RMX Security CERT Global

• お知らせ：システムメンテナンスのお知らせ
  ... read more
• Deploying on the Edge
  Deploying cloud-centric technologies such as Kubernetes in edge environments poses challenges, especially for mission-critical defense systems. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Patrick Earl, ... read more
• Vulnérabilité dans Traefik (28 mai 2025)
  Une vulnérabilité a été découverte dans Traefik. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. ... read more
• Multiples vulnérabilités dans Curl (28 mai 2025)
  De multiples vulnérabilités ont été découvertes dans Curl. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité. ... read more
• Multiples vulnérabilités dans les produits Mozilla (28 mai 2025)
  De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service ... read more
• Multiples vulnérabilités dans Citrix et Xen (28 mai 2025)
  De multiples vulnérabilités ont été découvertes dans Citrix et Xen. Elles permettent à un attaquant de provoquer une élévation de privilèges. ... read more
• Threat Actors Target U.S. Critical Infrastructure with LummaC2 Malware
  Today, CISA and the Federal Bureau of Investigation released a joint Cybersecurity Advisory, LummaC2 Malware Targeting U.S. Critical Infrastructure Sectors. This advisory details the tactics, techniques, and procedures, and indicators ... read more
• Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations
  Summary The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint advisory to disseminate known tactics, techniques, and procedures (TTPs) and indicators ... read more
• A 5-Stage Process for Automated Testing and Delivery of Complex Software Systems
  Managing and maintaining deployments of complex software present engineers with a multitude of challenges including security vulnerabilities. ... read more
• Facing the cyber threat behind the headlines
  NCSC CEO urges all businesses to face the stark reality of the cyber threat they face, whether in the spotlight or not. ... read more
• Vulnérabilité dans Schneider Electric EcoStruxure Power Build Rapsody (21 mai 2025)
  Une vulnérabilité a été découverte dans Schneider Electric EcoStruxure Power Build Rapsody. Elle permet à un attaquant de provoquer une exécution de code arbitraire. ... read more
• Vulnérabilité dans Mitel OpenScapeXpressions (21 mai 2025)
  Une vulnérabilité a été découverte dans Mitel OpenScapeXpressions. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données. ... read more
• CISA Releases Thirteen Industrial Control Systems Advisories
  CISA released thirteen Industrial Control Systems (ICS) advisories on May 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-140-01 ABUP IoT Cloud ... read more
• Vertiv Liebert RDU101 and UNITY
  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vertiv Equipment: Liebert RDU101 and Liebert UNITY Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, ... read more
• ABUP IoT Cloud Platform
  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable remotely/Low attack complexity Vendor: ABUP Equipment: ABUP Internet of Things (IoT) Cloud Platform Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION ... read more
• Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products
  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Iconics Digital Solutions, Mitsubishi Electric Equipment: ICONICS Product Suite and Mitsubishi Electric MC Works64 Vulnerability: ... read more
• Danfoss AK-SM 8xxA Series
  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely Vendor: Danfoss Equipment: AK-SM 8xxA Series Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could enable ... read more
• Siemens Siveillance Video
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
• Schneider Electric Galaxy VS, Galaxy VL, Galaxy VXL
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Galaxy VS, Galaxy VL, Galaxy VXL Vulnerability: Missing Authentication for Critical Function 2. ... read more
• National Instruments Circuit Design Suite
  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: Circuit Design Suite Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Stack-based Buffer Overflow 2. RISK EVALUATION ... read more
• AutomationDirect MB-Gateway
  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: MB-Gateway Vulnerability: Missing Authentication For Critical Function 2. RISK EVALUATION Successful exploitation of this ... read more
• Schneider Electric PrismaSeT Active – Wireless Panel Server
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PrismaSeT Active - Wireless Panel Server Vulnerability: Buffer Copy without Checking Size of ... read more
• Assured Telematics Inc (ATI) Fleet Management System with Geotab Integration
  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Assured Telematics Inc. Equipment: Fleet Management System Vulnerabilities: Exposure of Sensitive System Information to an Unauthorized ... read more
• Schneider Electric Modicon Controllers
  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon Controllers M241/M251/M258/LMC058 Vulnerability: Externally Controlled Reference to a Resource in Another Sphere ... read more
• Multiples vulnérabilités dans les produits Nextcloud (16 mai 2025)
  De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données ... read more
• CISA Adds Three Known Exploited Vulnerabilities to Catalog
  CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.  CVE-2024-12987 DrayTek Vigor Routers OS Command Injection Vulnerability CVE-2025-4664 Google Chromium Loader Insufficient ... read more
• Siemens User Management Component (UMC)
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
• Schneider Electric EcoStruxure Power Build Rapsody
  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.6 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Build Rapsody Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of ... read more
• Siemens SIPROTEC and SICAM
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
• Siemens Mendix OIDC SSO
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
• Siemens VersiCharge AC Series EV Chargers
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
• Siemens SCALANCE LPE9403
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
• Siemens Teamcenter Visualization
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
• Siemens OZW Web Servers
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
• Siemens SIRIUS 3SK2 Safety Relays and 3RK3 Modular Safety Systems
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
• Siemens RUGGEDCOM APE1808 Devices
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
• Siemens RUGGEDCOM ROX II
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
• Siemens Polarion
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
• Siemens IPC RS-828A
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
• ECOVACS DEEBOT Vacuum and Base Station
  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: ECOVACS Equipment: DEEBOT Vacuum and Base Station Vulnerabilities: Use of Hard-coded Cryptographic Key, Download of Code ... read more
• Siemens INTRALOG WMS
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
• +F FS010M vulnerable to OS command injection
  +F FS010M provided by FUJI SOFT INCORPORATED contains an OS command injection vulnerability. ... read more
• How the NCSC thinks about security architecture
  Richard C explains how an understanding of vulnerabilities - and their exploitation - informs how the NCSC assesses the security of computer systems. ... read more
• Multiples vulnérabilités dans Microsoft Windows (12 mars 2025)
  De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et ... read more
• CISA Adds Four Known Exploited Vulnerabilities to Catalog
  CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50302 Linux Kernel Use of Uninitialized Resource Vulnerability CVE-2025-22225 VMware ESXi Arbitrary Write Vulnerability CVE-2025-22224 VMware ... read more
• Multiples vulnérabilités dans Google Android (04 mars 2025)
  De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et ... read more
• NCSC For Startups: from HP Labs to Configured Things
  Simon Arnell, co-founder of Configured Things, describes how the NCSC For Startups programme helped the company solve an intelligence community challenge. ... read more
• Detection and Repair: The Cost of Remediation
  This year, we plan on making some exciting updates to the SEI CERT C Coding Standard. This blog post is about one of our ideas for improving the standard. ... read more
• CISA Adds Five Known Exploited Vulnerabilities to Catalog
  CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20118 Cisco Small Business RV Series Routers Command Injection Vulnerability CVE-2022-43939 Hitachi Vantara Pentaho BA ... read more
• Improving Machine Learning Test and Evaluation with MLTE
  Machine learning (ML) models commonly experience issues when integrated into production systems. In this podcast, researchers from the Carnegie Mellon University Software Engineering Institute and the U.S. Army AI Integration ... read more