Security News

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code execution and denial-of-service conditions. "A Control Component Library may be modified by a bad actor and loaded to a controller such that malicious code is executed by the controller," Honeywell noted in an independent security notification published earlier this February.

Google has released the Android October security updates, addressing 41 vulnerabilities, all ranging between high and critical severity. On the 5th of each month, Google releases the complete security patch for the Android OS which contains both the framework and the vendor fixes for that month.

Network-attached storage maker QNAP has patched its QVR video management system against two critical-severity issues that could be exploited to run arbitrary commands. QNAP promotes its QVR software as a professional solution that allows real-time video monitoring, recording, playback, and alarm notifications when coupled with supported IP cameras.

Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, and could allow an adversary to bypass path traversal checks and delete any file, causing the devices to reboot to factory default settings.

Exploit code that could be used for remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 has been released today and attackers are already using it. Publicly disclosed earlier this week when VMware also addressed it, the bug comes with a critical severity rating of 9.8 and a strong recommendation to install the available patch.

Exploit code that could be used to achieve remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 is currently spreading online. Publicly disclosed earlier this week when VMware also addressed it, the bug comes with a critical severity rating of 9.8 and a strong recommendation to install the available patch.

Cisco is warning three critical security vulnerabilities affect its flagship IOS XE software, the operating system for most of its enterprise networking portfolio. The most severe of the critical bugs is an unauthenticated remote-code-execution and denial-of-service bug, affecting the Cisco Catalyst 9000 family of wireless controllers.

Cisco has patched three critical vulnerabilities affecting components in its IOS XE internetworking operating system powering routers and wireless controllers, or products running with a specific configuration.The worst of the flaws received the highest severity rating, 10 out of 10; it affects the Cisco Catalyst 9000 Family Wireless Controllers that includes the enterprise-class Catalyst 9800-CL Wireless Controllers for Cloud.

SonicWall has patched a critical security flaw impacting several Secure Mobile Access 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices. The SMA 100 series appliances vulnerable to attacks targeting the improper access control vulnerability tracked as CVE-2021-20034 includes SMA 200, 210, 400, 410, and 500v. There are no temporary mitigations to remove the attack vector, and SonicWall strongly urges impacted customers to deploy security updates that address the flaw as soon as possible.

Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service condition on vulnerable devices. The most severe of the issues is CVE-2021-34770, which Cisco calls a "Logic error" that occurs during the processing of CAPWAP packets that enable a central wireless Controller to manage a group of wireless access points.