Boris Johnson pleads ignorance, which just might work

2023-07-17 02:20

CVSS 9.8 - Multiple CVEs: Siemens RUGGEDCOM ROX switches running software versions 2.16.0 or older are packed with vulnerabilities that could allow an attacker to send malformed HTTP packets to achieve MITM status and execute arbitrary code.

CVSS 9.8 - Multiple CVEs: Experion's PKS, LX and PlantCruise contain a series of vulnerabilities that could cause DoS or let an attacker elevate permissions and remotely execute code.

CVSS 8.2 - Multiple CVEs: Siemens SIMATIC MV500 series devices contain a series of vulnerabilities that an attacker could use to read memory contents or cause DoS. CVSS 8.2 - Multiple CVEs: BD Alaris medical pumps and several elements of their software are vulnerable to a bunch of issues that an attacker could use to compromise data, hijack sessions, modify firmware, and otherwise cause serious damage.

Only a single new known exploited vulnerability was added to CISA's database this week: a 9.8 CVSS RCE vulnerability issue in Netwrix Auditor server and agent software that could allow an attacker to execute arbitrary code.

The Forum of Incident Response and Security Teams unveiled the fourth iteration of its Common Vulnerability Scoring System this week with promises to "Provide the highest fidelity of vulnerability assessment for both industry and the public."

There are a number of changes in CVSS 4.0, like the removal of the "Scope" concept and its replacement with "Vulnerable" and "Subsequent" system impacts, vulnerability scoring for software libraries and allowance for multiple base scores.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/07/17/infosec_in_brief/