Cisco Releases Security Updates for Multiple Products

09/30/2022 12:17 PM EDT

Original release date: September 30, 2022

Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the advisories and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Six Industrial Control Systems Advisories

09/28/2022 12:52 PM EDT

Original release date: September 28, 2022 | Last revised: September 29, 2022

CISA has released six (6) Industrial Control Systems (ICS) advisories on September 29, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. 

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Three Industrial Control Systems Advisories

09/26/2022 02:16 PM EDT

Original release date: September 26, 2022 | Last revised: September 27, 2022

CISA has released three (3) Industrial Control Systems (ICS) advisories on September 27th, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:

•    ICSA-22-270-01 Hitachi Energy AFS
•    ICSA-22-270-02 Hitachi Energy APM Edge
•    ICSA-22-270-03 Rockwell Automation ThinManager ThinServer

This product is provided subject to this Notification and this Privacy & Use policy.

ISC Releases Security Advisories for Multiple Versions of BIND 9

09/22/2022 10:30 AM EDT

Original release date: September 22, 2022

The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. For advisories addressing lower severity vulnerabilities, see the BIND 9 Security Vulnerability Matrix
 
CISA encourages users and administrators to review the following ISC advisories CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, and CVE-2022-38178 and apply the necessary mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products

07/07/2022 11:00 AM EDT

Original release date: July 7, 2022

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report

06/22/2022 10:00 AM EDT

Original release date: June 22, 2022

CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution via native functionality.

CISA has released five corresponding Industrial Controls Systems Advisories (ICSAs) currently to provide notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.  

CISA encourages users and administrators to review the OT:ICEFALL report as well as the following ICSAs for technical details and mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

F5 Releases Security Advisories Addressing Multiple Vulnerabilities

05/04/2022 01:02 PM EDT

Original release date: May 4, 2022

F5 has released security advisories on vulnerabilities affecting multiple products, including various versions of BIG-IP. Included in the release is an advisory for CVE-2022-1388, which allows undisclosed requests to bypass the iControl REST authentication in BIG-IP. An attacker could exploit CVE-2022-1388 to take control of an affected system.

CISA encourages users and administrators to review the F5 webpage, Overview of F5 vulnerabilities (May 2022), and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products

04/21/2022 06:28 AM EDT

Original release date: April 21, 2022

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Security Advisories for Rockwell Automation Products

03/31/2022 01:27 PM EDT

Original release date: March 31, 2022

CISA has released two Industrial Controls Systems Advisories (ICSAs) detailing vulnerabilities in Rockwell Automation products. An attacker could exploit these vulnerabilities to inject code on affected system. 
 
CISA encourages users and administrators to review ICSA-22-090-05: Rockwell Automation Logix Controllers and ICSA-22-090-07: Rockwell Automation Studio 5000 Logix Designer for more information and to apply the necessary mitigations and detection method.  

This product is provided subject to this Notification and this Privacy & Use policy.

ISC Releases Security Advisories for BIND

03/17/2022 01:30 PM EDT

Original release date: March 17, 2022

The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review the following ISC advisories and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.