CISA and the Australian Cybersecurity Center (ACSC) released a joint Cybersecurity Advisory (CSA) that explains the top malware strains observed in 2021.

Sources: 2021 Top Malware Strains, CISA

Cisco released security updates for RV Series Routers due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Cisco Security Advisories, CISA

F5 released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: F5 Security Advisory, CISA

The Inductive Automation Ignition contains improper restriction of XML external entity reference that could lead to an attacker gaining file contents.

Sources: Inductive Automation Support, CISA

The Digi International ConnectPort X2D Gateway contains an execution with unnecessary privileges vulnerability that could lead to code execution.

Sources: Digi International Support, CISA

VMware released security updates for VMware’s Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation due to multiple vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: VMware Advisory, CISA

Delta Electronics DIAEnergie contains path traversal, incorrect default permissions, SQL injection and uncontrolled search path elements that could lead to remote code execution and cause a user to carry out an action unintentionally.

Sources: Delta Electronics, CISA

Delta Electronics DIAEnergie contains multiple vulnerabilities that could lead to an attacker retrieving passwords in cleartext, remotely executing code, causing a user to carry out an action unintentionally or logging in and using the device with administrative privileges.

Sources: Delta Electronics, CISA

Mitsubishi Electric FA Engineering Software Products contain heap-based buffer overflow and improper handling of length parameter inconsistency vulnerabilities that could lead to a denial-of-service condition.

Sources: Mitsubishi Electric software updates, CISA

Mitsubishi Electric Factory Automation Engineering products contain an unquoted search path or element vulnerability that could lead to an attacker gaining unauthorized information, editing information or causing a denial-of-service condition.

Sources: Mitsubishi Electric, CISA, Mitsubishi Electric software updates

Mitsubishi Electric Factory Automation products contain a path traversal vulnerability that could lead to an attacker gaining unauthorized information, tampering with the information or causing a denial-of-service condition.

Sources: Mitsubishi Electric, CISA