All news with #security advisory tag

Siemens Altair Grid Engine Vulnerabilities Advisory Notice

⚠️ Siemens Altair Grid Engine contains multiple local vulnerabilities that can enable privilege escalation and arbitrary code execution with superuser rights. One issue discloses password hashes in error messages (CWE-209, CVE-2025-40760, CVSS 5.5) and another allows library path hijacking via uncontrolled environment variables (CWE-427, CVE-2025-40763, CVSS 7.8). Siemens and CISA recommend updating to V2026.0.0 and applying mitigations such as removing setuid bits from affected binaries where appropriate.

Rockwell Automation FactoryTalk DataMosaix Vulnerabilities

🔒 Rockwell Automation disclosed multiple vulnerabilities in FactoryTalk DataMosaix Private Cloud that can enable MFA bypass and persistent cross-site scripting. The issues, tracked as CVE-2025-11084 and CVE-2025-11085, affect 7.11 and selected 8.x releases and carry CVSS v4 scores up to 8.6, indicating high severity. Rockwell has released patches and CISA advises applying updates, minimizing network exposure, and isolating control networks to reduce remote exploitation risk.

Siemens COMOS: Critical RCE and Data Exposure Fixes

⚠ Siemens warns that COMOS contains two high‑severity vulnerabilities — CVE-2023-45133 (CVSS 9.3) and CVE-2024-0056 (CVSS 8.7) — which can enable remote code execution or expose sensitive information. Siemens has released a patch in COMOS V10.4.5 and advises operators to update promptly. Implement network segmentation, avoid direct internet exposure of control systems, and follow Siemens and CISA guidance for secure remote access and system hardening.

Mitsubishi MELSEC iQ-F Series TCP DoS Vulnerability

🚨 Mitsubishi Electric disclosed a TCP communication vulnerability (CVE-2025-10259) in the MELSEC iQ-F Series CPU modules that can be triggered remotely to disconnect a session and cause a denial-of-service condition. The issue is remotely exploitable with low attack complexity and carries a CVSS v3.1 base score of 5.3. Mitsubishi recommends using VPNs and limiting physical and LAN access while applying vendor guidance and assessing risk.

AVEVA Edge cryptographic weakness enables password recovery

🔒 AVEVA has released advisory ICSA-25-317-03 addressing a cryptographic weakness in AVEVA Edge (formerly InduSoft Web Studio) that could allow a local actor with read access to project or offline cache files to brute-force user or Active Directory passwords. The issue is tracked as CVE-2025-9317 and carries a CVSS v4 base score of 8.3. AVEVA provides a 2023 R2 P01 Security Update and recommends project migration, password resets, and tightened file access controls. This vulnerability is not remotely exploitable according to CISA.

Critical Flaws in General Industrial Controls Lynx+ Gateway

⚠️ CISA reports multiple high-severity vulnerabilities affecting General Industrial Controls Lynx+ Gateway, including weak password requirements, missing authentication for critical functions, and cleartext transmission of sensitive data. These issues carry CVSS v4 scores up to 9.2 and permit remote exploitation with low attack complexity, potentially enabling unauthorized access, device resets, information disclosure, or denial-of-service. Affected firmware versions include R08, V03, V05, and V18; the findings were disclosed in November 2025. CISA recommends minimizing network exposure, isolating control devices behind firewalls, and using secure remote access methods such as updated VPNs while coordinating with the vendor.

Rockwell Automation Verve Asset Manager Access Control Flaw

🔒 Rockwell Automation disclosed an Incorrect Authorization vulnerability in Verve Asset Manager that allows unauthorized read‑only users to read, update, and delete user accounts via the product API. The issue is tracked as CVE-2025-11862 and CISA reports a CVSS v4 base score of 8.4, noting remote exploitability and low attack complexity. Affected releases include versions 1.33 through 1.41.3; Rockwell fixed the flaw in 1.41.4 and 1.42. Administrators should prioritize updates and apply network mitigations to limit exposure.

Rockwell Studio 5000 Simulation Interface Vulnerabilities

⚠️ Rockwell Automation disclosed two local vulnerabilities in Studio 5000 Simulation Interface (version 2.02 and earlier) that allow path traversal–based local code execution (CVE-2025-11696) and a local SSRF that can trigger outbound SMB requests for NTLM hash capture (CVE-2025-11697). Both issues carry high severity (CVSS v4: 9.3 and 8.8) and are exploitable by low-complexity local attackers. Rockwell recommends upgrading to version 3.0.0 or later; CISA advises isolating control system networks, minimizing exposure, and following secure remote-access practices.

Brightpick Mission Control and Internal Logic Control Flaws

⚠️ CISA published an advisory on November 13, 2025, warning that Brightpick AI devices — Mission Control and Internal Logic Control — contain multiple high-severity weaknesses that are remotely exploitable. Tracked as CVE-2025-64307, CVE-2025-64308, and CVE-2025-64309, the issues include missing authentication, hardcoded credentials in client-side JavaScript, and an unauthenticated WebSocket endpoint. Calculated scores reach up to CVSS v4 8.7, and CISA advises isolating affected systems, minimizing network exposure, and using secure remote access while conducting impact assessments.

ThreatsDay Bulletin: Key Cybersecurity Developments

🔐 This ThreatsDay Bulletin surveys major cyber activity shaping November 2025, from exploited Cisco zero‑days and active malware campaigns to regulatory moves and AI-related leaks. Highlights include CISA's emergency directive after some Cisco updates remained vulnerable, a large-scale study finding 65% of AI firms leaked secrets on GitHub, and a prolific phishing operation abusing Facebook Business Suite. The roundup stresses practical mitigations—verify patch versions, enable secret scanning, and strengthen incident reporting and red‑teaming practices.

CISA Adds Critical WatchGuard Fireware Flaw to KEV

🔒 CISA has added a critical WatchGuard Fireware vulnerability, CVE-2025-9242 (CVSS 9.3), to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The out-of-bounds write in the OS iked process affects Fireware OS 11.10.2 through 11.12.4_Update1, 12.0 through 12.11.3 and 2025.1 and can allow remote unauthenticated code execution. Researchers at watchTowr Labs attribute the flaw to a missing length check on an identification buffer used during the IKE handshake, which permits a pre‑authentication code path before certificate validation. Shadowserver scans show over 54,300 vulnerable Firebox instances worldwide (about 18,500 in the U.S.), and Federal Civilian Executive Branch agencies are directed to apply WatchGuard patches by December 3, 2025.

Canon TTF Printer Vulnerability Allows Remote Code Execution

🖨️ Independent researcher Peter Geissler disclosed a critical vulnerability (CVE-2024-12649) in certain Canon printers that can be triggered simply by printing an XPS document containing a malicious TTF font. The exploit abuses TTF hinting instructions to overflow a virtual-machine stack in the printer’s font engine, allowing code execution on devices running Canon’s DryOS. Canon has issued firmware updates, but organizations should promptly patch, restrict printer exposure, and segment printers to reduce risk.

Microsoft fixes false Windows 10 end-of-support alerts

🔧 Microsoft resolved a bug that caused incorrect end-of-support warnings to appear in Windows Update settings after the October 2025 updates. The cosmetic issue affected Windows 10 22H2 devices enrolled in the Extended Security Updates (ESU) program as well as LTSC 2021 editions that remain supported, but affected systems continued to receive security updates. Microsoft issued a cloud configuration fix and on Nov 11, 2025 released KB5068781; admins can also apply a Known Issue Rollback policy if immediate deployment is required.

Amazon: APT Exploits Cisco ISE and Citrix Zero‑Days

🔒 Amazon Threat Intelligence identified an advanced threat actor exploiting undisclosed zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix products. The actor achieved pre-authentication remote code execution via a newly tracked Cisco deserialization flaw (CVE-2025-20337) and earlier Citrix Bleed Two activity (CVE-2025-5777). Following exploitation, a custom in-memory web shell disguised as IdentityAuditAction was deployed, demonstrating sophisticated evasion using Java reflection, Tomcat request listeners, and DES with nonstandard Base64. Amazon recommends limiting external access to management endpoints and implementing layered defenses and detection coverage.

CISA Adds Three CVEs to KEV Catalog Targeting Federal Assets

🔔CISA added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-9242 (WatchGuard Firebox out-of-bounds write), CVE-2025-12480 (Gladinet Triofox improper access control), and CVE-2025-62215 (Microsoft Windows race condition). Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the required due dates. CISA urges all organizations to prioritize timely remediation and other mitigations to reduce exposure to active threats.

CISA Issues Guidance on Cisco ASA and Firepower Risks

⚠️ CISA released Implementation Guidance for Emergency Directive 25‑03 addressing ongoing exploitation of Cisco ASA and Firepower devices, identifying minimum software versions that remediate known vulnerabilities. The guidance directs federal agencies to perform corrective patching and recommends all organizations verify and apply the specified minimum updates. CISA also provides the RayDetect scanner to analyze ASA core dumps for RayInitiator compromise and offers temporary mitigation recommendations for agencies still completing compliance.

CISA Issues Guidance for Cisco ASA and Firepower Fixes

🔔 CISA released implementation guidance for Cisco ASA and Firepower devices to support Emergency Directive 25-03. The guidance lists minimum software versions that remediate CVE-2025-20333 and CVE-2025-20362 and directs agencies to perform corrective patching. CISA warns multiple organizations believed they had applied updates but had not and recommends all operators verify exact versions. Agencies with devices not yet updated or updated after Sept. 26, 2025, should follow additional temporary mitigations.

Microsoft fixes Windows Task Manager bug hurting performance

⚠️ Microsoft released a fix for a Windows 11 Task Manager issue introduced by the optional preview update KB5067036 that could leave multiple taskmgr.exe processes running after the window was closed. The defect, blamed for stuttering and CPU hangs on affected systems, is resolved in the November cumulative security update KB5068861. Microsoft recommends installing KB5068861, and users who cannot immediately update can temporarily terminate lingering Task Manager processes by running an elevated Command Prompt and executing taskkill.exe /im taskmgr.exe /f.

Microsoft Patches 63 Flaws Including Kernel Zero‑Day

🔒 Microsoft released patches for 63 vulnerabilities, four rated Critical and 59 Important, including a Windows Kernel zero-day (CVE-2025-62215) that Microsoft says is being exploited in the wild. The flaws span privilege escalation, remote code execution, information disclosure and DoS, with notable heap-overflow issues in Graphics Component and WSL GUI. Administrators are urged to prioritize updates where exploits are known or where vulnerabilities permit privilege escalation or remote code execution.

Microsoft Fixes Windows Kernel Zero Day in November

🔒 Microsoft released its November Patch Tuesday updates addressing over 60 CVEs, including an actively exploited Windows kernel zero-day (CVE-2025-62215). The flaw is a race-condition and double-free that can let low-privileged local attackers corrupt kernel memory and escalate to system privileges, though exploitation requires precise timing and local code execution. Administrators should also prioritise a critical GDI+ RCE (CVE-2025-60724, CVSS 9.8) that can be triggered by parsing specially crafted metafiles. Microsoft additionally issued an out-of-band update (KB5071959) to resolve Windows 10 Consumer ESU enrollment failures.