Cisco released a security update for the Adaptive Security Appliance Software and Firepower Threat Defense Software due to a vulnerability that could lead to an attacker gaining sensitive information.

Sources: Cisco advisory, CISA

CISA and the FBI released a joint CSA (cybersecurity advisory) sharing information about Zeppelin ransomware.

Sources: Joint CSA, CISA

CISA released 25 Industrial Control Systems Advisories for different Siemens products due to vulnerabilities found.

Sources: CISA

Schneider Electric EcoStruxure, EcoStruxure Process Expert and SCADAPack RemoteConnect for x70 contain heap-based buffer overflow, wrap or wraparound, classic buffer overflow and out-of-bounds write vulnerabilities.

Sources: EcoStruxure Control Expert, CISA, EcoStruxure Process Expert, SCADAPack RemoteConnect

Baxter Sigma Spectrum Infusion Pumps contain use of hard-coded password, cleartext transmission of sensitive data, incorrect permission assignment for critical resource and operation on a resource after expiration or release vulnerabilities.

Sources: Baxter security bulletin, CISA

Palo Alto Networks released a security update for PAN-OS firewall configurations due to a vulnerability found that could lead to a denial-of-service.

Sources: Palo Alto Networks security advisory, CISA

The Emerson ControlWave contains an insufficient verification of data authenticity vulnerability that could lead to file manipulation, remote code execution or denial-of-service.

Sources: Emerson Support, CISA

Emerson OpenBSI contains use of broken or risky cryptographic algorithm and use of hard-coded cryptographic key vulnerabilities that could lead to remote code execution, change controller configuration or cause a denial-of-service condition.

Sources: OpenBSI Utilities Manual, CISA

Mitsubishi Electric GT SoftGOT2000 contains an infinite loop vulnerability and an OS command injection vulnerability that could lead to a denial-of-service condition or enable arbitrary code execution.

Sources: Mitsubishi Electric’s security advisory, CISA

VMware released security updates for vRealize Operations due to vulnerabilities found that could allow an attacker to gain control of affected systems.

Sources: VMware, CISA

Microsoft released security updates due to multiple vulnerabilities found in Microsoft software that could lead to an attacker gaining control of affected systems.

Sources: Microsoft security updates, CISA

Adobe released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Adobe Commerce, Adobe Acrobat and Reader, Illustrator, FrameMaker, Premiere Elements, CISA