News & Events

Critical Bugs in Cisco Switches, Vulnerabilities in Google's Nest Camera, and Much More: The Top News in Product Security for This Past Week

Karamba Security | August 23rd, 2019
tracers

A look at some of the top stories from this past week in the world of automotive, IoT, Industry 4.0, and Enterprise Edge product cybersecurity.

Cisco Patches Six Critical Bugs in UCS Gear and 220 Series Smart Switches (threatpost)

computers

Cisco urged users to patch two vulnerabilities that affect its small business 220 Series Smart switches (CVE-2019-1913 and (CVE-2019-1912). Both of the vulnerabilities are buffer overflows and an exploit for each is available online.

Researchers Manage to Steal Data from a Private Network by Connecting to the Guest Router (Consumer Affairs)

routers

Study included routers from a variety of popular brands including Edimax, TP-Link and Linksys. Each router revealed the same thing: because the router ultimately hosts two networks, hackers can utilize shared channels between both of them to either steal information or share data between the two networks. Read the full academic paper here.

Researchers Bypassed a Siemens SIMATIC S7 PLC’s Cryptographic Communication (Security Week)

siemens

Israeli researchers have reverse-engineered the PLC network communication protocol. The most recent versions of the S7 protocol have cryptographic message integrity checks that should protect communication from malicious tampering. However, researchers managed to develop a rogue engineering workstation that mimicked the TIA Portal (the software the PLC communicate with), allowing it to interact with the PLC. Such a rogue workstation can be set up by an attacker who has access to the targeted organization’s network and the PLC.

Vulnerabilities in Google’s Nest Camera Allow DoS, Remote Code Execution, and More (threatpost)

camera

Cisco Talos researchers find a total of 8 vulnerabilities in the security camera that would let an attacker on the same network hijack the device, force a denial-of-service, or disclose information.

Vulnerabilities Found in Siemens SCALANCE Industrial Switch Eevices (SecurityWeek)

locked computer

The vulnerabilities could cause a DoS by repeatedly sending large message packets to the Telnet service. After the crash, the device is automatically restarted, disconnecting all connected devices from the network.

Read more

Want to learn more?

Contact Us
Loc

USA

41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 248-574-5171

Loc

Israel

24 HaNagar Street
Hod Hasharon
45277-13
Tel: +972 9 88 66 113

Loc

Germany

Wasserburger
Landstr. 264, Munich
81827
Tel: +49 151 1471 6088