Cyble Research & Intelligence Labs (CRIL) recently released its weekly vulnerability report for the second week of July, highlighting 21 vulnerabilities across various products and platforms. The report identified high severity flaws in products from Rockwell Automation, Microsoft, and Johnson Controls, underscoring the importance of timely patching and software updates to prevent cyber attacks.
Among the critical-severity vulnerabilities identified by CRIL are issues in Gogs, Rejetto, and OpenSource Geospatial Foundation that pose significant security risks. According to a study conducted by Microsoft, more than 80% of successful cyberattacks could have been avoided through prompt patching and updates. The average computer requires approximately 76 patches per year from 22 different vendors, making it crucial for organizations to stay vigilant against potential security threats.
The three most critical vulnerabilities highlighted in the report include:
1. CVE-2024-39930: Gogs
This vulnerability in the built-in SSH server of Gogs versions through 0.13.0 allows for argument injection and remote code execution. Exploiting this flaw could lead to unauthorized access, data breaches, and complete compromise of the Gogs server, enabling attackers to run arbitrary commands and manipulate sensitive data.
2. CVE-2023-2071: Rockwell Automation
A critical vulnerability in Rockwell Automation’s FactoryTalk View Machine Edition on PanelView Plus enables remote code execution by unauthenticated attackers. Successful exploitation of this flaw could result in a full system compromise, allowing threat actors to steal data or launch further attacks on the network.
3. CVE-2023-29464: Rockwell Automation
This vulnerability in Rockwell Automation’s FactoryTalk Linx can be exploited by unauthorized attackers to trigger a denial-of-service condition. The lack of proper input validation in the software may lead to disruptions in industrial control systems, potentially causing operational downtime and safety risks.
In addition, three vulnerabilities identified in the Cyble report have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. These include CVE-2024-23692, a critical flaw in Rejetto HTTP File Server; CVE-2024-38080, an elevation of privilege vulnerability in Microsoft Windows Hyper-V; and CVE-2024-38112, a platform spoofing vulnerability in Windows MSHTML. Threat actors, including prominent groups like LemonDuck, have been actively exploiting these vulnerabilities to gain access to systems and deploy malware.
The full report available to CRIL subscribers delves into five advisories covering eight vulnerabilities specific to Industrial Control Systems (ICS) assets, affecting companies such as Johnson Controls, Mitsubishi Electric, and Delta Electronics. It is crucial for organizations to prioritize these security updates and patches to mitigate the risk of potential cyber threats.
By leveraging Cyble’s dark web and threat intelligence, The Cyber Express aims to raise awareness about critical security vulnerabilities that require immediate attention. Through collaboration with industry experts and researchers, the platform strives to empower organizations with the knowledge and tools needed to enhance their cybersecurity posture and protect against evolving threats.