Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories.
Over a Dozen Flaws Found in Siemens’ Industrial Network Management System
Cybersecurity researchers have disclosed details of 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems, reports The Hacker News.
ANDREW SWOBODA | Senior Security Researcher at Tripwire
15 vulnerabilities have been discovered in the Siemens SINEC network management system. Several of these vulnerabilities could be used to gain code execution on a vulnerable system. The vulnerabilities in question are tracked as CVE-2021-33722 through CVE-2021-33736. Siemens has provided an update for vulnerable systems, version V1.0 SP2 Update 1 was released on October 12, 2021.
Cisco will not address critical RCE in end-of-life Small Business RV routers
Cisco announced that it will not release updates to fix the CVE-2022-20825 flaw in end-of-life Small Business RV routers, notes Security Affairs. Instead, the company encourages upgrading to newer models.
ANDREW SWOBODA | Senior Security Researcher at Tripwire
Certain Cisco Small Business RV routers are subject to a code execute/denial of service vulnerability. This vulnerability requires that remote management is enabled on WAN connections. This vulnerability exists because of improper validation of user input. An attacker could potentially execute code or cause denial of service conditions. Successful code execution provides an attacker with root-level privileges.
WordPress Update Millions of Sites to patch a Critical Vulnerability Affecting the Ninja Forms Plugin
Content management system (CMS) provider WordPress has forcibly updated over a million sites in order to patch a (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Andrew Swoboda. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-news/vert-cybersecurity-news-june-20-2022/