Researchers have the right to dub malware findings whatever they want, but in doing so it seems prudent to avoid possible confusion with previous activity similarly named.
Earlier this week cybersecurity experts revealed 19 vulnerabilities in a small library developed by software company Treck that has been widely used and integrated into many enterprise and consumer-grade products over the last 20+ years.
CISA has published an advisory on out-of-bounds write, deserialization of untrusted data, and code injection vulnerabilities in ICONICS GENESIS64, GENESIS32 The following products using GenBroker64, Platform Services, Workbench, FrameWorX Server; v10.96 and prior are affected: GENESIS64, Hyper Historian, AnalytiX, and MobileHMI. The following products using GenBroker32 v9.5 and prior are affected: GENESIS32 and BizViz. Successful exploitation of these vulnerabilities may allow remote code execution or denial of service. ICONICS is releasing a patch for the affected products.
CISA has published an advisory on out-of-bounds write, deserialization of untrusted data, and code injection vulnerabilities in Mitsubishi Electric MC Works64, MC Works32. For MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions are affected. MC Works32 Version 3.00A (9.50.255.02) is also affected. Successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering. Mitsubishi Electric recommends updating to the latest software version or applying security patches.
CISA has published an advisory on an improper input validation vulnerability Rockwell Automation FactoryTalk Services Platform. All versions of FactoryTalk Services Platform are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute remote COM objects with elevated privileges. Affected users are encouraged to use Rockwell Automation Knowledgebase article 25612 to determine if FactoryTalk Services Platform is installed.
CISA has published an advisory on improper input validation, improper restriction of operations within the bounds of a memory buffer, permissions, privileges, and access controls, and exposure of sensitive information to an unauthorized actor vulnerabilities in Rockwell Automation FactoryTalk Services Platform. All versions of FactoryTalk View SE are affected. Successful exploitation of these vulnerabilities may allow a remote authenticated attacker to manipulate data of affected devices.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) reports it is aware of multiple vulnerabilities, known as Ripple20, affecting Treck IP stack implementations for embedded systems. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following products for additional information and mitigations, and update to the latest stable version of Treck IP stack software (6.0.1.67 or later).
Last Tuesday, Microsoft patched multiple vulnerabilities in SMB (Server Message Block), the protocol used to facilitate the sharing of files, printers and serial ports between computers; two in SMB v3, and one in SMB v1. The vulnerabilities have been given catchy names, SMBleed and SMBLost, respectively. Cybersecurity firm Tenable has posted a technical summary on the concerns of each. Regarding SMBleed (CVE-2020-1206), the biggest concern is related to a prior patch for “SMBGhost” (CVE-2020-0796) in March for the same feature of SMB v3. SMBleed is an information disclosure vulnerability.
CISA has published an advisory on a cross-site scripting vulnerability in OSIsoft PI Web API 2019. PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions are affected. Successful exploitation of this vulnerability could allow a remote authenticated attacker with write access to a PI Server to trick a user into interacting with a PI Web API endpoint that executes arbitrary JavaScript in the user’s browser, resulting in view, modification, or deletion of data as allowed for by the victim’s user permissions.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
