โพสต์ถูกสร้างโดย NCSA

NCSA_THAICERT

Cybersecurity and Infrastructure Security Agency (CISA) ได้เผยแพร่คำแนะนำเกี่ยวกับระบบควบคุมอุตสาหกรรม(ICS) 20 รายการ เมื่อวันที่ 13 มิถุนายน 2567 คำแนะนำเหล่านี้ให้ข้อมูลที่ทันท่วงทีเกี่ยวกับปัญหาด้านความปลอดภัยช่องโหว่ และช่องโหว่ที่อยู่รอบ ๆ ICS ในปัจจุบัน มีดังต่อไปนี้

ICSA-24-165-01 Siemens Mendix Applications
ICSA-24-165-02 Siemens SIMATIC S7-200 SMART Devices
ICSA-24-165-03 Siemens TIA Administrator
ICSA-24-165-04 Siemens ST7 ScadaConnect
ICSA-24-165-05 Siemens SITOP UPS1600
ICSA-24-165-06 Siemens TIM 1531 IRC
ICSA-24-165-07 Siemens PowerSys
ICSA-24-165-08 Siemens Teamcenter Visualization and JT2Go
ICSA-24-165-09 Siemens SICAM AK3/BC/TM
ICSA-24-165-10 Siemens SIMATIC and SIPLUS
ICSA-24-165-11 Siemens SCALANCE XM-400, XR-500
ICSA-24-165-12 Siemens SCALANCE W700
ICSA-24-165-13 Siemens SINEC Traffic Analyzer
ICSA-24-165-14 Fuji Electric Tellus Lite V-Simulator
ICSA-24-165-16 Rockwell Automation FactoryTalk View SE
ICSA-24-165-17 Rockwell Automation FactoryTalk View SE
ICSA-24-165-18 Rockwell Automation FactoryTalk View SE
ICSA-24-165-19 Motorola Solutions Vigilant License Plate Readers
ICSA-24-074-14 Mitsubishi Electric MELSEC-Q/L Series (Update B)
ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update G)

ทั้งนี้ CISA สนับสนุนให้ผู้ใช้และผู้ดูแลระบบตรวจสอบคำแนะนำ ICS ที่เผยแพร่ใหม่สำหรับรายละเอียดทางเทคนิคและการบรรเทาผลกระทบ รายละเอียดเพิ่มเติมที่ https://www.cisa.gov/news-events/alerts/2024/06/13/cisa-releases-twenty-industrial-control-systems-advisories

อ้างอิง
https://www.cisa.gov/news-events/alerts/2024/06/13/cisa-releases-twenty-industrial-control-systems-advisories

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

Microsoft has unveiled a new cybersecurity program to support hospitals serving more than 60 million people living in rural America. In 2023, the healthcare sector reported more ransomware attacks than any other critical infrastructure sector and attacks involving ransomware against the healthcare sector were up nearly 130%. Cybersecurity attacks disrupt health care operations across the country and pose a direct threat to patient care and essential operations of hospitals. In rural communities these attacks can be devastating, particularly to smaller, independent Critical Access and Rural Emergency hospitals with limited means to prevent and remediate security risks and often the only healthcare option for many miles in the communities they serve. According to the National Rural Health Association, rural health clinics are one of the top targets for cyberattacks. The new Microsoft Cybersecurity Program for Rural Hospitals is designed to support the unique cybersecurity needs of these organizations. It will deliver free and low-cost technology services for these hospitals, along with free training and support. “Healthcare should be available no matter where you call home, and the rise in cyberattacks threatens the viability of rural hospitals and impact communities across the U.S.,” said Justin Spelhaug, corporate VP, Microsoft Philanthropies. “Microsoft is committed to delivering vital technology security and support at a time when these rural hospitals need them most.” For independent Critical Access Hospitals and Rural Emergency Hospitals, Microsoft will provide nonprofit pricing and discounts for its security products optimized for smaller organizations, providing up to a 75% discount. And for some larger rural hospitals already using eligible Microsoft solutions, the company will provide its most advanced security suite at no cost for one year. As part of the new program, the company also provides Windows 10 security updates to participating rural hospitals for at least one year at no additional cost. Microsoft will also provide free cybersecurity assessments through Microsoft and its trusted partners to evaluate risks and gaps and offer free cybersecurity training to staff in rural hospitals to help them better manage the day-to-day security of their systems.

ที่มาแหล่งข่าว
https://www.helpnetsecurity.com/2024/06/12/microsoft-launches-cybersecurity-program-to-tackle-attacks-protect-rural-hospitals/

NCSA_THAICERT

The City of Cleveland, Ohio, is currently dealing with a cyberattack that has forced it to take citizen-facing services offline, including the public offices and facilities at Erieview and the City Hall. With a metropolitan area population of over 2 million people, Cleveland is a vital healthcare, manufacturing, finance, logistics, education, and technological hub and the most significant economic center in Ohio. The disruption was first disclosed yesterday when the City's authorities warned that public services were reduced to essential operations due to a cyber incident. A status update provided earlier today via a thread on X explains that the incident is still being investigated with the help of third-party experts. At the same time, the City Hall and Erieview will remain closed for a second day. The investigation so far has confirmed that taxpayer information held by the CAA and custom information held by public utility services was not accessed by the hackers. The update also notes that essential services concerning emergency services (911, police, fire), works, utilities, healthcare (EMS), and airport travel (Cleveland Hopkins and Burke Lakefront) have not been impacted by the cyber incident. The City's authorities promised to provide updates as soon as the ongoing investigation produced results, and concerned citizens are advised to call 311 for more information. At the time of writing, no ransomware groups have claimed responsibility for the attack on the City of Cleveland, and it is unclear what exactly has happened. Local media reported that Mayor Justin Bibb referred to the incident as a breach, while the City's IT commissioner, Kim Roy Wilson, stated that they had detected abnormal activity in the City's IT environment. Wilson told the media that it's essential to withhold details at this point so as not to risk hampering the ongoing investigation. The commissioner also stated that citizens needing critical documents or other services from impacted departments must be patient.

ที่มาแหล่งข่าว
https://www.bleepingcomputer.com/news/security/london-hospitals-face-blood-shortage-after-synnovis-ransomware-attack/

NCSA_THAICERT

Industrial Sector

ICS Patch Tuesday: Advisories Published By Siemens, Schneider Electric, Aveva, CISA
"Several ICS vendors released advisories on Tuesday to inform customers about vulnerabilities found in their industrial and OT products."
https://www.securityweek.com/ics-patch-tuesday-advisories-published-by-siemens-schneider-electric-aveva-cisa/
NIST Publishes Draft OT Cybersecurity Guide For Water Sector
"Networked control systems in municipal water systems are inescapable even for the localities that would prefer otherwise. New equipment with default remote access and an over-stretched repair workforce mean cutting off municipal water systems from the internet isn't a real option."
https://www.bankinfosecurity.com/nist-publishes-draft-ot-cybersecurity-guide-for-water-sector-a-25505
https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/securing-water-and-wastewater-utilities-project-description-final.pdf
Rockwell's ICS Directive Comes As Critical Infrastructure Risk Peaks
"Citing "heightened geopolitical tensions and adversarial cyber activity globally," industrial control systems (ICS) giant Rockwell Automation last month took the unusual step of telling its customers to disconnect their gear from the Internet. The move showcases not just growing cyber risk to critical infrastructure, but the unique challenges that security teams face in the sector, experts say."
https://www.darkreading.com/ics-ot-security/rockwell-ics-directive-critical-infrastructure-risk-peaks

Vulnerabilities

Google Warns Of Actively Exploited Pixel Firmware Zero-Day
"Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day. Tracked as CVE-2024-32896, this elevation of privilege (EoP) flaw in the Pixel firmware has been rated a high-severity security issue. "There are indications that CVE-2024-32896 may be under limited, targeted exploitation," the company warned this Tuesday."
https://www.bleepingcomputer.com/news/security/google-warns-of-actively-exploited-pixel-firmware-zero-day/
https://source.android.com/docs/security/bulletin/pixel/2024-06-01
https://www.securityweek.com/google-warns-of-pixel-firmware-zero-day-under-limited-targeted-exploitation/
Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities
"Google and Mozilla on Tuesday announced the release of Chrome 126 and Firefox 127 to the stable channel with patches for multiple high-severity memory safety vulnerabilities. Chrome 126 includes 21 security fixes, including 18 for defects reported by external researchers. The reporting researchers, Google notes in its advisory, received over $160,000 in bug bounty rewards for their findings."
https://www.securityweek.com/chrome-126-firefox-127-patch-high-severity-vulnerabilities/
CISA Adds Two Known Exploited Vulnerabilities To Catalog
"CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-4610 ARM Mali GPU Kernel Driver Use-After-Free Vulnerability
CVE-2024-4577 PHP-CGI OS Command Injection Vulnerability"
https://www.cisa.gov/news-events/alerts/2024/06/12/cisa-adds-two-known-exploited-vulnerabilities-catalog
https://securityaffairs.com/164488/hacking/cisa-adds-arm-mali-gpu-kernel-driver-php-bugs-to-its-known-exploited-vulnerabilities-catalog.html

Malware

Attacks Against Linux SSH Services Detected By AhnLab EDR
"Secure SHell (SSH) is a standard protocol for secure terminal connections and is generally used for controlling remote Linux systems. Unlike Windows OS that individual users use for desktops, Linux systems mainly fulfill the role of servers providing web, database, FTP, DNS, and other services. Of course, Windows also supports these services as a server."
https://asec.ahnlab.com/en/66695/
Bondnet Using Miner Bots As C2
"Bondnet first became known to the public in an analysis report published by GuardiCore in 20171 and Bondnet’s backdoor was covered in an analysis report on XMRig miner targeting SQL servers released by DFIR Report in 20222. There has not been any information on the Bondnet threat actor’s activities thereon, but it was confirmed that they had continued their attacks until recent times."
https://asec.ahnlab.com/en/66662/
Phone Scammers Impersonating CISA Employees
"Impersonation scams are on the rise and often use the names and titles of government employees. The Cybersecurity and Infrastructure Security Agency (CISA) is aware of recent impersonation scammers claiming to represent the agency. As a reminder, CISA staff will never contact you with a request to wire money, cash, cryptocurrency, or use gift cards and will never instruct you to keep the discussion secret."
https://www.cisa.gov/news-events/alerts/2024/06/12/phone-scammers-impersonating-cisa-employees
https://www.bleepingcomputer.com/news/security/cisa-warns-of-criminals-impersonating-its-employees-in-phone-calls/
https://www.bankinfosecurity.com/fraudsters-impersonate-cisa-in-money-scams-a-25501
New Phishing Toolkit Uses PWAs To Steal Login Credentials
"A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials. A PWA is a web-based app created using HTML, CSS, and JavaScript that can be installed from a website like a regular desktop application. Once installed, the operating system will create a PWA shortcut and add it to Add or Remove Programs in Windows and under the /Users//Applications/ folder in macOS."
https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-uses-pwas-to-steal-login-credentials/
Ransomware Attackers May Have Used Privilege Escalation Vulnerability As Zero-Day
"The Cardinal cybercrime group (aka Storm-1811, UNC4393), which operates the Black Basta ransomware, may have been exploiting a recently patched Windows privilege escalation vulnerability as a zero-day. The vulnerability (CVE-2024-26169) occurs in the Windows Error Reporting Service. If exploited on affected systems, it can permit an attacker to elevate their privileges. The vulnerability was patched on March 12, 2024, and, at the time, Microsoft said there was no evidence of its exploitation in the wild. However, analysis of an exploit tool deployed in recent attacks revealed evidence that it could have been compiled prior to patching, meaning at least one group may have been exploiting the vulnerability as a zero-day."
https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day
https://thehackernews.com/2024/06/black-basta-ransomware-may-have.html
https://therecord.media/black-basta-ransomware-zero-day-windows
https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-linked-to-windows-zero-day-attacks/
https://www.securityweek.com/ransomware-group-may-have-exploited-windows-vulnerability-as-zero-day/
https://www.theregister.com/2024/06/12/black_basta_ransomware_windows/
Search & Spoof: Abuse Of Windows Search To Redirect To Malware
"Trustwave SpiderLabs has detected a sophisticated malware campaign that leverages the Windows search functionality embedded in HTML code to deploy malware. We found the threat actors utilizing a sophisticated understanding of system vulnerabilities and user behaviors. Let’s break down the HTML and the Windows search code to better understand their roles in the attack chain."
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/search-spoof-abuse-of-windows-search-to-redirect-to-malware/
https://www.bleepingcomputer.com/news/security/phishing-emails-abuse-windows-search-protocol-to-push-malicious-scripts/
The Evolution Of QR Code Phishing: ASCII-Based QR Codes
"Quishing—QR code phishing—is a rapidly evolving threat. Starting around August, when we saw the first rapid increase, we’ve also seen a change in the type of QR code attacks. It started with standard MFA authentication requests. It then evolved to conditional routing and custom targeting. Now, we’re seeing another evolution, into the manipulation of QR codes."
https://blog.checkpoint.com/harmony-email/the-evolution-of-qr-code-phishing-ascii-based-qr-codes/
STR RAT – Phishing Malware Baseline
"STR RAT is a remote access trojan (RAT) written in Java that was first seen in 2020. Like other RATs, it gives threat actors full control when it is successfully installed onto a machine. STR RAT is capable of keylogging, stealing credentials, and even delivering additional malicious payloads. The malware receives a version update every year, on average. These updates correlate with the renewed use of STR RAT by threat actors. Currently, 60% of the STR RAT samples that Cofense analyzed from January 2023 to April 2024 are delivered directly to the email as opposed to an embedded link."
https://cofense.com/blog/str-rat-phishing-malware-baseline/
Worldwide Web: An Analysis Of Tactics And Techniques Attributed To Scattered Spider
"In early 2024, we identified a current affiliate of the RansomHub RaaS group as a former Alphv/Black Cat affiliate. We assess with high confidence that the same affiliate is a present or former affiliate of the Scattered Spider threat group, also tracked as UNC3944, Muddled Libra, Octo Tempest, Scatter Swine, and Starfraud. Our high-confidence assessment is based on the following pieces of evidence observed by GuidePoint’s DFIR and GRIT practices:"
https://www.guidepointsecurity.com/blog/worldwide-web-an-analysis-of-tactics-and-techniques-attributed-to-scattered-spider/
https://www.darkreading.com/threat-intelligence/ransomhub-brings-scattered-spider-into-its-raas-fold
https://www.infosecurity-magazine.com/news/scattered-spider-affiliated/
Self-Replicating Morris II Worm Targets AI Email Assistants
"The proliferation of generative artificial intelligence (GenAI) email assistants such as OpenAI’s GPT-3 and Google’s Smart Compose has revolutionized communication workflows. Unfortunately, it has also introduced novel attack vectors for cyber criminals. Leveraging recent advancements in AI and natural language processing, malicious actors can exploit vulnerabilities in GenAI systems to orchestrate sophisticated cyberattacks with far-reaching consequences. Recent studies have uncovered the insidious capabilities of self-replicating malware, exemplified by the “Morris II” strain created by researchers."
https://securityintelligence.com/posts/morris-ii-self-replicating-malware-genai-email-assistants/
Pause Off My Cluster: DERO Cryptojacking Takes a New Shape
"We have detected a new variant of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters in our customers’ cloud environments. In this incident, the threat actor abused anonymous access to an Internet-facing cluster to launch malicious container images hosted at Docker Hub, some of which have more than 10,000 pulls. These docker images contain a UPX-packed DERO miner named "pause"."
https://www.wiz.io/blog/dero-cryptojacking-campaign-adapts-to-evade-detection
https://thehackernews.com/2024/06/cryptojacking-campaign-targets.html

Breaches/Hacks/Leaks

Life360 Says Hacker Tried To Extort Them After Tile Data Breach
"Safety and location services company Life360 says it was the target of an extortion attempt after a threat actor breached and stole sensitive information from a Tile customer support platform. Life360 provides real-time location tracking, crash detection, and emergency roadside assistance services to more than 66 million members worldwide. In December 2021, it acquired Bluetooth tracking service provider Tile in a $205 million deal."
https://www.bleepingcomputer.com/news/security/life360-says-hacker-tried-to-extort-them-after-tile-data-breach/
https://www.theregister.com/2024/06/13/tile_life360_extortion/
Toronto School Board Reports Ransomware Attack On Test Environment
"Hackers attempted to attack a technology testing environment used by the Toronto District School Board (TDSB) with ransomware, officials said Wednesday. The school board is the largest in Canada and manages 582 schools for about 235,000 students."
https://therecord.media/toronto-school-board-ransomware-attack

General News

Forced-Labor Camps Fuel Billions Of Dollars In Cyber Scams
"Greater collaboration between financial and law enforcement officials is needed to dismantle cybercrime scam centers in Cambodia, Laos, and Myanmar, which rake in tens of billions of dollars annually — and affect victims worldwide."
https://www.darkreading.com/cyber-risk/forced-labor-camps-fuel-billions-of-dollars-in-cyber-scams
Open-Source Security In AI
"New AI products are coming onto the market faster than we have seen in any previous technology revolution. Companies’ free access and right to use open source in AI software models has allowed them to prototype an AI product to market cheaper than ever and at hypersonic speed."
https://www.helpnetsecurity.com/2024/06/12/ai-open-source-security/
Security And Privacy Strategies For CISOs In a Mobile-First World
"In this Help Net Security interview, Jim Dolce, CEO at Lookout, discusses securing mobile devices to mitigate escalating cloud threats. He emphasizes that organizations must shift their approach to data security, acknowledging the complexities introduced by mobile access to cloud-based corporate data."
https://www.helpnetsecurity.com/2024/06/12/jim-dolce-lookout-securing-mobile-devices/
Police Arrest Conti And LockBit Ransomware Crypter Specialist
"The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself. The investigation was backed by information shared by the Dutch police who responded to a ransomware attack on a Dutch multinational, followed by data-theft extortion."
https://www.bleepingcomputer.com/news/security/police-arrest-conti-and-lockbit-ransomware-crypter-specialist/
https://therecord.media/ukraine-suspected-lockbit-conti-affiliate
https://www.darkreading.com/cyberattacks-data-breaches/lockbit-and-conti-ransomware-hacker-busted-in-ukraine
https://securityaffairs.com/164475/breaking-news/developer-crypter-conti-lockbit-ransomware.html
Mass Exploitation: The Vulnerable Edge Of Enterprise Security
"The cyber threat landscape in 2023 and so far 2024 has been dominated by mass exploitation. Previous WithSecure reporting on the professionalization of cybercrime noted the growing importance of mass exploitation as an infection vector, but the volume and severity of this vector have now truly exploded. Several recent reports indicate that mass exploitation may have overtaken botnets as the primary vector for ransomware incidents, and there has been a rapid tempo of security incidents caused by mass exploitation of vulnerable software including, but not limited to: MOVEit, CitrixBleed, Cisco XE, Fortiguard’s FortiOS, Ivanti ConnectSecure, Palo Alto’s PAN-OS, Juniper’s Junos, and ConnectWise ScreenConnect."
https://labs.withsecure.com/publications/mass-exploitation-the-vulnerable-edge-of-enterprise-security
https://www.infosecurity-magazine.com/news/withsecure-exploitation-edge/
70% Of Cybersecurity Pros Often Work Weekends, 64% Looking For New Jobs
"Over 70% of cybersecurity professionals often have to work weekends to address security concerns at their organization, according to a new report by Bitdefender. This intense workload appears to correlate strongly with job dissatisfaction, with around two-thirds (64%) of the 1200 cyber professionals surveyed stating that they are planning on looking for a new job in the next 12 months."
https://www.infosecurity-magazine.com/news/cyber-pros-weekends-new-jobs/
Lessons From The Ticketmaster-Snowflake Breach
"Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million Ticketmaster users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of the live event company's clientele, igniting a firestorm of concern and outrage."
https://thehackernews.com/2024/06/lessons-from-ticketmaster-snowflake.html
White House Report Dishes Deets On All 11 Major Government Breaches From 2023
"The number of cybersecurity incidents reported by US federal agencies rose 9.9 percent year-on-year (YoY) in 2023 to a total of 32,211, per a new White House report, which also spilled the details on the most serious incidents suffered across the government. Of the total number of incidents, the majority (38 percent) were classed as "improper usage," meaning a system was used in a way that violated the agency's acceptable use policies. The report stated that agencies have the capability to detect when security policies are being violated, but not the ability to prevent it from actually happening."
https://www.theregister.com/2024/06/12/white_house_report/
https://www.whitehouse.gov/wp-content/uploads/2024/06/FY23-FISMA-Report.pdf

อ้างอิง
Electronic Transactions Development Agency(ETDA)

NCSA_THAICERT

Cyber Security Agency of Singapore (CSA)ได้เผยแพร่เกี่ยวกับ Google ที่มีการอัปเดตเพื่อแก้ไขช่องโหว่ที่มีความรุนแรงสูง ที่หมายเลขช่องโหว่ CVE-2024-32896 ที่ส่งผลต่อผลิตภัณฑ์ Pixel มีรายงานว่าช่องโหว่ดังกล่าวถูกนำไปใช้ประโยชน์อย่างแข็งขัน

การใช้ประโยชน์จากช่องโหว่ที่ประสบความสำเร็จอาจทำให้ผู้โจมตีที่ไม่ได้รับอนุญาตสามารถดำเนินการยกระดับสิทธิ์ได้

ช่องโหว่นี้ส่งผลต่อผลิตภัณฑ์ Pixel ที่รองรับทั้งหมด

ผู้ใช้งานผลิตภัณฑ์ที่ได้รับผลกระทบควรอัปเดตเป็นเวอร์ชันล่าสุดทันที
หากต้องการใช้การอัปเดตความปลอดภัย ผู้ใช้งาน Pixel ควรไปที่ การตั้งค่า > ความปลอดภัยและความเป็นส่วนตัว > ระบบและการอัปเดต > การอัปเดตความปลอดภัยแตะ ติดตั้งและรีสตาร์ทอุปกรณ์เพื่อดำเนินการอัปเดตให้เสร็จสิ้น

อ้างอิง
https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-070

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

กลุ่ม TellYouThePass Ransomware ได้ใช้ประโยชน์จากช่องโหว่ P.png

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

แฮกเกอร์จีนเจาะระบบ FortiGate ทั่วโลก มากกว่า 20,000 .png
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

โรงพยาบาลในลอนดอนประสบปัญหาการขาดแคลนเล.png

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

ตำรวจอังกฤษจับกุมชายสองคนในข้อหาส่ง SMS ฟิช.png

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

Healthcare Sector

MicroDicom DICOM Viewer
"Successful exploitation of these vulnerabilities could allow an attacker to both retrieve and plant medical image files on a victim's system and cause a stack-based buffer overflow, which could result in sensitive information disclosure and arbitrary code execution."
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-163-01

Industrial Sector

Intrado 911 Emergency Gateway
"Successful exploitation of this vulnerability could allow an attacker to execute malicious code, exfiltrate data, or manipulate the database."
https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-04
Rockwell Automation ControlLogix, GuardLogix, And CompactLogix
"Successful exploitation of this vulnerability could compromise the availability of the device."
https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-01
AVEVA PI Web API
"Successful exploitation of this vulnerability could allow an attacker to perform remote code execution."
https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-02
AVEVA PI Asset Framework Client
"Successful exploitation of this vulnerability could allow malicious code execution."
https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-03