Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of September 26 - October 2. Sign up to get these updates right to your inbox!
A new Chrome version was released with security updates that addressed vulnerabilities an attacker could use to take control of affected systems.
Sources: chromereleases.googleblog.com
There is an improper authentication in Fortinet FortiManager version 6.4.3 and below. Lower versions also allow an attacker to assign arbitrary policy and object modules.
Sources: fortiguard.com
Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5, and ServerProtect for Microsoft Windows / Novell Netware 5.8 all contain a vulnerability someone could exploit to bypass authentication.
Sources: nvd.nist.gov
Hikvision released updates addressing an injection vulnerability, CVE-2021-36260, in their cameras that use a web server service an attacker could use to take control of a device.
Sources: hikvision.com
CISA and the NSA released a cybersecurity information sheet that explains virtual private network (VPN) security risks. They also include ways to harden VPNs.
Sources: nsa.gov
Versions 18.x and 19.x of Dell NetWorker has a path traversal vulnerability that would allow an attacker to gain access to unauthorized information.
Sources: dell.com
Before version 5.8.5 of Nagios XI, it incorrectly allows manage_services.sh wildcards.
Sources: nagios.com
