Sunday, November 24, 2024
Cybersecurity

Zoho Devices Face a New Flaw and CISA Releases Several Important Patches

Unpatched Zoho Devices

by Artie Kaye

A proof of concept exploit will be made public soon regarding a vulnerability that was patched last year in many Zoho ManageEngine products. The remote code execution flaw does not require authentication to use. As with all instances of security holes being made known to the public an increase of attacks will follow shortly after. If you are using any of the programs listed in the first link below, patch them at your soonest availability.

The flaw is listed as CVE-2022-47966.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)


CISA Advises Patching Flaws in ICS

by Artie Kaye

Vulnerabilities in various industrial control systems are outlined by CISA with mitigations and solutions. The items below are companies and their respective devices which can be patched. Due to the high severity of the flaws, it is recommended patching as soon as possible.

GE
Proficy Historian

Mitsubishi
Electric MELSEC iQ-F, iQ-R Series

Siemens
SINEC INS
S7-1500 CPU devices
Mendix SAML Module
Automation License Manager
Solid Edge before V2023 MP1

Contec
CONPROSYS HMI System (CHS) (Update A)

Sewio
RTLS Studio

RONDS
Equipment Predictive Maintenance Solution

InHand
Networks InRouter

Panasonic
Sanyo CCTV Network Camera

SAUTER
Controls Nova 200 – 220 Series (PLC 6)

Johnson
Controls Metasys

Hitachi
Energy Lumada APM

Philips
Patient Information Center iX (PIC iX) and Efficia CM Series (Update A)

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)