Security Vulnerabilities Newsletter: Top News Rundown (November 2022)

BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks

Security researchers from Nozomi Networks, an industrial cybersecurity firm, have identified more than a dozen security holes in baseboard management controller (BMC) firmware.”BMC is a specialized processor that allows administrators to remotely control and monitor a device without having to access the operating system or applications running on it. The BMC can be used to reboot a device, install an operating system, update the firmware, monitor system parameters, and analyze logs.” In total, Nozomi discovered 13 vulnerabilities. The tech giants affected include Asus, Dell, HP, Lenovo, Gigabyte and Nvidia.

Binaré’s platform will check your IoT device, e.g. controller, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at?https://binare.io/!

More information about the incident: https://www.securityweek.com/bmc-firmware-vulnerabilities-expose-ot-iot-devices-remote-attacks?&web_view=true

#BinareInfographic: Telecom Cybersecurity

Discover and download more infographics?HERE

Omron Products Under ICS Malware Attack

Earlier this month CISA reported three vulnerabilities affecting NJ and NX-series controllers and software made by Omron, Japanese electronics giant. One of the vulnerabilities can be tracked as CVE-2022-33971, a high-severity flaw that can allow an attacker who can access the targeted Omron programmable logic controller (PLC) to cause a denial-of-service (DoS) condition or execute malicious programs. Another security issue is CVE-2022-34151, a critical hardcoded credentials vulnerability that can be used to access Omron PLCs. The third one is CVE-2022-33208, a high-severity issue that can be used to obtain sensitive information that could allow hackers to bypass authentication and access the controller.

Binaré’s platform will check your IoT device, e.g. PLC, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at?https://binare.io/!

More information about the incident: https://www.securityweek.com/omron-plc-vulnerability-exploited-sophisticated-ics-malware?&web_view=true

#BinareVideo: Binare's Firmware Insights || Critical vulnerability in OpenSSL || CVE-2022-0778

Found the video insightful? Subscribe to Binare's Youtube channel?HERE

Hackers Open Doors Exploiting Aiphone Intercom System Vulnerability?

A security hole hiding in Aiphone intercom products allows malicious third-parties to breach the entry system and gain access to the building that uses it.”Aiphone is one of the largest global manufacturers of intercom systems, including audio and video entry systems for residential and corporate buildings.” The vulnerability has been reported by Norwegian application security firm Promon. The security bug can be tracked as CVE-2022-40903 and affects Aiphone device series GT-DMB, GT-DMB-N, and GT-DMB-LVN running firmware versions prior to 3.00, and GT-DB-VN devices running firmware version 2.00 or earlier.

Binaré’s platform will check your IoT device, e.g. IP intercom system, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at?https://binare.io/!

More information about the incident: https://www.securityweek.com/aiphone-intercom-system-vulnerability-allows-hackers-open-doors?&web_view=true

#BinareCaseStudy: Binare’s Firmware Analysis & Monitoring Platform Brings Significant Value?For Industrial Manufacturing Companies

Realized the urgent need to protect Industrial IoT devices against cyberattacks? Find out how Binare can help Manufacturing companies to secure their IoT devices by downloading the full case study?HERE

High-Severity Vulnerability Identified in ABB’s Flow Computers

“A path-traversal vulnerability has been discovered in ABB Totalflow flow computers and controllers that could lead to code injection and arbitrary code execution (ACE).” The security bug can be tracked as CVE-2022-0902 and has a CVSS score of 8.1 (high-severity).“Attackers can exploit this flaw to gain root access on an ABB flow computer, read and write files, and remotely execute code”.

Binaré’s platform will check your IoT device, e.g. computer, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at?https://binare.io/!

More information about the incident: https://www.infosecurity-magazine.com/news/high-risk-vulnerability-found-in/?&web_view=true

#BinareBlog: Cyber Funding for Finnish Companies: Governmental Support in a Light of Rising Security Threats

More articles for reading available in?Binare's blog & news section

Citrix ADC, Citrix Gateway Affected By Critical Authentication Bypass Flaw

The three vulnerabilities affecting both Citrix Gateway and Citrix ADC are the following: CVE-2022-27510, CVE-2022-27513 & CVE-2022-27516. CVE-2022-27510 is an authentication bypass flaw using an alternate path or channel, an attacker can trigger it to gain unauthorized access to Gateway user capabilities. CVE-2022-27513?is an insufficient Verification of Data Authenticity flaw, an attacker can exploit the flaw to achieve a remote desktop takeover via phishing attacks.?CVE-2022-27516?is a user login brute force protection functionality bypass vulnerability.

Binaré’s platform will check your IoT device, e.g. gateway, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at?https://binare.io/!

More information about the incident: https://securityaffairs.co/wordpress/138264/security/citrix-gateway-adc-flaws.html?web_view=true

Free icons courtesy of flaticon.com by authors: smalllikeart, Freepik, Khairul24