CISA added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog on 2026-05-14 after confirming active exploitation. The agency warns that such vulnerabilities are common attack vectors and present significant risk to the federal enterprise. CISA directs organizations to follow Emergency Directive 26-03 and BOD 22-01 guidance, assess exposure, and apply mitigations or discontinue affected Cisco SD-WAN products if mitigations are not available.
read more →

Siemens Simcenter Femap Heap Overflow in IPT Files

⚠️ Simcenter Femap contains a heap-based buffer overflow in the Datakit library that can be triggered by specially crafted IPT files, causing memory corruption during parsing. If a user opens a malicious IPT file, an attacker could achieve remote code execution in the context of the running process. Siemens has released V2512.0003 or later to address the issue and recommends immediate updating; the flaw is tracked as CWE-122. CISA republished the vendor advisory to increase visibility and urges reducing network exposure and following Siemens' industrial security guidance.
read more →

Siemens Opcenter RDnL: ActiveMQ Artemis Authentication Flaw

🔒 Siemens reports that Opcenter RDnL is affected by a Missing Authentication for Critical Function in Apache ActiveMQ Artemis. An unauthenticated actor on an adjacent network can force a broker to open an outbound Core federation to an attacker-controlled broker, risking message injection and availability impacts. Siemens and Apache recommend updating to Apache Artemis 2.52.0 or later and applying mitigations such as Core interceptors, disabling Core on exposed acceptors, and enforcing two-way SSL.
read more →

Siemens SENTRON PAC1261 Request Smuggling Patch Advisory

🔒 The web server in Siemens SENTRON 7KT PAC1261 Data Manager (versions before V2.1.0) contains a request smuggling vulnerability in the Go net/http package that can expose authorization tokens and permit administrative takeover. Siemens has released V2.1.0 to remediate the issue and recommends immediate updating. Mitigations include using encrypted protocols, restricting network exposure, and following vendor operational security guidance.
read more →