All news with #zenitel tag

Tue, November 25, 2025

Zenitel TCIV-3+ Multiple Remote Code Execution Flaws

#Security Advisory #Zenitel #RCE #OS Command Injection #Cross-Site Scripting #Out-of-Bounds Write

⚠️ Zenitel has disclosed multiple high‑severity vulnerabilities in the TCIV-3+ intercom device, including three OS command injection flaws, an out‑of‑bounds write, and a reflected XSS. The issues (CVE-2025-64126 through CVE-2025-64130) carry high CVSS ratings — several are scored CVSS v4 10.0 — and can be exploited remotely with low complexity. Zenitel advises upgrading to version 9.3.3.0 or later; CISA recommends isolating devices, minimizing Internet exposure, and applying defensive controls until patches are deployed.

Tue, November 25, 2025

CISA Releases Seven Industrial Control Systems Advisories

#Security Advisory #Industrial Control Systems #Rockwell Automation #Mitsubishi Electric #Opto 22 #Festo #Zenitel #SiRcom #Ashlar-Vellum

🔔 CISA released seven new Industrial Control Systems advisories addressing vulnerabilities across multiple vendors and product families. The advisories cover Ashlar-Vellum, Rockwell Automation, Zenitel, Opto 22, Festo, SiRcom, and an update for Mitsubishi Electric FA engineering software. Administrators are urged to review technical details and apply recommended mitigations promptly.