< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2054 articles · page 5 of 103

AVer PTC Camera Remote Code Execution Advisory

🔒 AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras contain an input validation flaw that could permit unauthenticated remote arbitrary code execution via a crafted web request. Affected devices are rated CVSS v3 9.8 and relate to CWE-552 Files or Directories Accessible to External Parties. AVer has released firmware to address the issue and CISA advises minimizing network exposure, placing devices behind firewalls, and using secure remote access methods such as updated VPNs.
read more →

Path Traversal Vulnerability in Schneider Electric RTUs

🔒 Schneider Electric EasyLogic T150 and Saitel DP devices contain a CWE-22 Path Traversal vulnerability that can allow unauthorized access to sensitive files when server-side file path processing mishandles user input. Affected firmware versions include EasyLogic T150 <=11.06.31 and Saitel DP <=11.06.36. Remediations include firmware updates to 11.06.32 for EasyLogic T150 and 11.06.37 for Saitel DP; contact Schneider Electric Customer Care to obtain downloads and reboot devices after installing. CISA recommends network isolation, strict credential controls, and defensive measures for ICS devices.
read more →

CISA urges hardening of Fortinet devices after breaches

🔒 CISA warns that malicious actors have targeted internet-accessible Fortinet devices using compromised credentials, a campaign dubbed FortiBleed affecting roughly 74,000 devices including firewalls and VPN gateways. The agency urges immediate actions such as terminating active SSL VPN and administrative sessions, resetting credentials, enforcing strong password policies, and ensuring secure credential storage using PBKDF2. Organizations should review logs for suspicious activity, enable phishing-resistant MFA for remote and administrative access, and restrict management interfaces from public internet exposure.
read more →

CISA Adds One Vulnerability to KEV Catalog

🔔 CISA added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation. The alert underscores that such vulnerabilities are frequent attack vectors and pose significant risks to the federal enterprise. BOD 26-04 requires Federal Civilian Executive Branch agencies to prioritize rapid remediation of high-risk KEV-listed CVEs on internet-exposed assets and to check for compromise before patching. CISA encourages all organizations to adopt risk-based vulnerability management and to submit candidate vulnerabilities via the KEV Nomination Form.
read more →

Mitsubishi MELSEC iQ-F EtherNet/IP DoS Fix

🔒 An integer overflow in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP modules can be exploited remotely to cause a denial-of-service by rapidly opening many TCP connections, leading to improper memory access. A vendor update (version 1.001 or later) is available from Mitsubishi Electric to remediate the issue. Until patched, the vendor recommends network restrictions such as firewalls, VPNs, IP filtering, LAN-only operation, and limiting physical and host access to reduce exposure.
read more →

F5 issues out‑of‑band patches for critical NGINX flaws

🔒 F5 released out-of-band updates to fix multiple NGINX vulnerabilities, including two critical flaws in the ngx_http_v3_module and ngx_http_proxy_v2/_grpc modules that can lead to DoS or code execution. The bugs cause use‑after‑free or heap buffer overflow in worker processes and affect NGINX Plus, Open Source, Gateway Fabric, and Instance Manager. Mitigations include disabling HTTP/3 and adjusting header buffer directives until patches are applied.
read more →

Microsoft fixes Windows Server 2016 update failures

🔧 Microsoft resolved a known issue that caused the June 2026 security update (KB5094122) to fail on Windows Server 2016 systems that were missing the prior month's KB5087537 update. Administrators had reported 0x80070002 or FILE_NOT_FOUND errors during installation. Microsoft confirmed the installation issue is fixed and affected devices should no longer experience failures deploying the June 2026 update. This follows several recent fixes for update- and boot-related problems across Windows releases.
read more →

Microsoft Confirms RoguePlanet Defender Zero-Day

🛡️ Microsoft disclosed it is preparing a patch for a Defender zero-day tracked as RoguePlanet, now identified as CVE-2026-50656 with a CVSS score of 7.8. The company classifies the issue as a privilege escalation in the Microsoft Malware Protection Engine and says it is working on a quality security update. The exploit was publicly released by researcher Chaotic Eclipse (aka Nightmare-Eclipse), who described it as a race condition that can yield SYSTEM-level shells and may work irrespective of real-time protection settings.
read more →

Microsoft confirms Office launch issue after June updates

🛠️ Microsoft is investigating reports that certain third-party applications may be unable to launch Word, Excel, PowerPoint, Access, and other Office apps or open documents after installing Windows updates released on or after June 9, 2026. The problem affects apps that use OLE automation, sometimes causing Office apps or documents to fail to open without an error. Microsoft advises opening Office files directly or contacting Microsoft Support for Business for enterprise workarounds while a fix is developed.
read more →

Google Vertex AI SDK bucket squatting enables RCE

🔒 A design flaw in the Vertex AI SDK for Python allowed attackers to hijack model staging buckets across projects by predicting bucket names derived from project ID and region. Unit 42 researchers called this class of issue Bucket Squatting, where global bucket name uniqueness enabled pre-creation and silent takeover. The flaw could lead to cross-tenant model poisoning and remote code execution via pickle deserialization. Google issued fixes in SDK versions 1.144.0 and 1.148.0 and users should upgrade.
read more →

CISA directs urgent patch for JCE Joomla flaw

🛡️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability in the Widget Factory Joomla Content Editor (JCE) plugin, tracked as CVE-2026-48907, which is being actively exploited in the wild. The flaw allows unauthenticated attackers to upload and execute PHP code via new editor profiles in affected Joomla deployments. JCE released version 2.9.99.6 in early June and urged immediate updates, noting that updates do not remove existing compromises and outlining remediation steps for infected sites.
read more →

Microsoft developing patch for Defender RoguePlanet zero-day

🔒 Microsoft is investigating and preparing a security update for a Microsoft Defender elevation-of-privilege vulnerability publicly dubbed RoguePlanet. The flaw, now tracked as CVE-2026-50656, was disclosed with a proof-of-concept last week and reportedly allows spawning SYSTEM-level command prompts via a Defender race condition on fully patched Windows 10 and 11 devices. Microsoft confirmed it is working on a high-quality security update and will publish details in the CVE entry when available.
read more →

CISA flags critical JCE Joomla flaw exploited

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a maximum-severity flaw in Widget Factory's Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities catalog, citing active exploitation. Tracked as CVE-2026-48907 (CVSS 10.0), the improper access control bug allows unauthenticated creation of editor profiles and potential PHP code upload and execution. The flaw affects JCE versions 1.0.0 through 2.9.99.4 and was patched in 2.9.99.5 on June 3, 2026; FCEB agencies must apply fixes by June 19, 2026.
read more →

Google Vertex AI SDK bucket-squatting flaw patched

🛡️ Palo Alto Networks Unit 42 disclosed a flaw in the Google Cloud Vertex AI Python SDK that let an attacker with only their own Google Cloud project and a victim's project ID hijack model uploads and execute code in Vertex AI serving containers. Google fixed the issue; users must update to google-cloud-aiplatform version 1.148.0 or later and explicitly set a staging_bucket. The bug arose from predictable default bucket names and lack of ownership checks, enabling an attacker to precreate the bucket, swap uploaded model files (often pickled), and run malicious code when Vertex AI loaded the model.
read more →

Rockwell CompactLogix CIP Sequence and Info Leak

🔒 A security advisory details vulnerabilities in Rockwell Automation CompactLogix 1769 controllers where missing validation of CIP sequence numbers and source IPs and exposure of CIP Connection IDs on the device web diagnostics page can be abused to trigger denial-of-service conditions. Rockwell recommends updating affected devices to firmware V38.011 and refers users to advisory SD1776 for mitigation steps. CISA advises minimizing network exposure, placing control systems behind firewalls, using secure remote access like VPNs, and following standard ICS defensive practices and reporting procedures.
read more →

RSLinx Classic vulnerability advisory and mitigations

🔒 This advisory describes a stack-based buffer overflow and an out-of-bounds read in Rockwell Automation RSLinx Classic Third-Party components that can cause denial of service or enable remote code execution. Rockwell recommends upgrading to version 4.60.00 or later or applying patch BF31213 where upgrades are not possible. CISA urges minimizing network exposure, isolating control systems behind firewalls, and using secure remote access methods such as updated VPNs while performing impact analysis and risk assessments.
read more →

Rockwell Logix 5370/5570 CIP Denial-of-Service Fixes

🛡️ A denial-of-service vulnerability in Rockwell Automation Logix 5370 and 5570 controllers can cause a major nonrecoverable fault (MNRF) when a crafted CIP message is processed, with devices having less memory at greater risk. Rockwell advises updating to specific firmware versions: CompactLogix 5370 (34.016+), Compact GuardLogix 5370 (35.015+), ControlLogix 5570 (36.012+), and GuardLogix 5570 (37.011+). CISA recommends minimizing network exposure, isolating control networks behind firewalls, using secure remote access methods such as VPNs, and following ICS defensive best practices to reduce exploitation risk.
read more →

PavilionX Missing Authorization Vulnerability Adviso

🔒 A security issue was identified in Rockwell Automation FactoryTalk Analytics PavilionX due to improper authorization enforcement in API endpoints, allowing unauthorized actors to perform privileged operations such as user and role management. Rockwell Automation recommends updating PavilionX to version 7.01 or later. CISA advises minimizing network exposure of control system devices, isolating them behind firewalls, and using secure remote access methods while performing impact analysis before defensive changes.
read more →

CISA Adds One Vulnerability to KEV Catalog

🔔 CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog after confirming evidence of active exploitation. This vulnerability type remains a common attack vector and presents significant risk to the federal enterprise. BOD 26-04 reinforces rapid remediation of KEV-listed CVEs for federal agencies and updates prior guidance. CISA encourages all organizations to adopt risk-based vulnerability management and may add further vulnerabilities that meet KEV criteria.
read more →

Rockwell FLEX I/O EtherNet/IP Adapter Flaws Fixed

🔒 Rockwell Automation FLEX I/O EtherNet/IP adapters (1794-AENTR) contain vulnerabilities that could enable unauthorized access, account takeover, and denial-of-service. A memory-handling flaw in CIP request processing may cause adapter faults and loss of I/O connectivity, while an embedded web server issue allows unauthenticated password changes via a crafted HTTP GET. Rockwell recommends updating to firmware 2.013 to remediate these issues.
read more →