Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has released advisories for critical vulnerabilities that could impact various systems, particularly Schneider Electric’s EcoStruxure Power Monitoring Expert, Google Chrome, and Sitecore CMS/XP. These vulnerabilities pose significant risks, including remote code execution and arbitrary code execution, urging organizations to implement mitigations and keep their systems updated. CISA’s proactive measures in cataloging known exploited vulnerabilities aim to help organizations defend against ongoing cyber threats.
Affected: Schneider Electric, Google Chrome, Sitecore CMS/XP
Keypoints :
- CISA issued advisories addressing critical vulnerabilities in industrial control systems and widely used platforms.
- Schneider Electric’s PME has a vulnerability (CVE-2024-9005) allowing remote code execution due to unsafe data deserialization.
- The Known Exploited Vulnerabilities Catalog was updated, highlighting exploit risks in Google Chrome and Sitecore CMS/XP.
- Organizations are advised to apply updates, follow best cybersecurity practices, and remain vigilant against known vulnerabilities.
Source: https://thecyberexpress.com/cisa-known-exploited-vulnerabilities-catalog-4/