Zoho Devices Face a New Flaw and CISA Releases Several Important Patches
Unpatched Zoho Devices
by Artie Kaye
A proof of concept exploit will be made public soon regarding a vulnerability that was patched last year in many Zoho ManageEngine products. The remote code execution flaw does not require authentication to use. As with all instances of security holes being made known to the public an increase of attacks will follow shortly after. If you are using any of the programs listed in the first link below, patch them at your soonest availability.
The flaw is listed as CVE-2022-47966.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
CISA Advises Patching Flaws in ICS
by Artie Kaye
Vulnerabilities in various industrial control systems are outlined by CISA with mitigations and solutions. The items below are companies and their respective devices which can be patched. Due to the high severity of the flaws, it is recommended patching as soon as possible.
GE
Proficy Historian
Mitsubishi
Electric MELSEC iQ-F, iQ-R Series
Siemens
SINEC INS
S7-1500 CPU devices
Mendix SAML Module
Automation License Manager
Solid Edge before V2023 MP1
Contec
CONPROSYS HMI System (CHS) (Update A)
Sewio
RTLS Studio
RONDS
Equipment Predictive Maintenance Solution
InHand
Networks InRouter
Panasonic
Sanyo CCTV Network Camera
SAUTER
Controls Nova 200 – 220 Series (PLC 6)
Johnson
Controls Metasys
Hitachi
Energy Lumada APM
Philips
Patient Information Center iX (PIC iX) and Efficia CM Series (Update A)
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)