VulnHub

Real-time Cybersecurity News

Articles tagged "Update"

Found 23 articles

China's 'PlushDaemon' Hackers Infect Routers to Hijack Software Updates

darkreading

Actively Exploited

China's state-sponsored hackers, known as 'PlushDaemon', have developed a method to infect routers and hijack software updates, primarily targeting Chinese organizations. This sophisticated approach allows them to operate under the radar, posing a significant threat to cybersecurity within the region.

Impact: Routers and software update systems used by Chinese organizations.
Remediation: Implement network security measures, regularly update router firmware, and monitor for unusual software update behaviors.
UpdateAPT
Read Original
ICAM365 CCTV Camera Multiple Models

All CISA Advisories

The iCam365 CCTV camera models P201 and QC021 have been identified with critical vulnerabilities allowing unauthorized access to camera video streams and configuration data due to missing authentication for ONVIF and RTSP services. The vulnerabilities carry a CVSS v4 score of 7.0, indicating a significant risk that requires immediate attention and mitigation.

Impact: Affected products include iCam365 ROBOT PT Camera P201 (Versions 43.4.0.0 and prior) and Night Vision Camera QC021 (Versions 43.4.0.0 and prior). Vendor: iCam365.
Remediation: CISA recommends minimizing network exposure for all control system devices, ensuring they are not accessible from the Internet. Control system networks and remote devices should be located behind firewalls and isolated from business networks. When remote access is necessary, use secure methods like Virtual Private Networks (VPNs). Organizations should perform proper impact analysis and risk assessment prior to deploying defensive measures. Additional guidance is available on the CISA ICS webpage.
CVEVulnerabilityUpdateCritical
Read Original
Festo Didactic products

All CISA Advisories

The article details a critical vulnerability (CVE-2023-26293) in Festo Didactic products, specifically related to improper input validation in Siemens TIA-Portal versions V15 to V18, which could allow attackers to create or overwrite arbitrary files. With a CVSS v3.1 score of 7.8, this vulnerability poses significant risks to engineering systems and requires immediate attention from users to mitigate potential exploitation.

Impact: Affected products include Siemens TIA-Portal V15 prior to V17 Update 6, Siemens TIA-Portal V18 prior to V18 Update 1, all versions of Festo Hardware MES PC, and all versions of Festo Hardware TP260 (before June 2023). Vendor: Festo SE & Co. KG.
Remediation: Festo recommends users of affected devices to update TIA-Portal to the latest versions. Specifically, users should update to Siemens TIA-Portal V17 Update 6 or later and Siemens TIA-Portal V18 Update 1 or later. For further details, refer to Siemens SSA-116924 and Festo's security advisory FSA-202303.
PhishingCVEExploitVulnerabilityUpdateCritical
Read Original
Opto 22 GRV-EPIC and groov RIO

All CISA Advisories

The Opto 22 GRV-EPIC and groov RIO products are vulnerable to an OS Command Injection flaw that could allow remote attackers to execute arbitrary shell commands with root privileges. This vulnerability, identified as CVE-2025-13087, has a CVSS v4 score of 7.5, indicating a significant risk to affected systems.

Impact: Affected products include GRV-EPIC-PR1 and GRV-EPIC-PR2 (Firmware versions prior to 4.0.3), groov RIO GRV-R7-MM1001-10, GRV-R7-MM2001-10, and GRV-R7-I1VAPM-3 (all with Firmware versions prior to 4.0.3). Vendor: Opto 22.
Remediation: Opto 22 has published a patch to address this vulnerability. Users are recommended to upgrade to GRV-EPIC and groov RIO Firmware Version 4.0.3. Additional defensive measures include minimizing network exposure for control system devices, using firewalls, and employing secure remote access methods like VPNs.
CVEVulnerabilityPatchUpdateCritical
Read Original
Festo MSE6-C2M/D2M/E2M

All CISA Advisories

The Festo MSE6-C2M/D2M/E2M series has a critical vulnerability (CVE-2023-3634) that allows remote authenticated attackers to exploit undocumented test modes, leading to severe risks including loss of confidentiality, integrity, and availability. This vulnerability has a CVSS score of 8.8, indicating a high severity level and necessitating immediate attention and remediation.

Impact: Affected products include: MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD, MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L5-AGD, MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L4-MQ1-AGD, MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L5-MQ1-AGD, MSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD, MSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD, MSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD, MSE6-E2M-5000-FB13-AGD, MSE6-E2M-5000-FB36-AGD, MSE6-E2M-5000-FB37-AGD, MSE6-E2M-5000-FB43-AGD, MSE6-E2M-5000-FB44-AGD. Vendor: Festo SE & Co. KG.
Remediation: Festo has updated the user documentation in the next product version to address this issue. Recommended defensive measures include minimizing network exposure for control systems, using firewalls, and secure remote access methods like VPNs. Organizations should also perform impact analysis and risk assessments before deploying defensive measures.
PhishingCVEExploitVulnerabilityUpdateCritical
Read Original
Emerson Appleton UPSMON-PRO

All CISA Advisories

The Emerson Appleton UPSMON-PRO vulnerability, identified as CVE-2024-3871, is a stack-based buffer overflow that could allow remote attackers to execute arbitrary code with SYSTEM privileges. This critical vulnerability, with a CVSS v4 score of 9.3, affects versions 2.6 and prior of the product, which is now End of Life and unsupported, necessitating immediate action from users.

Impact: Affected products include Emerson Appleton UPSMON-PRO versions 2.6 and prior. The vulnerability could affect critical infrastructure sectors such as Critical Manufacturing, Healthcare, and Public Health worldwide.
Remediation: Users are recommended to replace the Appleton UPSMON-PRO product or apply the following mitigations: block UDP port 2601 at the firewall level for all installations, isolate UPS monitoring networks from general corporate networks, implement network-level packet filtering to reject oversized UDP packets to port 2601, and monitor for UPSMONProSer.exe service crashes. Long-term strategies include replacing UPSMON-PRO with an actively supported UPS monitoring solution and implementing defense-in-depth strategies for critical power infrastructure monitoring.
CVEVulnerabilityUpdateCritical
Read Original
Automated Logic WebCTRL Premium Server

All CISA Advisories

The Automated Logic WebCTRL Premium Server has critical vulnerabilities, including an Open Redirect and Cross-site Scripting, with a CVSS v4 score of 8.6. Successful exploitation could allow remote attackers to redirect users to malicious sites or execute malicious scripts in their browsers, posing significant security risks.

Impact: Affected products include: Automated Logic WebCTRL Server (Versions 6.1, 7.0, 8.0, 8.5), Carrier i-Vu (Versions 6.1, 7.0, 8.0, 8.5), Automated Logic SiteScan Web (Versions 6.1, 7.0, 8.0, 8.5), and Automated Logic WebCTRL for OEMs (Versions 6.1, 7.0, 8.0, 8.5). Vendor: Automated Logic.
Remediation: Users are advised to upgrade to WebCTRL version 9.0, as vulnerabilities have been remediated in this version. WebCTRL 7.0, WebCTRL 6.1, and i-Vu 6.0 are out of support. Users should follow Automated Logic's Security Best Practices Checklists for Building Automation Systems (BAS) to align with best practices installation guidelines. CISA recommends minimizing network exposure for control system devices, using firewalls, and employing secure remote access methods like VPNs.
PhishingCVEExploitVulnerabilityUpdateCritical
Read Original
NHS Warns of PoC Exploit for 7-Zip Symbolic Link–Based RCE Vulnerability

The Hacker News

The NHS England Digital has issued a warning regarding a security vulnerability in 7-Zip, identified as CVE-2025-11001, which allows for remote code execution through symbolic links. Although no active exploitation has been observed, a public proof-of-concept exploit exists, raising concerns about potential future threats.

Impact: 7-Zip software, specifically versions affected by CVE-2025-11001.
Remediation: Users are advised to update to the latest version of 7-Zip to mitigate the risk associated with this vulnerability. Additionally, monitoring for any updates from the vendor regarding patches or security advisories is recommended.
CVEExploitVulnerabilityUpdateRCE
Read Original
PreviousPage 2 of 2