Critical Vulnerabilities in Veeam Backup & Replication
06 September 2024 On 04 September 2024, Veeam published several, in parts critical vulnerabilities related to their Veeam Backup & Replication data backup solution. All Veeam Backup & Replication versions <= 12.1.2.172 are affected. The security gaps have been closed with the current version 12.2.0.334 of Veeam Backup & Replication. For further details, please refer […]
Continue reading VIVAVIS – HIGH-LEIT RCE Vulnerability CVE-2024-38456
2024-09-02 In the course of a penetration test, Schutzwerk GmbH have discovered an RCE vulnerability in the HIGH-LEIT SCADA system from VIVAVIS. This vulnerability enables logged-on, non-privileged users of HIGH-LEIT to execute any given code with local system rights. To exploit this vulnerability, the “HL-InstallService” Windows service must be actively running. The following HIGH-LEIT versions […]
Continue reading RDL vulnerability in Microsoft Server closed – CVE-2024-38077
On 9th August 2024, a vulnerability was published in the ‘Remote Desktop Licensing’ role service that allows unauthenticated attackers to remotely execute arbitrary code in the context of the service using a buffer overflow. Microsoft closed the vulnerability on Patchday July 2024 and rated the vulnerability as ‘high’ (CVSS score 9.8), but considers exploitation to […]
Continue reading Warning about Microsoft security updates May 2024
May 17, 2024 On May 14, 2024, Microsoft rolled out the security update KB5037765 for Windows Server 2019 and Windows 10 as part of the monthly patchday. The security updates from the May Patchday fail on many “Windows Server 2019” systems with error number “0x800f0982”. There are also reports of installation errors for the KB5037765 […]
Continue reading Cisco – Several vulnerabilities in ASA und Firepower FTD Software
2024-04-25 Cisco published the following three vulnerabilities for the Cisco Adaptive Security Appliance (ASA) software and the Cisco Firepower Threat Defense (FTD) software on 24.04.2024: – CVE-2024-20359 / CVSS: 6.0 – CVE-2024-20353 / CVSS: 8.6 – CVE-2024-20358 / CVSS: 6.0 Cisco has confirmed that the vulnerabilities CVE-2024-20359 and CVE-2024-20353 are already being exploited and strongly […]
Continue reading Backdoor in upstream xz/liblzma in various LINUX/SOLARIS distributions – CVE-2024-3094
2024-02-04 In the upstream of the pack program “xz”, concerning the library “liblzma” in versions 5.6.x, a high-risk vulnerability has been actively introduced, which is used in various LINUX/SOLARIS distributions. This allows the authentication function of OpenSSH to be specifically forwarded to malicious code and enables direct access to the system. Our checks have shown […]
Continue reading Paessler closes XSS vulnerability in PRTG – CVE-2023-51630 – Correction
2024-01-16 Paessler has closed the high-risk vulnerability CVE-2023-51630 in the network monitoring solution PRTG. The XSS vulnerability allows a remote attacker to bypass authentication and take over the session of an active user. Paessler has closed the vulnerability with the new PRTG version 24.1.90.1306 and published further details on https://www.paessler.com/prtg/history/stable. Although the vulnerability can only […]
Continue reading Paessler closes XSS vulnerability in PRTG – CVE-2023-51630
2024-01-16 Paessler has closed the high-risk vulnerability CVE-2023-51630 in the network monitoring solution PRTG. The XSS vulnerability allows a remote attacker to bypass authentication and take over the session of an active user. Paessler has closed the vulnerability with the new PRTG version 23.4.90.1299 and published further details on https://www.paessler.com/prtg/history/stable. Although the vulnerability can only […]
Continue reading Critical vulnerability fixed in Trend Micro Worry-Free Business Security
2023-09-21 Trend Micro has fixed the critical vulnerability CVE-2023-41179 in their Worry-Free Business Security solution and provides patch 2495 for version 10.0 SP1. Trend Micro publishes further details in this security bulletin. The Trend Micro Worry-Free Business Security instances delivered by VIVAVIS are operated in a secure network segment that is largely separated from the […]
Continue reading Meinberg fixes several vulnerabilities in LANTIME Firmware – MBGSA-2023.04
2023-08-17 Meinberg has released a new firmware version for the LANTIME M and LANTIME IMS series NTP time servers to close several vulnerabilities. Two of the 12 vulnerabilities are rated with a severity level high. The latest version is 7.08.002. For more information on vulnerabilities CVE-2023-2650, CVE-2023-29491, CVE-2023-28322, CVE-2023-28321, CVE-2023-28320, CVE-2023-28319, CVE-2023-1667, CVE-2023-2283, CVE-2023-0361, and […]
Continue reading Meinberg fixes several Vulnerabilities in LANTIME Firmware – MBGSA-2023.02b
23/03/2023 Update Security Advisory MBGSA-2023.02 has been updated by the vendor. Another not yet CVE-registered vulnerability was closed in the LTOS web interface. Since the vulnerability can only be exploited by privileged super users, Meinberg rates the severity as low, but recommends an update to firmware version 7.06.013, see updated Meinberg Advisory. 14/03/2023 Meinberg have […]
Continue reading Network topology and geospatial network visualization as major enhancements to an existing system – Learn more about the story behind
Netze BW GmbH, located in Stuttgart, Germany, operates the gas supply of the whole region Mittlerer Neckar. The overall length of the network is 6000km and comprises all pressure levels from high pressure (3 to 60 bar) to low pressure. The gas network of EnBW supplies gas to 240 municipalities and communities as well as […]
Continue reading
