Microsoft has released a security update to address a protocol vulnerability—CVE-2020-16898—in Windows Transmission Control Protocol (TCP)/IP stack handling of Internet Control Message Protocol version 6 (ICMPv6) Router Advertisement packets. A remote attacker could exploit this vulnerability to take control of an affected system or cause a denial-of-service condition.
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. This includes an OS command injection vulnerability (CVE-2020-6364) affecting SAP Solution Manager and SAP Focused Run. CISA encourages users and administrators to review the SAP Security Notes for October 2020 and apply the necessary updates.
Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft JET Database Engine, Azure Functions, Open Source Software, Microsoft Exchange Server, Visual Studio, PowerShellGet, Microsoft .NET Framework, Microsoft Dynamics, Adobe Flash Player, Microsoft Windows Codecs Library.
CISA has published an advisory on a use of client-side authentication vulnerability in Siemens SIPORT MP. Versions 3.2.1 and prior are affected. Successful exploitation of this vulnerability could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature (“Allow logon without password”) is enabled. Siemens has released an updated version of SIPORT MP and recommends users install this update on all affected systems.
CISA has published an advisory on SQL injection, improper restriction of rendered UI layers or frames, and exposure of sensitive information to an unauthorized actor vulnerabilities in Siemens Desigo Insight. All versions of this product are affected. Successful exploitation of these vulnerabilities could allow an attacker to retrieve or modify data and gain access to sensitive information. Fieldcomm Group recommends users restrict access to the computers or devices running the software. Siemens has identified specific workarounds and mitigations users can apply to reduce risk.
CISA has published an advisory on a stack-based buffer overflow vulnerability in Fieldcomm Group HART-IP and hipserver. For HART-IP Developer kit, release 1.0.0.0 is affected. For hipserver, release 3.6.1 is affected. Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow condition may allow remote code execution. Fieldcomm Group recommends users restrict access to the computers or devices running the software. Users of hipserver should immediately upgrade source code to v3.7.0 or later.
CISA has published an advisory on an untrusted search path vulnerability in Flexera InstallShield. Versions through 2015 SP1 are affected. CISA’s advisory also notes that Flexera InstallShield is integrated into many products sold by other companies. Successful exploitation of this vulnerability could allow execution of a malicious DLL.
CISA has published an advisory on an out-of-bounds read vulnerability in LCDS LAquis SCADA. Versions prior to 4.3.1.870 are affected. Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application. LCDS recommends users update to Version 4.3.1.870 or later. CISA also advised on a series of measures to mitigate the vulnerability. Read the advisory at CISA.
CISA has published an advisory on session fixation, improper privilege management, weak password requirements, cleartext transmission of sensitive information, improper restriction of excessive authentication attempts, and exposure of sensitive information to an unauthorized actor vulnerabilities in MOXA NPort IAW5000A-I/O Series. Firmware Version 2.1 or lower is affected.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
