< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2061 articles · page 35 of 104

PolyShell flaw allows unauthenticated RCE in Magento

⚠ A newly disclosed vulnerability called PolyShell affects all Magento Open Source and Adobe Commerce version 2 installations, enabling unauthenticated code execution and potential account takeover. Adobe has issued a fix only in the 2.4.9 alpha, leaving production sites exposed. Sansec warns the exploit method is already circulating and urges admins to restrict access to pub/media/custom_options/, verify nginx/Apache rules, and scan for uploaded shells or backdoors.
read more →

Critical GNU inetutils Telnet RCE Allows Root Access

⚠️ Security researchers at Dream Security disclosed a critical buffer overflow in GNU inetutils telnetd (CVE-2026-32746) that enables unauthenticated remote code execution as root during Telnet negotiation. The flaw originates in the SLC handler which writes into a fixed 108‑byte buffer without bounds checking, producing an arbitrary write. Dream notified maintainers on March 11 and a patch was prepared the next day; administrators should disable telnetd, restrict or block TCP/23, or migrate to SSH until updates are applied.
read more →

Ubiquiti patches UniFi flaw that may enable takeover

🔒 Ubiquiti has released patches for two vulnerabilities in the UniFi Network application, including a maximum-severity path traversal flaw tracked as CVE-2026-22557. The path traversal affects versions up to 10.1.85 and is addressed in 10.1.89 and later; a separate authenticated NoSQL injection that could enable privilege escalation has also been fixed. Administrators should update to 10.1.89 or later and apply vendor fixes to mitigate account takeover and escalation risks.
read more →

Critical OCPP WebSocket Vulnerabilities in eParking.fi

🔒 Multiple vulnerabilities in IGL-Technologies eParking.fi allow unauthenticated actors to connect to OCPP WebSocket endpoints, impersonate charging stations, issue commands, hijack sessions, or disrupt charging services via denial-of-service. CISA rates the most severe issue CVSSv3.1 9.4 (Critical). IGL-Technologies has implemented stronger authentication, device-level whitelisting, rate limiting, and enhanced monitoring; encrypted OCPP deployments and the proprietary eTolppa protocol are not impacted.
read more →

Schneider Electric PME/EPO Deserialization Vulnerability

⚠️ Schneider Electric disclosed a deserialization-of-untrusted-data vulnerability affecting EcoStruxure Power Monitoring Expert (PME) and the Advanced Reporting and Dashboards module for EcoStruxure Power Operation (EPO). A locally authenticated attacker can supply crafted data to trigger unsafe deserialization and achieve arbitrary code execution with administrative privileges. Schneider has released hotfixes and recommends upgrading to PME 2024 R3; contact Customer Care to obtain fixes. Hotfixes for supported branches report no reboot required.
read more →

Schneider Electric Modicon Controllers XSS Advisory

🔒 CISA warns of a cross-site scripting and open redirect vulnerability (CVE-2025-13902) affecting Schneider Electric Modicon controllers M241, M251, M258, and LMC058. Successful exploitation may enable account takeover or arbitrary JavaScript execution in a user's browser. Schneider provides firmware 5.4.13.12 for M241 and M251 via EcoStruxure Machine Expert v2.5.0.1; M258 and LMC058 currently require mitigations. No known public exploitation has been reported.
read more →

CISA Adds Cisco FMC Deserialization Flaw to KEV Catalog

⚠️ CISA has added CVE-2026-20131 to the Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The vulnerability involves deserialization of untrusted data in Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management. This class of flaw is a common attack vector and poses significant risk. CISA reminds Federal Civilian Executive Branch agencies to remediate per BOD 22-01 and urges all organizations to prioritize timely remediation as part of normal vulnerability management.
read more →

Automated Logic WebCTRL BACnet Vulnerabilities — Mar 2026

🔒 CISA warns of multiple high‑severity vulnerabilities in Automated Logic WebCTRL servers that could allow attackers to read, intercept, or modify BACnet communications. Known affected releases include versions earlier than v8.5, and WebCTRL 7 is end‑of‑life and unsupported. The advisory describes three CVEs — CVE-2026-25086 (port binding impersonation), CVE-2026-32666 (BACnet packet spoofing), and CVE-2026-24060 (cleartext transmission, CVSS 9.1) — and urges operators to upgrade to supported releases with BACnet/SC, implement TLS/mutual authentication where available, and apply network segmentation, access controls, and vendor secure configuration best practices to reduce exposure.
read more →

Mitsubishi Electric CNC Series: Out-of-Bounds Read Issue

⚠️ A vulnerability (CVE-2025-2399) in Mitsubishi Electric CNC Series can be exploited remotely to trigger an out-of-bounds read and cause a denial-of-service by sending specially crafted packets to TCP port 683. A range of M800, M80, M70, E70/E80, C80 and NC Trainer models are affected. Mitsubishi Electric has published fixed firmware builds (BC or later, FN or later depending on model); users should contact their vendor representative to obtain and apply updates. If immediate updates are not possible, the vendor recommends restricting network exposure, firewalling, using VPNs, enabling IP filters where available, and limiting physical and network access.
read more →

EcoStruxure Automation Expert: Vulnerability and Patch

⚠️Schneider Electric has disclosed a vulnerability in EcoStruxure Automation Expert (CVE-2026-2273), a CWE-94 code injection flaw that can execute arbitrary commands on an engineering workstation when an authenticated user opens a malicious project file. The issue affects versions prior to v25.0.1 and carries a CVSS v3.1 base score of 8.2 (High). Schneider fixed the vulnerability in v25.0.1; administrators should apply the vendor update promptly or implement recommended mitigations — including restrictive file permissions, storing project files in user home directories, and verifying file authenticity — to reduce the risk of workstation and broader system compromise.
read more →

Critical CTEK Chargeportal Vulnerabilities and Risks

⚠️ Multiple authentication and session-management vulnerabilities in CTEK Chargeportal could allow remote attackers to impersonate charging stations, send unauthorized OCPP commands, or disrupt charging services. The highest-severity issue (CVE-2026-25192) affects WebSocket authentication and is rated CVSS 9.4 (Critical). Other flaws enable brute-force attempts, session hijacking, and exposure of station identifiers. CTEK plans to sunset Chargeportal in April 2026; operators should restrict network exposure, isolate control networks, and contact CTEK support for guidance.
read more →

Schneider Electric Modicon M241/M251/M262 DoS Vulnerability

⚠️ Schneider Electric disclosed a CWE-404 Improper Resource Shutdown or Release vulnerability (CVE-2025-13901) affecting Modicon M241, M251, and M262 controllers that can cause a partial denial-of-service of the Machine Expert protocol when an unauthenticated actor sends a crafted payload. The issue is rated CVSS v3.1 5.3 (Medium). Vendor firmware updates (M241/M251: 5.4.13.12; M262: 5.4.10.12) are available. Until updates are applied, isolate controllers, restrict network access, and use encrypted remote connections.
read more →

CISA Urges Firms to Harden Microsoft Intune Controls

🔒 CISA urged U.S. organizations to strengthen Microsoft Intune administrative controls after a cyberattack exploited Intune to wipe devices at medical technology firm Stryker. Attackers allegedly created a new Global Administrator account, exfiltrated data, then used Intune’s built‑in wipe to erase nearly 80,000 devices. CISA recommended least‑privilege RBAC, enforced MFA via Microsoft Entra, privileged‑access hygiene, and multi‑admin approval for sensitive actions to reduce similar risks.
read more →

Critical Microsoft SharePoint Flaw Now Exploited in Attacks

🔴 The Cybersecurity and Infrastructure Security Agency (CISA) warned that a critical deserialization vulnerability in Microsoft SharePoint, tracked as CVE-2026-20963, is being exploited in the wild. The flaw affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition and can allow unauthenticated remote code execution on unpatched servers. Microsoft patched the issue during January Patch Tuesday but has not labeled it as exploited; CISA added the vulnerability to its actively exploited catalog and ordered federal agencies to remediate by March 21.
read more →

Interlock Ransomware Exploits Cisco FMC Zero-Day Patch Alert

🔒 AWS analysis reveals that the Interlock ransomware group has exploited CVE-2026-20131, a critical RCE in the web-based management interface of Cisco Secure Firewall Management Center (FMC), in active attacks since January 26. The flaw can permit an unauthenticated attacker to execute arbitrary Java code as root and carries a 10.0 CVSS score. AWS recommends applying Cisco patches, reviewing IoCs and hunting for PowerShell staging, custom Java/JavaScript RATs, memory-resident webshells and unauthorized ScreenConnect deployments.
read more →

Remote Control Glitch Exposes Thousands of Robot Vacuums

🤖 A user attempting to remotely control his own DJI Romo robot vacuum inadvertently gained control of approximately 7,000 devices around the world. The incident highlights how insecure many consumer IoT devices remain and how a single action can cascade into widespread exposure. Beyond mere nuisance, such mass control raises privacy and safety concerns if exploited at scale. The episode underscores the urgent need for stronger device authentication, secure update mechanisms, and clearer vendor responsibility.
read more →

DarkSword iOS Exploit Kit Uses Six Vulnerabilities Widely

⚠️Researchers from Google Threat Intelligence Group, Lookout and iVerify report a new full‑chain JavaScript exploit kit named DarkSword has been used since at least November 2025 to fully compromise iPhones and exfiltrate sensitive data. The kit has appeared in watering‑hole campaigns targeting users in Saudi Arabia, Turkey, Malaysia and Ukraine and is linked to multiple actors including UNC6353, UNC6748 and a Turkish vendor. Apple has released patches addressing the exploited CVEs; users should install updates promptly.
read more →

CISA Alerts: Zimbra, SharePoint Flaws Actively Exploited

⚠ CISA has urged federal agencies to apply patches for two actively exploited vulnerabilities affecting Synacor Zimbra Collaboration Suite and Microsoft Office SharePoint. Zimbra's Classic UI suffered a stored XSS (CVE-2025-66376) patched in versions 10.0.18 and 10.1.13 in November 2025, while SharePoint had a deserialization RCE (CVE-2026-20963) fixed in January 2026. CISA set FCEB patching deadlines and reported no public attribution or scale; separately, Amazon detailed exploitation of a Cisco firewall-management zero-day (CVE-2026-20131) by the Interlock ransomware group.
read more →

CISA Orders Federal Patch for Zimbra XSS Flaw Exploited

⚠️ CISA has ordered Federal Civilian Executive Branch agencies to remediate an actively exploited stored cross-site scripting vulnerability in the Zimbra Collaboration Suite, tracked as CVE-2025-66376. The flaw in the Classic UI can be abused via CSS @import directives in HTML emails by remote, unauthenticated attackers to execute arbitrary JavaScript, risking session hijack and data exfiltration. Agencies were given until April 1 under BOD 22-01, and all organizations are urged to apply vendor patches or available mitigations immediately.
read more →

ConnectWise fixes ScreenConnect signature flaw, critical

🔒 ConnectWise warned customers about a critical cryptographic signature verification bug in ScreenConnect (tracked as CVE-2026-3564) that affects versions prior to 26.1 and can enable unauthorized session authentication and privilege escalation. The vulnerability allows attackers who obtain ASP.NET machine key material to generate or modify protected values the server will accept, potentially resulting in hijacked sessions and elevated access. ConnectWise patched the issue in ScreenConnect 26.1 by adding encrypted storage and improved handling for machine keys; cloud-hosted instances were auto-upgraded while on-premises administrators must upgrade immediately. The vendor reported observed attempts to abuse disclosed machine key material in the wild but has no confirmed evidence of exploitation against ConnectWise-hosted instances and urges responsible disclosure of active findings.
read more →