< ciso
brief />
Tag Banner

All news with #denial of service tag

104 articles

Mitsubishi MELSEC iQ-F EtherNet/IP DoS Fix

🔒 An integer overflow in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP modules can be exploited remotely to cause a denial-of-service by rapidly opening many TCP connections, leading to improper memory access. A vendor update (version 1.001 or later) is available from Mitsubishi Electric to remediate the issue. Until patched, the vendor recommends network restrictions such as firewalls, VPNs, IP filtering, LAN-only operation, and limiting physical and host access to reduce exposure.
read more →

MELSEC iQ-F FX5-ENET/IP Denial-of-Service Risk

🛡️ Mitsubishi Electric reports an Expected Behavior Violation in the MELSEC iQ-F Series FX5-ENET/IP Ethernet Module that can be exploited to cause a denial-of-service by flooding the device's Ethernet port with packets. No patch is planned; vendors recommend network-level mitigations such as firewalls, VPNs, IP filtering, and restricting physical and network access to reduce exploitation risk.
read more →

Multiple authentication and crash issues in industrial historian

🔒 Rockwell Automation's FactoryTalk Historian Site Edition and related AVEVA PI Data Archive components contain vulnerabilities that can allow authentication bypass, denial of service, or crashes. Race conditions (CWE-362) and uncaught exceptions (CWE-248) are cited; repeated login requests may yield valid tokens. Vendors provide mitigations and patches; CISA urges network segmentation, restricted access, and defensive best practices.
read more →

F5 issues out‑of‑band patches for critical NGINX flaws

🔒 F5 released out-of-band updates to fix multiple NGINX vulnerabilities, including two critical flaws in the ngx_http_v3_module and ngx_http_proxy_v2/_grpc modules that can lead to DoS or code execution. The bugs cause use‑after‑free or heap buffer overflow in worker processes and affect NGINX Plus, Open Source, Gateway Fabric, and Instance Manager. Mitigations include disabling HTTP/3 and adjusting header buffer directives until patches are applied.
read more →

Rockwell FLEX I/O EtherNet/IP Adapter Flaws Fixed

🔒 Rockwell Automation FLEX I/O EtherNet/IP adapters (1794-AENTR) contain vulnerabilities that could enable unauthorized access, account takeover, and denial-of-service. A memory-handling flaw in CIP request processing may cause adapter faults and loss of I/O connectivity, while an embedded web server issue allows unauthenticated password changes via a crafted HTTP GET. Rockwell recommends updating to firmware 2.013 to remediate these issues.
read more →

Rockwell CompactLogix CIP Sequence and Info Leak

🔒 A security advisory details vulnerabilities in Rockwell Automation CompactLogix 1769 controllers where missing validation of CIP sequence numbers and source IPs and exposure of CIP Connection IDs on the device web diagnostics page can be abused to trigger denial-of-service conditions. Rockwell recommends updating affected devices to firmware V38.011 and refers users to advisory SD1776 for mitigation steps. CISA advises minimizing network exposure, placing control systems behind firewalls, using secure remote access like VPNs, and following standard ICS defensive practices and reporting procedures.
read more →

Rockwell Logix 5370/5570 CIP Denial-of-Service Fixes

🛡️ A denial-of-service vulnerability in Rockwell Automation Logix 5370 and 5570 controllers can cause a major nonrecoverable fault (MNRF) when a crafted CIP message is processed, with devices having less memory at greater risk. Rockwell advises updating to specific firmware versions: CompactLogix 5370 (34.016+), Compact GuardLogix 5370 (35.015+), ControlLogix 5570 (36.012+), and GuardLogix 5570 (37.011+). CISA recommends minimizing network exposure, isolating control networks behind firewalls, using secure remote access methods such as VPNs, and following ICS defensive best practices to reduce exploitation risk.
read more →

Researchers warn guardrails can enable AI DoS attacks

🛡️ New research shows that reasoning-based AI agent guardrails can be weaponized into denial-of-service vectors by a single poisoned document that traps safety systems in extended thinking loops. The study, from the Hong Kong University of Science and Technology and collaborators, demonstrated large slowdowns across four agent frameworks, with LangGraph suffering the worst impact. The work highlights a tradeoff where stronger guardrail reasoning increases resource use and introduces concentration risk for shared governance.
read more →

Six Proto6 Vulnerabilities Impact protobuf.js Ecosystem

🔒 Cybersecurity researchers disclosed six vulnerabilities in protobuf.js, the JavaScript/TypeScript implementation of Protocol Buffers, that can enable remote code execution (RCE) and denial-of-service (DoS) when untrusted schemas or payloads are processed. Named Proto6, the flaws affect Node.js apps, Google Cloud client libraries, messaging frameworks like Baileys, and CI/CD pipelines. Patches are available in protobufjs 7.5.6 and 8.0.2 and protobufjs-cli 1.2.1 and 2.0.2, and users are urged to update to mitigate risks stemming from trusting schema and metadata by default.
read more →

CISA Adds Actively Exploited SolarWinds Flaw

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity DoS vulnerability in SolarWinds Serv-U (CVE-2026-28318, CVSS 7.5) to its Known Exploited Vulnerabilities catalog, citing active exploitation. The bug causes uncontrolled resource consumption and crashes the Serv-U service via specially crafted POST requests using Content-Encoding: deflate. SolarWinds released a fix in Serv-U version 15.5.4 HF1 and recommends limiting access and blocking requests with content-encoding as mitigations. Federal agencies must remediate by June 19, 2026.
read more →

CISA warns of active exploitation of Serv‑U DoS flaw

⚠️ CISA warns that threat actors are actively exploiting a recently patched high-severity SolarWinds Serv-U flaw (CVE-2026-28318) that allows unauthenticated attackers to crash Serv-U file-transfer services via specially crafted POST requests using Content-Encoding: deflate. SolarWinds issued Serv-U 15.5.4 Hotfix 1 to address an uncontrolled resource consumption weakness and advised mitigation steps for admins who cannot immediately patch. Shodan and Shadowserver show thousands of Serv-U instances exposed online, prompting CISA to add the flaw to its Known Exploited Vulnerabilities Catalog and require federal agencies to remediate by June 19 under BOD 22-01.
read more →

HTTP/2 header flaw enables new DoS attacks

🔍 Security researchers disclosed a flaw in default HTTP/2 configurations that enables a denial-of-service technique dubbed the "HTTP/2 Bomb." The issue abuses HPACK header compression and flow-control behavior to force excessive memory allocations and hold them, impacting servers such as nginx, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare’s Pingora. Patches have been released for several implementations, and mitigations include disabling HTTP/2 or enforcing header count caps.
read more →

Hitachi Energy RTU500: Multiple Denial‑of‑Service Flaws

🔒 Hitachi Energy has disclosed multiple vulnerabilities affecting RTU500 devices that primarily enable Denial of Service, with potential secondary impacts to confidentiality and integrity. Affected components include PKCS#12 handling, libexpat, and IEC protocol implementations, with issues such as NULL pointer dereferences, integer overflows, and infinite loops. Vendor fixes are available in CMU Firmware versions 13.7.9/13.8.2 (13.7.9 when available), and CISA recommends minimizing network exposure and applying vendor updates and standard mitigations.
read more →

B&R PPT30 OPC‑UA Resource Exhaustion Fix

🔒 B&R has identified a resource exhaustion vulnerability in the OPC‑UA Server used in PPT30 Operating System versions before 1.8.0 that can render the OPC‑UA service inaccessible. The vendor corrected the issue in PPT30 Operating System 1.8.0 and notes the OPC‑UA server is not enabled by default. B&R and CISA recommend updating affected devices, restricting OPC‑UA activation to required systems, and segmenting and firewalling networks to limit access.
read more →

Hitachi Energy ITT600 Explorer DoS Vulnerabilities

🛡️ Hitachi Energy disclosed vulnerabilities in the ITT600 Explorer that can enable Denial of Service (DoS) via crafted IEC61850 messages when IEC61850 server simulation is used. A stack overflow in the libexpat library and uncontrolled recursion/resource allocation issues are identified; affected versions should be updated to 2.1 SP6 HF1 or later and plan for 2.2. CISA republishes the vendor advisory and recommends standard ICS network protections and patching.
read more →

New HTTP/2 Bomb DoS Crashes Major Web Servers

🛡️ A newly discovered DoS technique called HTTP/2 Bomb can bring down default HTTP/2 deployments of major servers (NGINX, Apache, IIS, Envoy, Cloudflare Pingora) from a single machine in seconds. Discovered with assistance from OpenAI's Codex and reported by Calif researchers, it combines HPACK compression amplification with flow-control stalling to force massive memory allocations and prevent their release. Proof-of-concept exploits exist and patches or mitigations are partially available.
read more →

HTTP/2 Bomb: New Remote DoS Impacting Major Servers

🛡️ Cybersecurity researchers disclosed a remote denial-of-service exploit called HTTP/2 Bomb that affects major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The flaw leverages HPACK header compression combined with a zero-byte flow-control hold to amplify tiny on-wire headers into large server allocations. Vendors have released patches for some products and provided configuration mitigations for others while several popular implementations remain unpatched.
read more →

ABB B&R Automation Runtime SDM Denial of Service

🔒 An Improper Resource Locking vulnerability in the System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network attacker to delete data and cause denial of service. The vendor corrected the issue in Automation Runtime 6.3 and Q4.93 and notes SDM is disabled by default in AR 6. B&R recommends applying updates, restricting SDM access, using TLS/mutual TLS, and limiting webserver access to trusted IPs.
read more →

Microsoft warns of two actively exploited Defender flaws

🔒 Microsoft disclosed two Microsoft Defender vulnerabilities under active exploitation: CVE-2026-41091, a local privilege escalation rated 7.8 that can allow an attacker to gain SYSTEM privileges via improper link resolution, and CVE-2026-45498, a denial-of-service issue rated 4.0. Both are addressed in Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7. Systems with Defender disabled are not affected; updates are applied automatically through malware definitions and the Microsoft Malware Protection Engine.
read more →

Microsoft Warns: Two Defender Zero-Days Patched Urgently

🛡️ Microsoft released emergency updates on Wednesday to address two actively exploited Microsoft Defender zero-day vulnerabilities. The first, CVE-2026-41091, affects the Microsoft Malware Protection Engine and can be abused to achieve SYSTEM privileges via improper link resolution before file access. The second, CVE-2026-45498, impacts the Defender Antimalware Platform and may be used to trigger denial-of-service; Microsoft says updates should deploy automatically but advises administrators to verify platform and signature versions and confirm successful installation.
read more →