Nothing’s Headphone 1 look cool, sound good, and give Apple a run for its money.

Timothy Olyphant and Sydney Chandler star in the Noah Hawley FX show, coming August 12.

The new animated show produced by ‘Black Panther’ director Ryan Coogler comes to Disney+ August 27.

You’ll love having your own personal blender at your beck and call for whatever you want to make, anytime.

Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader.
Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under the moniker TA829. The latter is also known by the

Jean Grey and Blade are the latest heroes coming to NetEase’s Marvel team shooter.

Elon Musk bragged about sending the USAID through a “wood chipper” earlier this year.

Get the iRobot Roomba Plus 405 mop and vacuum combo for half off as an Amazon Prime Member.

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v3 9.8
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: FESTO
• Equipment: CODESYS
• Vulnerabilities: Partial String Comparison, Uncontrolled Resource Consumption, Memory Allocation with Excessive Size Value

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to block legitimate user connections, crash the application, or authenticate without proper credentials.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

FESTO reports that the following products are affected:

• FESTO CODESYS Gateway Server V2: All versions
• FESTO CODESYS Gateway Server V2: prior to V2.3.9.38

3.2 VULNERABILITY OVERVIEW

3.2.1 PARTIAL STRING COMPARISON CWE-187

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only part of the specified password is being compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.

CVE-2022-31802 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.2 UNCONTROLLED RESOURCE CONSUMPTION CWE-400

In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.

CVE-2022-31803 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.2.3 MEMORY ALLOCATION WITH EXCESSIVE SIZE VALUE CWE-789

The CODESYS Gateway Server V2 does not verify the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.

CVE-2022-31804 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

CERT@VDE coordinated with and supported Festo in the publication of FSA-202406.

4. MITIGATIONS

FESTO recommends users enable password protection at login in case no password is set at the controller. Please note the password configuration file is not covered by the default FFT backup and restore mechanism. The related file must be selected manually.

For more information see the associated Festo SE security advisory FSA-202406: Several Codesys Gateway v2 vulnerabilities in Codesys provided by Festo PDF or VDE-2024-059: Several Codesys Gateway v2 vulnerabilities in Codesys provided by Festo.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

• Do not click web links or open attachments in unsolicited email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

• July 1, 2025: Initial Republication of Festo SE & Co. KG FSA-202306

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v3 9.8
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: FESTO Didactic
• Equipment: CP, MPS 200, MPS 400
• Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

FESTO Didactic reports that the following products are affected:

• FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic CP including S7 PLC(All versions): All versions
• FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic MPS 200 Systems(All versions): All versions
• FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic MPS 400 Systems(All versions): All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119

SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Siemens has released updates for several affected products and strongly recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.

CVE-2020-15782 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

CERT@VDE coordinated with and supported Festo in the publication of FSA-202405.

4. MITIGATIONS

FESTO Didactic has identified the following specific workarounds and mitigations users can apply to reduce risk:

• (Product Group: FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic CP including S7 PLC(All versions), FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic MPS 200 Systems(All versions), FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic MPS 400 Systems(All versions)), All affected products: Update Siemens Simatic S7-1500 / ET200SP Firmware to V2.9.2 or or higher

The following product versions have been fixed:

• Siemens Simatic S7-1500 / ET200SP V2.9.2 installed on FESTO Didactic CP including S7 PLC are fixed versions for CVE-2020-15782
• Siemens Simatic S7-1500 / ET200SP V2.9.2 installed on FESTO Didactic MPS 200 Systems are fixed versions for CVE-2020-15782
• Siemens Simatic S7-1500 / ET200SP V2.9.2 installed on FESTO Didactic MPS 400 Systems are fixed versions for CVE-2020-15782

For more information see the associated Festo SE & Co. KG security advisory FSA-202405 VDE-2024-055: Festo: Siemens S7-1500/ET200SP CPU used in Festo Didactic products contains a memory protection bypass vulnerability.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

• Do not click web links or open attachments in unsolicited email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

• July 1, 2025: Initial Republication of Festo SE & Co. KG FSA-202405