All news with #ashlar-vellum tag

CISA Releases Seven Industrial Control Systems Advisories

🔔 CISA released seven new Industrial Control Systems advisories addressing vulnerabilities across multiple vendors and product families. The advisories cover Ashlar-Vellum, Rockwell Automation, Zenitel, Opto 22, Festo, SiRcom, and an update for Mitsubishi Electric FA engineering software. Administrators are urged to review technical details and apply recommended mitigations promptly.

Ashlar-Vellum Products: Out-of-Bounds Write & Heap Overflow

🔒 Ashlar-Vellum has released updates addressing two vulnerabilities—an Out-of-Bounds Write (CVE-2025-65084) and a Heap-based Buffer Overflow (CVE-2025-65085)—affecting Cobalt, Xenon, Argon, Lithium, and Cobalt Share up to version 12.6.1204.207. Both flaws could allow local attackers to disclose information or execute arbitrary code; vendor updates to 12.6.1204.208 or later are available. CISA assigns a CVSS v4 base score of 8.4, notes low attack complexity, and reports no known public exploitation; these issues are not remotely exploitable.