Exposures, Exposed! Weekly Round-up 
November 11 – November 17

Exposures, Exposed! Weekly Round-up November 11 – November 17

❄ Welcome to XM Cyber’s “Exposures, Exposed”. As the crisp air sets in, we’re uncovering the cold, hard truths about the latest breaches, vulnerabilities, and exposures threatening your digital landscape. Our researchers have unearthed some of this past week’s most chilling cyber threats. Join us as we break the ice on these critical issues.


CISA Issues Advisories on Critical ICS Vulnerabilities  

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released advisories addressing vulnerabilities in industrial control systems (ICS) affecting equipment from Beckhoff Automation, Delta Electronics, and Bosch Rexroth. These systems are widely deployed across critical infrastructure sectors.  

Beckhoff Automation’s TwinCAT Package Manager is impacted by CVE-2024-8934, a command injection vulnerability with a CVSS v4 score of 7.0. This flaw could allow attackers with administrative access to execute arbitrary OS commands. Users are urged to update to version 1.0.613.0.  

Delta Electronics’ DIAScreen software is affected by multiple stack-based buffer overflow vulnerabilities, including CVE-2024-47131, CVE-2024-39605, and CVE-2024-39354, each with CVSS v4 scores of 8.4. Updating to version 1.5.0 is recommended.  

Bosch Rexroth’s IndraDrive equipment has an uncontrolled resource consumption flaw (CVE-2024-48989) with a CVSS v4 score of 8.7, enabling denial-of-service attacks. Users should apply the latest firmware update.  

The Takeaway: Organizations should update affected systems and implement CISA’s recommended defensive measures to mitigate risks. Learn more here.


Hewlett Packard Enterprise Patches Critical Aruba Access Flaws  

Hewlett Packard Enterprise (HPE) has issued security updates to address multiple vulnerabilities in Aruba Networking Access Point products, including two critical command injection flaws that could allow unauthenticated remote code execution.  

The vulnerabilities affect devices running Instant AOS-8 and AOS-10, including versions 10.4.1.4 and below, 8.12.0.2 and below, and 8.10.0.13 and below. The most critical flaws, CVE-2024-42509 (CVSS score: 9.8) and CVE-2024-47460 (CVSS score: 9.0), exploit weaknesses in the CLI Service to execute arbitrary code as a privileged user.  

To mitigate these risks, HPE advises enabling cluster security for Instant AOS-8 devices and blocking UDP port 8211 for AOS-10 devices. Additional vulnerabilities, including remote command execution and path traversal issues, have also been patched.  

The Takeaway: Users should apply patches immediately and implement recommended mitigations to secure vulnerable devices. Learn more here.


Google Releases Chrome 131 Update with Critical Fixes  

Google has rolled out Chrome 131 for Windows, Mac, and Linux, addressing 12 security vulnerabilities, including high- and medium-severity flaws. The update, set to deploy over the coming weeks, includes fixes for vulnerabilities such as CVE-2024-11110, a high-severity issue in Blink, Chrome’s rendering engine.  

Other vulnerabilities patched include autofill and accessibility flaws, inappropriate implementations in Views, and insufficient policy enforcement in Navigation. Google has also resolved long-standing issues in its paint and file system implementations. To protect users, details of certain bugs remain restricted until most users update their browsers.  

The Takeaway: Chrome users are urged to update their browsers manually by navigating to the “About Chrome” section in settings to install the latest version. Learn more here.


OvrC Platform Vulnerabilities Could Enable Remote Code Execution  

A recent security analysis of Snap One's OvrC cloud platform uncovered 10 vulnerabilities that could allow attackers to remotely execute code on connected devices. OvrC, used in over 500,000 locations, supports IoT devices such as smart power supplies, cameras, and routers.  

According to security researchers, exploiting these vulnerabilities could let attackers access, control, and disrupt devices by bypassing weak access controls, authentication, and input validation. Four of the most severe flaws, including CVE-2023-28649 and CVE-2023-28386, scored over 9 on CVSS. Fixes for eight vulnerabilities were released in May 2023, with the final patches deployed on November 12, 2024.  

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers could use these flaws to impersonate devices, execute arbitrary code, and access sensitive information. Katz emphasized the importance of stronger cloud-device security as IoT adoption grows.  

The Takeaway: Ensure all OvrC-connected devices are updated to the latest firmware. Learn more here.  


Palo Alto Networks Warns of Potential PAN-OS Vulnerability  

Palo Alto Networks has issued an advisory urging customers to secure access to the PAN-OS management interface due to claims of a potential remote code execution (RCE) vulnerability. While the company has found no evidence of exploitation or specific details about the alleged vulnerability, it believes proper interface configuration can mitigate risks.  

The advisory recommends restricting access to trusted internal IPs and avoiding exposure to the internet, which aligns with the company’s deployment guidelines. Palo Alto Networks confirmed that its Prisma Access and cloud NGFW products are not impacted.  

The warning follows CISA’s recent addition of a different vulnerability, CVE-2024-5910, affecting the Palo Alto Networks Expedition tool, to its Known Exploited Vulnerabilities Catalog. That issue, patched in July, could allow attackers to take over admin accounts, though no active exploitation has been reported.  

The Takeaway: Secure the PAN-OS management interface by limiting access to trusted IPs. Learn more here.  


Ivanti Releases Patches for Critical Security Vulnerabilities  

Ivanti has issued patches for nearly 50 vulnerabilities across its products, including eight critical flaws in Connect Secure, Policy Secure, and Endpoint Manager. The critical issues, identified as CVE-2024-38655, CVE-2024-38656, CVE-2024-39710 to CVE-2024-39712, and CVE-2024-11005 to CVE-2024-11007, allow authenticated attackers with administrator privileges to execute remote code.  

The fixes are included in Connect Secure version 22.7R2.3 and Policy Secure version 22.7R1.2. Ivanti also addressed high- and medium-severity issues, including privilege escalation and denial-of-service (DoS) flaws, in Secure Access Client version 22.7R4.  

Endpoint Manager updates resolved a critical SQL injection flaw (CVE-2024-50330, CVSS score 9.8) and 17 other high-severity remote code execution bugs. Additionally, Avalanche version 6.4.6 patched six high-severity issues that could cause DoS or expose sensitive data.  

Ivanti stated there is no evidence of exploitation before public disclosure.  

The Takeaway: Apply Ivanti's latest security updates to all impacted systems immediately. Learn more here.  


That’s all for this week – have any exposures to add to our list? Let us know!



It’s time to leave Vulnerability Management approaches in the past, and learn how to make real improvements in security posture and actually reduce risk. 

Read the new Gartner® report, How to Grow Vulnerability Management Into Exposure Management and find out how to make 2025 the year of Exposure Management.



To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics