All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories.

Over a Dozen Flaws Found in Siemens’ Industrial Network Management System

Cybersecurity researchers have disclosed details of 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems, reports The Hacker News.

ANDREW SWOBODA | Senior Security Researcher at Tripwire

15 vulnerabilities have been discovered in the Siemens SINEC network management system. Several of these vulnerabilities could be used to gain code execution on a vulnerable system. The vulnerabilities in question are tracked as CVE-2021-33722 through CVE-2021-33736. Siemens has provided an update for vulnerable systems, version V1.0 SP2 Update 1 was released on October 12, 2021.

Cisco will not address critical RCE in end-of-life Small Business RV routers

Cisco announced that it will not release updates to fix the CVE-2022-20825 flaw in end-of-life Small Business RV routers, notes Security Affairs. Instead, the company encourages upgrading to newer models.

ANDREW SWOBODA | Senior Security Researcher at Tripwire

Certain Cisco Small Business RV routers are subject to a code execute/denial of service vulnerability. This vulnerability requires that remote management is enabled on WAN connections. This vulnerability exists because of improper validation of user input. An attacker could potentially execute code or cause denial of service conditions. Successful code execution provides an attacker with root-level privileges.

WordPress Update Millions of Sites to patch a Critical Vulnerability Affecting the Ninja Forms Plugin

Content management system (CMS) provider WordPress has forcibly updated over a million sites in order to patch a (Read more...)