The billionaire has a history of manipulating X to fit his far-right worldview.

The first royal tomb discovered in over a century is shedding new light on the pharaoh who ruled before Hatshepsut.

It’s still learning to hate Elon Musk.

5 cameras, 2-year battery, 1 low price—Blink Outdoor 4 Security Cam (5-pack) is now $200.

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 9.3
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: ABB
• Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series
• Vulnerability: Use of Hard-coded Credentials

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to obtain access to devices without proper authentication.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

ABB reports the following products are affected:

• ABB ASPECT®-Enterprise ASP-ENT-x: Versions 3.08.03 and prior
• ABB NEXUS Series NEX-2x: Versions 3.08.03 and prior
• ABB NEXUS Series: Versions 3.08.03 and prior
• ABB MATRIX Series MAT-x: Versions 3.08.03 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798

Several hard-coded credentials for the products internal use are contained in the firmware as plain text information.

CVE-2024-51547 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-51547. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

Gjoko Krstikj of Zero Science Lab reported this vulnerability to CISA.

4. MITIGATIONS

ABB has identified specific workarounds and mitigations users can apply to reduce risk and recommends users to perform the following actions on any released SW version of ASPECT:

• Stop and disconnect any ASPECT products that are exposed directly to the Internet, either via a direct ISP connection or via NAT port forwarding.
• Ensure that physical controls are in place, so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.
• Ensure log-files, downloaded from the equipment is protected against unauthorized access.
• Ensure that all ASPECT products are upgraded to the latest firmware version. Please find the latest version of ASPECT firmware on the respective product homepage.
• When remote access is required, only use secure methods. If a Virtual Private Network (VPN) is used, ensure that the chosen VPN is secure i.e. updated to the most current version available and configured for secure access.

For more information, please refer to ABB’s cybersecurity advisory 9AKK108470A6775.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

• February 20, 2025: Initial Publication

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 5.7
• ATTENTION: Low attack complexity
• Vendor: Medixant
• Equipment: RadiAnt DICOM Viewer
• Vulnerability: Improper Certificate Validation

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to perform a machine-in-the-middle attack (MITM), resulting in malicious updates being delivered to the user.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Medixant products are affected:

• RadiAnt DICOM Viewer: Version 2024.02

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295

The affected product is vulnerable due to failure of the update mechanism to verify the update server’s certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server’s response and deliver a malicious update to the user.

CVE-2025-1001 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).

A CVSS v4 score has also been calculated for CVE-2025-1001. A base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Poland

3.4 RESEARCHER

Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA.

4. MITIGATIONS

Medixant recommends users download the v2025.1 or later version of their software.

If users are unable to update to the new version, Medixant recommends the following:

• Disable the display of available updates via this command reg add “HKCUSoftwareRadiAnt Viewer” /t REG_DWORD /v CheckUpdate /d 0 /f.
• Do not check manually for updates (“Check for updates now” from the toolbar menu).
• Ignore any update notifications coming from RadiAnt DICOM Viewer, download the latest version directly in the web browser from https://www.radiantviewer.com.
• Check the downloaded RadiAnt DICOM Viewer installation package with antivirus software before running it.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

• Do not click web links or open attachments in unsolicited email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

• February 20, 2025: Initial Publication

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 10.0
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: ABB
• Equipment: FLXEON Controllers
• Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’), Missing Origin Validation in WebSockets, Insertion of Sensitive Information into Log File

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to send unauthorized HTTPS requests, access sensitive information from HTTPS responses, or use network access to execute remote code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

ABB reports that the following products are affected:

• FLXEON Controllers FBXi: Version 9.3.4 and prior
• FLXEON Controllers FBVi: Version 9.3.4 and prior
• FLXEON Controllers FBTi: Version 9.3.4 and prior
• FLXEON Controllers CBXi: Version 9.3.4 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (‘COMMAND INJECTION’) CWE-77

Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON version 9.3.4 and prior.

CVE-2024-48841 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-48841. A base score of 10.0 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H).

3.2.2 MISSING ORIGIN VALIDATION IN WEBSOCKETS CWE-1385

Session management is not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON version 9.3.4 and prior.

CVE-2024-48849 has been assigned to this vulnerability. A CVSS v3 base score of 9.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-48849. A base score of 8.8 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.3 INSERTION OF SENSITIVE INFORMATION INTO LOG FILE CWE-532

Some information may be improperly disclosed through HTTPS access. This issue affects FLXEON version 9.3.4 and prior.

CVE-2024-48852 has been assigned to this vulnerability. A CVSS v3 base score of 9.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-48852. A base score of 8.8 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

Gjoko Krstikj of Zero Science Lab reported these vulnerabilities through responsible disclosure.

4. MITIGATIONS

ABB recommends that users update to firmware version 9.3.5.

ABB recommends that users immediately do the following actions on any released version of FLXEON:

• Stop and disconnect any FLXEON products that are exposed directly to the Internet, either via a direct ISP connection or via NAT port forwarding.
• Ensure that physical controls are in place, so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.
• Ensure that all FLXEON products are upgraded to the latest firmware version (9.3.5 or above). Please find the latest version of FLXEON firmware on the respective product homepage.
• When remote access is required, only use secure methods. If a virtual private network (VPN) is used, ensure that the chosen VPN is secure i.e. updated to the most current version available and configured for secure access.

For more information, please refer to ABB’s cybersecurity advisory 9AKK108470A5684.

ABB states that these vulnerabilities are only exploitable if attackers can access the network segment where FLXEON is installed and exposed directly to the internet. ABB therefore recommends the following guidelines in order to protect users networks:

• FLXEON devices should never be exposed directly to the Internet either via a direct ISP connection nor via NAT port forwarding. If remote access to a FLXEON system is a user requirement, the system shall operate behind a firewall. Users accessing FLXEON remotely shall do this using a VPN gateway allowing access to the particular network segment where FLXEON is in stalled and configured.
• It is crucial that the VPN gateway and network are set up in accordance with best industry standards and maintained in terms of security patches for all related components.
• Change default passwords if they are still in use.
• Ensure that all FLXEON products are upgraded to the latest firmware version. Please find the latest version of FLXEON firmware on the respective product homepage.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

• February 20, 2025: Initial Publication

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 7.1
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Carrier
• Equipment: Block Load
• Vulnerability: Uncontrolled Search Path Element

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow a malicious actor to execute arbitrary code with escalated privileges .

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Carrier product, which is a HVAC load calculation program, are affected:

• Block Load: Version 4.16

3.2 VULNERABILITY OVERVIEW

3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427

The vulnerability could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.

CVE-2024-10930 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-10930. A base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities
• COUNTRIES/AREAS DEPLOYED: United States
• COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

An anonymous researcher reported this vulnerability to Carrier.

4. MITIGATIONS

Carrier recommends users to upgrade the product to v4.2 or later. If any issues arise, users are encouraged to contact Carrier directly. For more information refer to Carrier’s security advisory.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

• February 20, 2025: Initial Publication

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 9.4
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Elseta
• Equipment: Vinci Protocol Analyzer
• Vulnerability: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to escalate privileges and perform code execution on the affected system.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Elseta products are affected:

Vinci Protocol Analyzer: Versions prior to 3.2.3.19

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (‘OS COMMAND INJECTION’) CWE-78

An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system.

CVE-2025-1265 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.9 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-1265. A base score of 9.4 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Communications
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Lithuania

3.4 RESEARCHER

Nguyen Huu Thien Duc reported this vulnerability to CISA.

4. MITIGATIONS

Elseta recommends affected users update to version 3.2.3.19 or later. Contact Elseta for more information.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

• February 20, 2025: Initial Publication

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 8.7
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Rapid Response Monitoring
• Equipment: My Security Account App
• Vulnerability: Authorization Bypass Through User-Controlled Key

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow attacker to access sensitive information of other users.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Rapid Response Monitoring products are affected:

• My Security Account App API: Versions prior to 7/29/24

3.2 VULNERABILITY OVERVIEW

3.2.1 Authorization Bypass Through User-Controlled Key CWE-639

Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users.

CVE-2025-0352 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-0352. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Emergency Services
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

kbots reported this vulnerability to CISA.

4. MITIGATIONS

Rapid Response Monitoring reports that this issue was patched on their end and no action is required by users. For further information, contact Rapid Response Monitoring.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

• Do not click web links or open attachments in unsolicited email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

• February 20, 2025: Initial Publication