All news with #patch tag

Missing Authentication in Siemens SIMATIC ET 200SP Modules

⚠️ Siemens ProductCERT and CISA report a Missing Authentication for Critical Function vulnerability (CVE-2025-40771) affecting SIMATIC ET 200SP CP modules. The flaw allows an unauthenticated remote actor to access device configuration data and is rated highly severe (CVSS v4 9.3; CVSS v3.1 9.8). Siemens advises updating affected modules to V2.4.24 or later and restricting access to trusted IP addresses; CISA recommends minimizing network exposure, isolating control networks, and using secure remote access methods.

Rockwell FactoryTalk Linx MSI Privilege Chaining Flaw

⚠️ Rockwell Automation disclosed two privilege-chaining vulnerabilities in FactoryTalk Linx (versions 6.40 and prior) that allow authenticated Windows users to escalate to SYSTEM privileges by hijacking MSI repair console windows. The issues are tracked as CVE-2025-9067 and CVE-2025-9068 and carry a CVSS v4 base score of 8.5 (CVSS v3.1 7.8). Rockwell recommends applying the Microsoft MSI patch and upgrading to FactoryTalk Linx 6.50 or later; CISA notes these flaws are not remotely exploitable and no public exploitation has been reported.

Siemens SiPass integrated vulnerabilities and update

🔒 Siemens released security updates for SiPass integrated to address four vulnerabilities—an Accusoft ImageGear heap-based buffer overflow, stored cross-site scripting, an authorization bypass via user-controlled keys, and recoverable password storage. Exploitation could enable account compromise, data manipulation, impersonation, or arbitrary code execution on affected servers. Siemens recommends updating to V3.0, restricting access to trusted personnel, and avoiding untrusted image uploads; CISA advises isolating devices and using secure remote access.

Hitachi Energy MACH GWS Vulnerabilities — Patch Alert

⚠️ Hitachi Energy reported three vulnerabilities in MACH GWS (versions 3.0.0.0–3.4.0.0) that could enable local tampering, denial-of-service via IEC 61850 message handling, or remote man-in-the-middle attacks. The issues are categorized as Incorrect Default Permissions, Improper Validation of Integrity Check Value, and Improper Certificate Validation and carry CVSS v4 scores up to 7.1. Hitachi Energy recommends updating to MACH GWS 3.5 immediately and following deployment guidance such as network segregation, minimal exposed ports, scanning removable media, and enforcing strong password policies. CISA notes no known public exploitation at this time.

Rockwell FactoryTalk ViewPoint XML External Entity Flaw

🔒 Rockwell Automation reported a FactoryTalk ViewPoint XML External Entity (XXE) vulnerability (CVE-2025-9066) that can be exploited remotely with low attack complexity to induce a temporary denial-of-service via crafted SOAP requests. Affected devices include PanelView Plus 7 terminals (version 14 and prior). Rockwell released firmware fixes and patches, and CISA recommends minimizing network exposure, isolating control networks, and applying vendor updates promptly. The vulnerability is scored CVSS v4 8.7 (CVSS v3.1 7.5).

Siemens HyperLynx and Industrial Edge Publisher Security

⚠️ Siemens disclosed a type confusion vulnerability (CVE-2025-6554) affecting HyperLynx and Industrial Edge App Publisher, which can enable remote arbitrary read/write and potential code execution via crafted HTML. The issue carries a CVSS v4 base score of 7.0 and a v3.1 score up to 8.1 depending on context. Siemens has released v1.23.5 for App Publisher; no fix is available yet for HyperLynx. Organizations should restrict network exposure, isolate control systems, use secure remote access, and follow Siemens and CISA guidance to mitigate risk.

Siemens TeleControl Server Basic: Remote Auth Bypass

🔒 Siemens TeleControl Server Basic V3.1 contains a critical missing-authentication vulnerability (CVE-2025-40765) that allows unauthenticated remote attackers to obtain user password hashes and perform authenticated database operations. The issue carries a CVSS v3.1 score of 9.8 and a CVSS v4 score of 9.3, with network attack vector and low attack complexity. Siemens advises updating to V3.1.2.3 or later and restricting access to port 8000; CISA emphasizes isolating control networks and minimizing internet exposure. Tenable reported the issue and, to date, CISA has not received reports of public exploitation.

Rockwell Automation PanelView and FactoryTalk ME Flaws

🔒 Rockwell Automation disclosed vulnerabilities in FactoryTalk View Machine Edition and PanelView Plus 7 that can allow unauthorized access to device file systems and diagnostic data. CVE-2025-9064 is a network-exploitable path traversal issue; CVE-2025-9063 is an improper-authorization flaw tied to an ActiveX control. Rockwell recommends installing provided firmware and software updates, and CISA advises minimizing network exposure, isolating control networks, and using secure remote access.

ThreatsDay Bulletin: $15B Crypto Seizure, Weekly Risks

🔔 This week’s ThreatsDay bulletin highlights a historic U.S. DOJ seizure of roughly $15 billion in cryptocurrency linked to an alleged transnational fraud network, alongside active commodity malware, phishing-as-a-service, and novel abuses of legitimate tools. Notable incidents include the Brazil-distributed Maverick banking trojan spread via a WhatsApp worm, consumer-grade interception of geostationary satellite traffic, and UEFI BombShell flaws enabling bootkit persistence. Priorities: identity resilience, patching, and monitoring of remote-access and cloud services.

Nation-state Breach Exposes F5 BIG-IP Source Code

⚠️ F5 has confirmed a nation-state actor maintained persistent access to its development systems, including the BIG-IP product development environment and engineering knowledge management platforms, with discovery in August and customer notification on October 15. The breach included stolen files containing BIG-IP source code and information on undisclosed vulnerabilities. While F5 reports no known active exploitation, it and CISA have urged immediate patching and mitigations, and the US government delayed public disclosure in September after a Justice Department order.

F5 Issues BIG-IP Patches After Stolen Vulnerabilities

🔒 F5 has released security updates for BIG-IP products to address vulnerabilities whose details were stolen during a state-linked breach detected on August 9, 2025. The vendor patched 44 issues across BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients and says it has not seen evidence the flaws were exploited or publicly disclosed. Customers are urged to apply updates immediately and follow F5's guidance to increase logging and monitoring.

OpenPLC and Planet WGR-500: Multiple Vulnerabilities

⚠️ Cisco Talos disclosed vulnerabilities affecting OpenPLC and the Planet WGR-500 industrial router, including a ModbusTCP denial-of-service and multiple critical flaws in HTTP-handling functions. The OpenPLC issue (TALOS-2025-2223 / CVE-2025-53476) can be triggered by a crafted series of TCP connections to exhaust the ModbusTCP server. Planet WGR-500 vulnerabilities (TALOS-2025-2226–2229 / CVE-2025-54399–54406, CVE-2025-48826) include stack-based buffer overflows, format string, and OS command injection flaws that may lead to memory corruption or arbitrary command execution.

September 2025 Windows Server Updates Break AD Sync

⚠️ Microsoft confirmed that the September 2025 security updates are causing Active Directory synchronization problems on Windows Server 2025, affecting applications that use the DirSync control such as Microsoft Entra Connect Sync. The issue can result in incomplete synchronization of large AD security groups exceeding 10,000 members. Microsoft recommends a registry workaround (DWORD 2362988687 = 0) while engineers work on a fix, and warns about risks of editing the registry.

Slider Revolution Arbitrary File Read Affects 4M Sites

⚠ A critical Arbitrary File Read vulnerability (CVE-2025-9217) was found in the widely used Slider Revolution WordPress plugin, affecting versions up to 6.7.36. The bug allowed authenticated users with contributor-level access or higher to read arbitrary files on the server by abusing two export parameters, used_svg and used_images. ThemePunch released a patch (6.7.37) on August 28 after a report to Wordfence; administrators should update immediately to protect site data.

CISA Adds KEV Entry: Adobe Experience Manager Vulnerability

🔔CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-54253, an Adobe Experience Manager Forms code execution vulnerability that CISA says shows evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by their assigned due dates. CISA strongly urges all organizations to prioritize timely remediation and follow vendor guidance and standard patch management practices; the agency will continue updating the catalog as new exploitation evidence emerges.

CISA Emergency Directive Targets Critical F5 Flaws

🛡️ CISA has issued Emergency Directive 26-01 requiring Federal Civilian Executive Branch agencies to install vendor-provided updates for at-risk F5 devices and software — including F5OS, BIG-IP TMOS, BIG-IQ, and BNK/CNF — by October 22, 2025. The action responds to disclosure that a nation-state actor maintained persistent access to F5 development environments and exfiltrated files containing embedded credentials and API keys. CISA will assess and support agency adherence and urges all entities using these products to apply mitigations immediately.

CISA Orders Federal Agencies to Patch F5 Devices Now

⚠ CISA issued Emergency Directive ED 26-01 directing Federal Civilian Executive Branch agencies to inventory and secure F5 BIG-IP hardware and software, assess public internet exposure of management interfaces, and apply vendor patches. Agencies must update specified F5 products by Oct. 22, 2025 (other devices by Oct. 31) and submit inventories to CISA by Oct. 29, 2025. The directive responds to a nation-state actor compromise that exfiltrated BIG-IP source code and vulnerability data.

Microsoft October Patch Tuesday addresses 172 bugs

🔒 Microsoft’s October Patch Tuesday delivers updates for 172 vulnerabilities, including six classed as zero-days. Three of those zero-days are being actively exploited, affecting the Windows Remote Access Connection Manager (CVE-2025-59230), an Agere modem kernel driver, and a secure-boot bypass in IGEL OS (CVE-2025-47827). Microsoft has removed the legacy Agere driver rather than patch it, citing risks in modifying unsupported code. This release also marks the final free Patch Tuesday for Windows 10; continued updates will require the Extended Security Updates (ESU) program.

Microsoft Patches 183 Flaws; Two Windows Zero-Days

🔒 Microsoft released updates addressing 183 vulnerabilities across its products, including three flaws now known to be exploited in the wild. Two Windows zero-days — CVE-2025-24990 (Agere modem driver, ltmdm64.sys) and CVE-2025-59230 (RasMan) — can grant local elevation of privilege; Microsoft plans to remove the legacy Agere driver rather than patch it. A third exploited issue bypasses Secure Boot in IGEL OS (CVE-2025-47827). With Windows 10 support ending unless enrolled in ESU, organizations should prioritize these fixes; CISA has added the three to its KEV catalog and set a federal remediation deadline.

SAP issues patches for NetWeaver deserialization RCE

🔒 SAP has released security updates addressing 13 vulnerabilities, including a maximum-severity insecure deserialization flaw in NetWeaver AS Java (CVE-2025-42944, CVSS 10.0) that can lead to arbitrary OS command execution via the RMI‑P4 module. The vendor's latest patch adds a JVM-wide serial filter (jdk.serialFilter) to block dangerous classes and packages — a list curated with the ORL and recommended by security firm Onapsis — and complements an earlier remediation issued last month. Other critical fixes include a directory traversal in SAP Print Service (CVE-2025-42937, 9.8) and an unrestricted file upload in SAP Supplier Relationship Management (CVE-2025-42910, 9.0); administrators are urged to apply patches and mitigations immediately.