One Article Review
| Source |  Cyble |
|---|---|
| Identifiant | 8648991 |
| Date de publication | 2025-02-19 12:18:54 (vue: 2025-02-19 13:08:07) |
| Titre | CISA Updates Industrial Control Systems Advisories and Adds New Vulnerabilities to Catalog |
| Texte | 
Overview
The Cybersecurity and Infrastructure Security Agency (CISA) has announced updates to its Industrial Control Systems (ICS) advisories, along with the addition of two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. On February 18, 2025, CISA published two updated advisories detailing critical vulnerabilities found in industrial control systems. These advisories are vital for system administrators and users working with ICS to address security concerns and take necessary actions to mitigate the associated risks.
ICSA-24-191-01: Delta Electronics CNCSoft-G2 (Update A)
Delta Electronics\' CNCSoft-G2, a human-machine interface (HMI) software, has been found to have multiple vulnerabilities that could be exploited by remote attackers. These vulnerabilities, which include buffer overflows and out-of-bounds writes, can lead to remote code execution. The specific versions affected include CNCSoft-G2 Version 2.0.0.5, as well as older versions like 2.1.0.10 and 2.1.0.16.
The vulnerabilities are as follows:
Stack-based Buffer Overflow (CVE-2024-39880)
Out-of-bounds Write (CVE-2024-39881)
Out-of-bounds Read (CVE-2024-39882)
Heap-based Buffer Overflow (CVE-2024-39883, CVE-2025-22880, CVE-2024-12858)
|
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | the 0108: 0108 011 013 014 017 01: 01 02: 02 035 1024x512 12858 191 2024 2025 22880 24478 300x150 39880 39881 39882 39883 53704: 53704 5380 5580 access acting actions added addition address addressed addresses adds administrators advanced advises advisories advisories/icsa advisories affected affecting affects agency all allow allows along also alto announced another apply arbitrary are assigned associated attacker attackers authentication automation availability avoiding based been behind best better bounds breaches buffer businesses bypass can caption= carry catalog catalog catalog cause causing cip cisa cncsoft code com/wp compact components compromising concerns conclusion condition conditions confidentiality content/uploads/2025/02/vulnerabilities context control controls corruption could critical cve cvss cyberattacks cybercriminals cybersecurity cyble data delta denial detailing detection disrupt does dos earlier electronics enables encouraged enhances events/alerts/2025/02/18/cisa events/ics exceptional execute execution exists exploitation exploited faults features february file= firewalls flaw flaws follow following follows: found from gain gov/news guardlogix handling hard has have heap helps high higher highlight hmi https://cyble https://www human ics icsa id=cve identified image impact: improper include including indicating industrial infrastructure integrating integrity interface internal internet issues its jeopardizing jpg kev known large later latest lead leveraging like links machine major malicious management manufacturing mechanisms medium memory mitigate mitigation: more multiple must necessary need network networks new non not object older operations org/cverecord organizations out overflow overflows overview palo pan patched patches placing pose potentially practices privileged process processes products protect protected published range read recommends reduce references reflecting related releases rely remote requests restrict restricting risk risks robust rockwell run score sectors secure security send service severity sil software solutions sonicos sonicwall specific sslvpn stack stay subject successful such supplied system systems take targeting task thereby these threat threats title= tools trusted two unauthenticated unauthorized untrusted update updated updates updating upgrade urgent used user users using v33 v34 v35 v36 validation version versions vision vital vulnerabilities vulnerability vulnerability web well which widely working write writes |
| Tags | Tool Vulnerability Threat Industrial |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.