This vulnerability, tracked as CVE-2024-48510, has a CVSS v4 score of 9.3. Siemens has released updates for SiPass Integrated and recommends users upgrade to versions V2.90.3.19 or V2.95.3.15 and later. This vulnerability, identified as CVE-2025-1265, has a CVSS v4 score of 9.4. Users are advised to update their systems to version 3.2.3.19 or later to mitigate the risk. This flaw, assigned CVE-2025-0352, allows attackers to manipulate API requests and access other users’ information with a CVSS v4 score of 8.7. The vendor has patched this issue on their end, requiring no user action. These advisories highlight critical vulnerabilities in ICS products from major vendors such ABB, Carrier, Siemens and Mitsubishi Electric, providing technical details, potential risks, and recommended mitigations to safeguard critical infrastructure. With a CVSS v4 score of 5.7, Medixant advises users to download version 2025.1 or later for enhanced security. This flaw, with a CVSS v4 severity score of 9.3, could allow unauthorized access to the affected systems. These vulnerabilities collectively have a maximum CVSS v4 score of 10.0 and could enable remote code execution, unauthorized HTTPS requests, and sensitive data exposure. This flaw, tracked as CVE–2024–7316, has a CVSS v4 score of 8.2 and could disrupt operations in numerical control systems (CNC). CISA encourages organizations using these products to review the technical details provided and implement recommended mitigations promptly to protect their systems from potential exploitation. This vulnerability (CVE–2025–1001) could allow attackers to alter network traffic and conduct machine-in-the-middle (MITM) attacks due to the failure of the update mechanism to verify server certificates properly. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 21 Feb 2025 07:50:14 +0000