These advisories, published on April 22, 2025, provide detailed information on security flaws, associated Common Vulnerabilities and Exposures (CVEs), and recommended mitigations for affected organizations.
This advisory identifies multiple SQL injection vulnerabilities in Siemens TeleControl Server Basic SQL, exposing systems to unauthorized database access and potential code execution.
The vulnerabilities are present in several internal methods, including CreateTrace CVE-2025-27495 (CVSS v3.1: 9.8), VerifyUser CVE-2025-27539 (CVSS v3.1: 9.8), UpdateConnectionVariables CVE-2025-30002 (CVSS v3.1: 8.8), ImportDatabase CVE-2025-30030 (CVSS v3.1: 8.8), and LockProject CVE-2025-32822 (CVSS v3.1: 8.8).
Each vulnerability allows attackers to bypass authorization controls and manipulate the application’s database.
A separate advisory for Siemens TeleControl Server Basic highlights a vulnerability CVE-2025-29931 (CVSS v3.1: 3.7) related to improper handling of length parameter inconsistency.
This flaw can result in a partial denial-of-service (DoS) condition if exploited in redundant server setups where the connection between servers is disrupted.
This advisory details an information exposure vulnerability CVE-2024-6407 (CVSS v3.1: 9.8) in the Wiser Home Controller WHC-5918A.
Exploitation could allow remote attackers to disclose sensitive credentials by sending specially crafted messages to the device.
ABB MV Drives are affected by a series of vulnerabilities in the CODESYS Runtime System, including improper restriction of operations within memory buffers, improper input validation, and out-of-bounds write conditions.
These vulnerabilities could allow attackers to gain full access or cause a denial-of-service.
This advisory, updated in April, addresses an incorrect calculation of buffer size vulnerability tracked as CVE-2024-11425 (CVSS v3.1: 7.5) in Schneider Electric Modicon M580 PLCs, BMENOR2200H, and EVLink Pro AC devices. Exploitation could result in denial-of-service via crafted HTTPS packets.
These vulnerabilities could allow attackers to slip maliciously crafted packets through unpatched firmware, potentially disrupting critical automation processes in manufacturing, energy, and transportation sectors.
CISA emphasizes several key recommendations for organizations utilizing affected systems:
Organizations utilizing any of the affected components should prioritize security updates according to their risk assessment protocols and implement recommended mitigations without delay.
The post CISA Releases Five Advisories Covering ICS Vulnerabilities & Exploits appeared first on Cyber Security News.
The post HPA Tech Retreat Honors First Class Of Expanded Awards Program Winners appeared first…
The post Meta To Create New Applied AI Engineering Organization appeared first on TV News…
DHD, a provider of digital audio studio equipment for broadcasters and media organizations, is expanding…
Griffin Media’s flagship stations, KWTV Oklahoma City and KOTV Tulsa, Okla., have transformed their news…
Marshall Electronics, a provider of high-quality and reliable video, audio and multimedia systems for broadcast,…
The Lord of the Rings set for Magic: The Gathering feels like a distant memory,…
This website uses cookies.