Siemens has released 12 advisories covering 35 vulnerabilities. Based on CVSS scores, the most important advisory covers 11 flaws affecting the web server of SICAM P850 and P855 devices. One of these bugs is critical and it allows an unauthenticated attacker to execute arbitrary code or launch a denial-of-service (DoS) attack. The five high-severity vulnerabilities…

Tracked as CVE-20220-29972, the security hole was identified in the third-party Open Database Connectivity (ODBC) data connector used in Integration Runtime (IR) in the affected Azure services to connect to Amazon Redshift. A remote attacker could have exploited the flaw to execute arbitrary commands across the IR infrastructure, impacting multiple tenants, the tech giant explains….

AGCO designs, makes, and distributes agricultural machinery and precision technology, offering equipment under brands such as Challenger, Fendt, Massey Ferguson, and Valtra. On Friday, the company announced that it fell victim to a ransomware attack that impacted some production facilities. AGCO says it has launched an investigation into the incident and estimates that it might…

The vulnerabilities were disclosed at the Zero Day Initiative’s Pwn2Own Austin contest in November 2021, where participants earned more than $1 million for hacking routers, printers, smart spears, smartphones and network-attached storage (NAS) devices. The NAS exploits at Pwn2Own targeted WD devices, and they earned participants roughly $500,000. It turns out that at least half…

The security flaw, identified as CVE-2022-0540, is an authentication bypass issue that affects Seraph, the web authentication framework of Jira and Jira Service Management. A remote, unauthenticated attacker could exploit this vulnerability to bypass authentication and authorization by sending a specially crafted HTTP request. Many versions of Jira are affected, but the vendor noted that…

Apache Log4j vulnerabilities disclosed in December 2021, including the one tracked as Log4Shell, can allow attackers to remotely execute arbitrary code and take control of vulnerable systems. In response to these flaws, AWS released multiple hot patches – each suitable for a different environment, including servers, Kubernetes, Elastic Container Service (ECS) and Fargate – that…

Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use. DDS is integral in embedded systems that require real-time machine-to-machine communication, facilitating a reliable…