All news with #denial of service tag

🔒 Microsoft disclosed two Microsoft Defender vulnerabilities under active exploitation: CVE-2026-41091, a local privilege escalation rated 7.8 that can allow an attacker to gain SYSTEM privileges via improper link resolution, and CVE-2026-45498, a denial-of-service issue rated 4.0. Both are addressed in Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7. Systems with Defender disabled are not affected; updates are applied automatically through malware definitions and the Microsoft Malware Protection Engine.

🛡️ Microsoft released emergency updates on Wednesday to address two actively exploited Microsoft Defender zero-day vulnerabilities. The first, CVE-2026-41091, affects the Microsoft Malware Protection Engine and can be abused to achieve SYSTEM privileges via improper link resolution before file access. The second, CVE-2026-45498, impacts the Defender Antimalware Platform and may be used to trigger denial-of-service; Microsoft says updates should deploy automatically but advises administrators to verify platform and signature versions and confirm successful installation.

🔒 Researchers at DepthFirst AI found an 18-year-old heap buffer overflow in NGINX’s ngx_http_rewrite_module (CVE-2026-42945) that can cause denial of service and, under specific conditions, remote code execution. The flaw affects NGINX Open Source 0.6.27 through 1.30.0 and several F5-managed builds. Exploitation hinges on configurations using both rewrite and set directives and problems in the internal script engine’s two-pass handling of rewrites. Patches and mitigations are available, and F5 recommends replacing unnamed PCRE capture groups with named captures if immediate upgrades are not possible.

⚠️ A null pointer dereference vulnerability has been identified in multiple Siemens networking and industrial routers and gateways when processing specially crafted IPv4 requests. Exploitation can cause a denial-of-service condition that forces affected devices to stop responding and disrupts networked control functions. Recovery requires a manual restart of the device. Affected product families include SCALANCE, SIMATIC, RUGGEDCOM and IE/PB link variants, spanning many router, switch, and gateway models.

🔒 ABB disclosed multiple vulnerabilities in the WebPro SNMP Card PowerValue affecting earlier firmware releases. The flaws include an authentication bypass (the device validates only the first character of session cookies and tokens), insufficient session expiration and uncontrolled resource consumption that can cause DoS and Modbus instability on port 502. ABB issued fixes in v1.1.8.p and recommends contacting ABB Digital Service Support and applying defensive measures from the product manual.

⚠️ABB disclosed multiple vulnerabilities in AC500 V3 PLCs that can bypass user management, expose visualization files, compromise PKI certificates, or cause denial-of-service (CVE-2025-2595, CVE-2025-41659, CVE-2025-41691). The issues stem from forced browsing, a permission flaw in the optional CmpOpenSSL component, and a NULL pointer dereference in CmpDevice. ABB corrected the issues in firmware 3.9.0 via Automation Builder 2.9.0; no workarounds are available and customers should apply the update promptly.

⚠️ Cisco released patches for a high-severity denial-of-service vulnerability (CVE-2026-20188) affecting Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO). The issue stems from inadequate rate limiting on incoming connections and can be exploited remotely by unauthenticated actors to exhaust connection resources and crash systems. Affected releases include CNC 7.1 and earlier and NSO 6.3 and earlier; fixed releases and mitigations are detailed in Cisco's advisory. Cisco's PSIRT says it is not aware of active exploitation but strongly urges customers to upgrade to patched software to avoid manual reboots and service disruption.

⚠ ABB reported a vulnerability in B&R Automation Runtime (ANSL-Server) that can be triggered remotely to cause a denial-of-service on affected nodes. The issue (CVE-2025-11044) is fixed in Automation Runtime 6.5 and R4.93. Apply the vendor patch promptly; interim mitigations include longer cycle times, limiting ANSL connections at the control-network firewall, and load testing before commissioning.

⚠️ ABB disclosed CVE-2025-3756, a vulnerability in its IEC 61850 MMS client stack that can be triggered by a specially crafted 61850 packet. Exploitation requires access to the IEC 61850 network and can force PM 877, CI850, and CI868 modules into a fault state requiring manual restart or repeatedly crash S+ Operations IEC 61850 connectivity, causing denial-of-service. System 800xA IEC61850 Connect is not affected. ABB has released or scheduled firmware updates and advises customers to apply fixes and follow mitigating guidance.

⚠️ Siemens SCALANCE W-700 series devices with firmware earlier than V6.6.0 are affected by multiple security vulnerabilities. Siemens released firmware V6.6.0 to address these issues and urges operators to update affected units promptly. Temporary mitigations include reducing Wi‑Fi power, restricting physical access, disabling A‑MSDU if available, and minimizing network exposure of control devices. Several flaws could allow remote attackers to execute actions or cause denial of service; some carry high or critical CVSS scores.

🔒 Siemens has identified vulnerabilities in SICAM 8 products that can cause denial-of-service conditions. Affected components include CPCI85 (CP-8031/CP-8050), RTUM85 (CP-8010/CP-8012) and SICORE/S8000 elements. Two CVEs were assigned: CVE-2026-27663 (resource exhaustion, CVSS 6.5) and CVE-2026-27664 (out-of-bounds write, CVSS 7.5). Siemens released firmware updates in the V26.10 family and recommends validated deployment and supervised update procedures; CISA advises minimizing network exposure, isolating control systems, and using secure remote access.

⚠ The Grassroots DICOM (GDCM) 3.2.2 library contains a memory leak vulnerability (CVE-2026-3650) that can be triggered by parsing specially crafted DICOM files with non-standard VR types. Successful exploitation can cause extensive heap allocations that are not released, producing resource exhaustion and a denial-of-service condition. This issue is rated High with a CVSS v3.1 base score of 7.5. Users should follow defensive best practices and monitor vendor distribution channels for updates.

⚠️ Schneider Electric disclosed a CWE-404 Improper Resource Shutdown or Release vulnerability (CVE-2025-13901) affecting Modicon M241, M251, and M262 controllers that can cause a partial denial-of-service of the Machine Expert protocol when an unauthenticated actor sends a crafted payload. The issue is rated CVSS v3.1 5.3 (Medium). Vendor firmware updates (M241/M251: 5.4.13.12; M262: 5.4.10.12) are available. Until updates are applied, isolate controllers, restrict network access, and use encrypted remote connections.

🔒 Multiple vulnerabilities in IGL-Technologies eParking.fi allow unauthenticated actors to connect to OCPP WebSocket endpoints, impersonate charging stations, issue commands, hijack sessions, or disrupt charging services via denial-of-service. CISA rates the most severe issue CVSSv3.1 9.4 (Critical). IGL-Technologies has implemented stronger authentication, device-level whitelisting, rate limiting, and enhanced monitoring; encrypted OCPP deployments and the proprietary eTolppa protocol are not impacted.

⚠️ A vulnerability (CVE-2025-2399) in Mitsubishi Electric CNC Series can be exploited remotely to trigger an out-of-bounds read and cause a denial-of-service by sending specially crafted packets to TCP port 683. A range of M800, M80, M70, E70/E80, C80 and NC Trainer models are affected. Mitsubishi Electric has published fixed firmware builds (BC or later, FN or later depending on model); users should contact their vendor representative to obtain and apply updates. If immediate updates are not possible, the vendor recommends restricting network exposure, firewalling, using VPNs, enabling IP filters where available, and limiting physical and network access.

⚠️ Multiple authentication and session-management vulnerabilities in CTEK Chargeportal could allow remote attackers to impersonate charging stations, send unauthorized OCPP commands, or disrupt charging services. The highest-severity issue (CVE-2026-25192) affects WebSocket authentication and is rated CVSS 9.4 (Critical). Other flaws enable brute-force attempts, session hijacking, and exposure of station identifiers. CTEK plans to sunset Chargeportal in April 2026; operators should restrict network exposure, isolate control networks, and contact CTEK support for guidance.

⚠️ Users worldwide are reporting that Facebook is inaccessible, with many seeing a notice that their "account is temporarily unavailable" due to a site issue. Outages tracked by DownDetector began around 4:15 PM ET and appear global. Meta's status page, however, only lists High Disruptions for Facebook Ads Manager, Instagram Boost, and the WhatsApp Business API. Facebook has been contacted for comment; the incident remains under investigation.

⚠ The Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP and FX5-EIP modules contain multiple denial-of-service vulnerabilities that can be triggered by continuous UDP packet streams. The issues have a CVSS 3.1 base score of 7.5 and include an always-incorrect control flow flaw and improper resource shutdown conditions. Mitsubishi released an update for FX5-ENET/IP (v1.107 or later); fixes for FX5-EIP are planned and mitigations are recommended where no fix is available.

🔒 CISA reports multiple critical vulnerabilities in Everon OCPP Backends (api.everon.io) that permit unauthenticated access, session hijacking, credential exposure, and denial-of-service. The advisory details four CVEs, including a CVSS 3.1 score of 9.4 for missing authentication on WebSocket endpoints. Everon reportedly shut down the platform on December 1, 2025; CISA recommends isolating control networks, restricting Internet access, and using secure remote access methods.

🔒 Yokogawa has issued patches for multiple Vnet/IP vulnerabilities affecting CENTUM VP R6 and R7 interface packages that could allow denial-of-service or, in one case, arbitrary code execution. Affected packages (VP6C3300 and VP7C3300) at or below R1.07.00 are vulnerable; the flaws are tracked as CVE-2025-1924 and CVE-2025-48019 through CVE-2025-48023. CISA reports CVSS scores up to 6.9 (MEDIUM) and recommends applying vendor patch R1.08.00 and following advisory YSAR-26-0002 for implementation guidance.