CISA released three Industrial Control Systems (ICS) advisories on March 6, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-065-01 Hitachi Energy PCU400 ICSA-25-065-02 Hitachi Energy Relion 670/650/SAM600-IO ICSA-25-037-02 Schneider Electric EcoStruxure (Update A) CISA encourages users and…
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50302 Linux Kernel Use of Uninitialized Resource Vulnerability CVE-2025-22225 VMware ESXi Arbitrary Write Vulnerability CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability CVE-2025-22226 VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability…
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20118 Cisco Small Business RV Series Routers Command Injection Vulnerability CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability CVE-2018-8639 Microsoft Windows…
CISA released two Industrial Control Systems (ICS) advisories on February 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-056-01 Rockwell Automation PowerFlex 755 ICSMA-25-030-01 Contec Health CMS8000 Patient Monitor (Update A) CISA encourages users and administrators to…
CISA released two Industrial Control Systems (ICS) advisories on February 27, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-058-01 Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers ICSMA-25-058-01 Dario Health USB-C Blood Glucose Monitoring System…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability Users and administrators are also encouraged to review the Palo Alto Threat…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-23209 Craft CMS Code Injection Vulnerability CVE-2025-0111 Palo Alto Networks PAN-OS File Read Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise….
