Tag: CISA

CISA Warns for Flaws Affecting Industrial Control Systems from Major Manufacturers
Events, Risk, Security

CISA Warns for Flaws Affecting Industrial Control Systems from Major Manufacturers

Sewio, InHand Networks, Sauter Controls, and Siemens products are all affected by serious security issues, according to a number of Industrial Control Systems (ICS) advisories published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The most serious vulnerability affects Sewio's RTLS Studio, which CISA states may be used by an attacker to "get unauthorized access to the server, modify information, create a denial-of-service issue, gain escalation privileges, and execute arbitrary code." This includes CVE-2022-45444 (CVSS score: 10.0), a vulnerability where the application's database has hard-coded passwords for a subset of users that could provide remote adversaries unrestricted access read the complete article CISA Warns for Flaws Affecting Industrial Control ...
7 New Exploited Vulnerabilities are Added to CISA Database
Business

7 New Exploited Vulnerabilities are Added to CISA Database

Based on the evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) decided to add a significant SAP security weakness to its list of known exploited vulnerabilities on Thursday. The problem in question, CVE-2022-22536, was fixed by SAP as part of its Patch Tuesday updates for February 2022. It carries the highest risk score of 10.0 on the CVSS vulnerability scoring system. So, without any delay let's talk about the 7 New Exploited Vulnerabilities Added to CISA Database. Described as an HTTP request smuggling vulnerability, the shortcoming impacts the following product versions - SAP Web Dispatcher (Versions - 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87)SAP Content Server (Version - 7.53)SAP NetWeaver and ABAP Platform (Versions - ...