https://www.tenable.com/plugins/feeds?sort=newest&type=ot Get the latest plugin updates from Tenable Tue, 17 Mar 2026 09:41:37 GMT https://validator.w3.org/feed/docs/rss2.html Tenable Plugins https://www.tenable.com/themes/custom/tenable/img/favicons/apple-touch-icon.png https://www.tenable.com/plugins/feeds?sort=newest&type=ot Copyright 2026 Tenable, Inc. All rights reserved. https://www.tenable.com/plugins/ot/505230 https://www.tenable.com/plugins/ot/505230 Mon, 16 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505230 with High Severity

Synopsis

Detection of Moxa devices that are discontinued and no longer supported.

Description

The current plugin identifies Moxa devices that are currently discontinued.
Moxa Lifecycle Statuses:
- Active: Product is currently available and supported.
- Discontinued: Product has been phased out and is no longer manufactured or supported.

Solution

Migrate to a product that is actively supported.

Read more at https://www.tenable.com/plugins/ot/505230

]]> https://www.tenable.com/plugins/ot/505229 https://www.tenable.com/plugins/ot/505229 Mon, 16 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505229 with Info Severity

Synopsis

Detection of active Moxa devices.

Description

The current plugin identifies Moxa devices that are still under active support.
Moxa Lifecycle Statuses:
- Active: Product is currently available and supported.
- Discontinued: Product has been phased out and is no longer manufactured or supported.

Solution

null

Read more at https://www.tenable.com/plugins/ot/505229

]]> https://www.tenable.com/plugins/ot/505228 https://www.tenable.com/plugins/ot/505228 Tue, 10 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505228 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. Product is only affected if IEC61850 functionality is configured.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/505228

]]> https://www.tenable.com/plugins/ot/505227 https://www.tenable.com/plugins/ot/505227 Tue, 10 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505227 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. Product is only affected if IEC61850 functionality is configured.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/505227

]]> https://www.tenable.com/plugins/ot/505226 https://www.tenable.com/plugins/ot/505226 Tue, 10 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505226 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505226

]]> https://www.tenable.com/plugins/ot/505225 https://www.tenable.com/plugins/ot/505225 Tue, 10 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505225 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505225

]]> https://www.tenable.com/plugins/ot/505224 https://www.tenable.com/plugins/ot/505224 Tue, 10 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505224 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505224

]]> https://www.tenable.com/plugins/ot/505223 https://www.tenable.com/plugins/ot/505223 Tue, 10 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505223 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505223

]]> https://www.tenable.com/plugins/ot/505222 https://www.tenable.com/plugins/ot/505222 Tue, 10 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505222 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505222

]]> https://www.tenable.com/plugins/ot/505221 https://www.tenable.com/plugins/ot/505221 Mon, 09 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505221 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build 20251216 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h5.2.8.3350 build 20251216 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505221

]]> https://www.tenable.com/plugins/ot/505220 https://www.tenable.com/plugins/ot/505220 Mon, 09 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505220 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505220

]]> https://www.tenable.com/plugins/ot/505219 https://www.tenable.com/plugins/ot/505219 Mon, 09 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505219 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505219

]]> https://www.tenable.com/plugins/ot/505218 https://www.tenable.com/plugins/ot/505218 Mon, 09 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505218 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

ADAM-5550 is currently being phased out, and Advantech strongly recommends all ADAM-5550 users upgrade to ADAM-5630 firmware version 2.5.2 or higher.

Read more at https://www.tenable.com/plugins/ot/505218

]]> https://www.tenable.com/plugins/ot/505217 https://www.tenable.com/plugins/ot/505217 Mon, 09 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505217 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Advantech ADAM 5550's web application includes a 'logs' page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

ADAM-5550 is currently being phased out, and Advantech strongly recommends all ADAM-5550 users upgrade to ADAM-5630 firmware version 2.5.2 or higher.

Read more at https://www.tenable.com/plugins/ot/505217

]]> https://www.tenable.com/plugins/ot/505216 https://www.tenable.com/plugins/ot/505216 Mon, 09 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505216 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device automatically, without discrimination of origin or level of privileges of the user sending the commands.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505216

]]> https://www.tenable.com/plugins/ot/505215 https://www.tenable.com/plugins/ot/505215 Mon, 09 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505215 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Advantech recommends users upgrade their ADAM-5630 devices to version 2.5.2.

Read more at https://www.tenable.com/plugins/ot/505215

]]> https://www.tenable.com/plugins/ot/505214 https://www.tenable.com/plugins/ot/505214 Mon, 09 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505214 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Advantech recommends users upgrade their ADAM-5630 devices to version 2.5.2.

Read more at https://www.tenable.com/plugins/ot/505214

]]> https://www.tenable.com/plugins/ot/505213 https://www.tenable.com/plugins/ot/505213 Mon, 09 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505213 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Advantech recommends users upgrade their ADAM-5630 devices to version 2.5.2.

Read more at https://www.tenable.com/plugins/ot/505213

]]> https://www.tenable.com/plugins/ot/505212 https://www.tenable.com/plugins/ot/505212 Fri, 06 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505212 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505212

]]> https://www.tenable.com/plugins/ot/505211 https://www.tenable.com/plugins/ot/505211 Fri, 06 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505211 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505211

]]> https://www.tenable.com/plugins/ot/505210 https://www.tenable.com/plugins/ot/505210 Fri, 06 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505210 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505210

]]> https://www.tenable.com/plugins/ot/505209 https://www.tenable.com/plugins/ot/505209 Fri, 06 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505209 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505209

]]> https://www.tenable.com/plugins/ot/505208 https://www.tenable.com/plugins/ot/505208 Fri, 06 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505208 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505208

]]> https://www.tenable.com/plugins/ot/505207 https://www.tenable.com/plugins/ot/505207 Wed, 04 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505207 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/505207

]]> https://www.tenable.com/plugins/ot/505206 https://www.tenable.com/plugins/ot/505206 Wed, 04 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505206 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/505206

]]> https://www.tenable.com/plugins/ot/505205 https://www.tenable.com/plugins/ot/505205 Tue, 03 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505205 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505205

]]> https://www.tenable.com/plugins/ot/505204 https://www.tenable.com/plugins/ot/505204 Tue, 03 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505204 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC- EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC- ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC- ER521C network cameras with firmware before Ver.1.86.00 and SONY SNC- CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC- EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL network cameras with firmware before Ver.2.7.2 are prone to sensitive information disclosure. This may allow an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505204

]]> https://www.tenable.com/plugins/ot/505203 https://www.tenable.com/plugins/ot/505203 Mon, 02 Mar 2026 00:00:00 GMT Tenable OT Security Plugin ID 505203 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the contents of directories that the role is not authorized to do so.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/505203

]]> https://www.tenable.com/plugins/ot/505202 https://www.tenable.com/plugins/ot/505202 Fri, 27 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505202 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/505202

]]> https://www.tenable.com/plugins/ot/505201 https://www.tenable.com/plugins/ot/505201 Tue, 24 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505201 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505201

]]> https://www.tenable.com/plugins/ot/505200 https://www.tenable.com/plugins/ot/505200 Tue, 24 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505200 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505200

]]> https://www.tenable.com/plugins/ot/505199 https://www.tenable.com/plugins/ot/505199 Tue, 24 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505199 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505199

]]> https://www.tenable.com/plugins/ot/505198 https://www.tenable.com/plugins/ot/505198 Tue, 24 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505198 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505198

]]> https://www.tenable.com/plugins/ot/505197 https://www.tenable.com/plugins/ot/505197 Tue, 24 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505197 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505197

]]> https://www.tenable.com/plugins/ot/505196 https://www.tenable.com/plugins/ot/505196 Thu, 19 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505196 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript code in the web management interface. A successful exploit could allow the attacker to insert malicious JavaScript code. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505196

]]> https://www.tenable.com/plugins/ot/505195 https://www.tenable.com/plugins/ot/505195 Thu, 19 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505195 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16.
Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 can resolve this issue. Upgrading the affected component is advised. The vendor points out: FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505195

]]> https://www.tenable.com/plugins/ot/505194 https://www.tenable.com/plugins/ot/505194 Thu, 19 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505194 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files located outside of the server's restricted path.
NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505194

]]> https://www.tenable.com/plugins/ot/505193 https://www.tenable.com/plugins/ot/505193 Thu, 19 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505193 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords. NOTE:
The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505193

]]> https://www.tenable.com/plugins/ot/505192 https://www.tenable.com/plugins/ot/505192 Thu, 19 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505192 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown function of the file /tools/test_login.php?action=register of the component User Registration. Executing manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. Upgrading to version 1.49.16 is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor points out: FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505192

]]> https://www.tenable.com/plugins/ot/505191 https://www.tenable.com/plugins/ot/505191 Thu, 19 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505191 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16.
This impacts the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 will fix this issue. It is suggested to upgrade the affected component. The vendor points out: FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505191

]]> https://www.tenable.com/plugins/ot/505190 https://www.tenable.com/plugins/ot/505190 Thu, 19 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505190 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505190

]]> https://www.tenable.com/plugins/ot/505189 https://www.tenable.com/plugins/ot/505189 Thu, 19 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505189 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction.
This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505189

]]> https://www.tenable.com/plugins/ot/505188 https://www.tenable.com/plugins/ot/505188 Thu, 19 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505188 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16.
This issue affects some unknown processing of the file /prod.php.
Executing manipulation of the argument cmd can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.49.16 is capable of addressing this issue. It is recommended to upgrade the affected component. The vendor points out: FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505188

]]> https://www.tenable.com/plugins/ot/505187 https://www.tenable.com/plugins/ot/505187 Thu, 19 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505187 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the root privileges.
NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505187

]]> https://www.tenable.com/plugins/ot/505186 https://www.tenable.com/plugins/ot/505186 Thu, 19 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505186 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505186

]]> https://www.tenable.com/plugins/ot/505185 https://www.tenable.com/plugins/ot/505185 Thu, 19 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505185 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. Upgrading to version 1.49.16 is able to resolve this issue. Upgrading the affected component is recommended. The vendor points out: FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505185

]]> https://www.tenable.com/plugins/ot/505184 https://www.tenable.com/plugins/ot/505184 Thu, 19 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505184 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations.
Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and password combinations.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505184

]]> https://www.tenable.com/plugins/ot/505183 https://www.tenable.com/plugins/ot/505183 Thu, 19 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505183 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality of the file /upload.php. Performing manipulation of the argument File results in unrestricted upload. It is possible to initiate the attack remotely.
The exploit is now public and may be used. Upgrading to version 1.49.16 addresses this issue. Upgrading the affected component is recommended. The vendor points out: FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505183

]]> https://www.tenable.com/plugins/ot/505182 https://www.tenable.com/plugins/ot/505182 Tue, 17 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505182 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505182

]]> https://www.tenable.com/plugins/ot/505181 https://www.tenable.com/plugins/ot/505181 Tue, 17 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505181 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505181

]]> https://www.tenable.com/plugins/ot/505180 https://www.tenable.com/plugins/ot/505180 Tue, 17 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505180 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505180

]]> https://www.tenable.com/plugins/ot/505179 https://www.tenable.com/plugins/ot/505179 Tue, 17 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505179 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505179

]]> https://www.tenable.com/plugins/ot/505178 https://www.tenable.com/plugins/ot/505178 Tue, 17 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505178 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability.
Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505178

]]> https://www.tenable.com/plugins/ot/505177 https://www.tenable.com/plugins/ot/505177 Tue, 17 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505177 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505177

]]> https://www.tenable.com/plugins/ot/505176 https://www.tenable.com/plugins/ot/505176 Tue, 17 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505176 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505176

]]> https://www.tenable.com/plugins/ot/505175 https://www.tenable.com/plugins/ot/505175 Tue, 17 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505175 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505175

]]> https://www.tenable.com/plugins/ot/505174 https://www.tenable.com/plugins/ot/505174 Tue, 17 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505174 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505174

]]> https://www.tenable.com/plugins/ot/505173 https://www.tenable.com/plugins/ot/505173 Tue, 17 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505173 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505173

]]> https://www.tenable.com/plugins/ot/505172 https://www.tenable.com/plugins/ot/505172 Tue, 17 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505172 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 allows remote attackers to cause a denial of service (networking outage) via crafted packet data.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505172

]]> https://www.tenable.com/plugins/ot/505171 https://www.tenable.com/plugins/ot/505171 Tue, 17 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505171 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505171

]]> https://www.tenable.com/plugins/ot/505170 https://www.tenable.com/plugins/ot/505170 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505170 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: fix refcount leak on table dump There is a reference count leak in ctnetlink_dump_table(): if (res < 0) { nf_conntrack_get(&ct->ct_general); // HERE cb->args[1] = (unsigned long)ct; ... While its very unlikely, its possible that ct == last. If this happens, then the refcount of ct was already incremented. This 2nd increment is never undone. This prevents the conntrack object from being released, which in turn keeps prevents cnet->count from dropping back to 0. This will then block the netns dismantle (or conntrack rmmod) as nf_conntrack_cleanup_net_list() will wait forever. This can be reproduced by running conntrack_resize.sh selftest in a loop. It takes ~20 minutes for me on a preemptible kernel on average before I see a runaway kworker spinning in nf_conntrack_cleanup_net_list.
One fix would to change this to: if (res < 0) { if (ct != last) nf_conntrack_get(&ct->ct_general); But this reference counting isn't needed in the first place. We can just store a cookie value instead. A followup patch will do the same for ctnetlink_exp_dump_table, it looks to me as if this has the same problem and like ctnetlink_dump_table, we only need a 'skip hint', not the actual object so we can apply the same cookie strategy there as well.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505170

]]> https://www.tenable.com/plugins/ot/505169 https://www.tenable.com/plugins/ot/505169 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505169 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succeeding until we actually lock the page group. The reason is that whoever called nfs_inode_remove_request() doesn't necessarily have a lock on the page group head. So in order to avoid races, let's take the page group lock earlier in nfs_lock_and_join_requests(), and hold it across the removal of the request in nfs_inode_remove_request().

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505169

]]> https://www.tenable.com/plugins/ot/505168 https://www.tenable.com/plugins/ot/505168 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505168 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
fs: writeback: fix use-after-free in __mark_inode_dirty() An use- after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID:
562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1 ......
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc :
__mark_inode_dirty+0x124/0x418 lr : __mark_inode_dirty+0x118/0x418 sp : ffffffc08c9dbbc0 ........ Call trace:
__mark_inode_dirty+0x124/0x418 generic_update_time+0x4c/0x60 file_modified+0xcc/0xd0 ext4_buffered_write_iter+0x58/0x124 ext4_file_write_iter+0x54/0x704 vfs_write+0x1c0/0x308 ksys_write+0x74/0x10c __arm64_sys_write+0x1c/0x28 invoke_syscall+0x48/0x114 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x40/0xe4 el0t_64_sync_handler+0x120/0x12c el0t_64_sync+0x194/0x198 Root cause is: systemd-random-seed kworker
----------------------------------------------------------------------
___mark_inode_dirty inode_switch_wbs_work_fn spin_lock(&inode->i_lock); inode_attach_wb locked_inode_to_wb_and_lock_list get inode->i_wb spin_unlock(&inode->i_lock); spin_lock(&wb->list_lock) spin_lock(&inode->i_lock) inode_io_list_move_locked spin_unlock(&wb->list_lock) spin_unlock(&inode->i_lock) spin_lock(&old_wb->list_lock) inode_do_switch_wbs spin_lock(&inode->i_lock) inode->i_wb = new_wb spin_unlock(&inode->i_lock) spin_unlock(&old_wb->list_lock) wb_put_many(old_wb, nr_switched) cgwb_release old wb released wb_wakeup_delayed() accesses wb, then trigger the use-after-free issue Fix this race condition by holding inode spinlock until wb_wakeup_delayed() finished.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505168

]]> https://www.tenable.com/plugins/ot/505167 https://www.tenable.com/plugins/ot/505167 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505167 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
net: bridge: fix soft lockup in br_multicast_query_expired() When set multicast_query_interval to a large value, the local variable 'time' in br_multicast_send_query() may overflow. If the time is smaller than jiffies, the timer will expire immediately, and then call mod_timer() again, which creates a loop and may trigger the following soft lockup issue. watchdog: BUG: soft lockup - CPU#1 stuck for 221s! [rb_consumer:66] CPU: 1 UID: 0 PID: 66 Comm:
rb_consumer Not tainted 6.16.0+ #259 PREEMPT(none) Call Trace:
__netdev_alloc_skb+0x2e/0x3a0 br_ip6_multicast_alloc_query+0x212/0x1b70
__br_multicast_send_query+0x376/0xac0 br_multicast_send_query+0x299/0x510 br_multicast_query_expired.constprop.0+0x16d/0x1b0 call_timer_fn+0x3b/0x2a0 __run_timers+0x619/0x950 run_timer_softirq+0x11c/0x220 handle_softirqs+0x18e/0x560
__irq_exit_rcu+0x158/0x1a0 sysvec_apic_timer_interrupt+0x76/0x90 This issue can be reproduced with: ip link add br0 type bridge echo 1 > /sys/class/net/br0/bridge/multicast_querier echo 0xffffffffffffffff > /sys/class/net/br0/bridge/multicast_query_interval ip link set dev br0 up The multicast_startup_query_interval can also cause this issue. Similar to the commit 99b40610956a (net: bridge: mcast: add and enforce query interval minimum), add check for the query interval maximum to fix this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505167

]]> https://www.tenable.com/plugins/ot/505166 https://www.tenable.com/plugins/ot/505166 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505166 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
drbd: add missing kref_get in handle_write_conflicts With `two- primaries` enabled, DRBD tries to detect concurrent writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they end up with the identical data once the writes are completed. In handling superseeded writes, we forgot a kref_get, resulting in a premature drbd_destroy_device and use after free, and further to kernel crashes with symptoms.
Relevance: No one should use DRBD as a random data generator, and apparently all users of two-primaries handle concurrent writes correctly on layer up. That is cluster file systems use some distributed lock manager, and live migration in virtualization environments stops writes on one node before starting writes on the other node. Which means that other than for test cases, this code path is never taken in real life. FYI, in DRBD 9, things are handled differently nowadays. We still detect write conflicts, but no longer try to be smart about them. We decided to disconnect hard instead: upper layers must not submit concurrent writes. If they do, that's their fault.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505166

]]> https://www.tenable.com/plugins/ot/505165 https://www.tenable.com/plugins/ot/505165 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505165 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
netlink: avoid infinite retry looping in netlink_unicast() netlink_attachskb() checks for the socket's read memory allocation constraints. Firstly, it has: rmem < READ_ONCE(sk->sk_rcvbuf) to check if the just increased rmem value fits into the socket's receive buffer. If not, it proceeds and tries to wait for the memory under: rmem + skb->truesize > READ_ONCE(sk->sk_rcvbuf) The checks don't cover the case when skb->truesize + sk->sk_rmem_alloc is equal to sk->sk_rcvbuf. Thus the function neither successfully accepts these conditions, nor manages to reschedule the task - and is called in retry loop for indefinite time which is caught as: rcu: INFO:
rcu_sched self-detected stall on CPU rcu: 0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212 (t=26000 jiffies g=230833 q=259957) NMI backtrace for cpu 0 CPU:
0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68 Hardware name:
QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014 Call Trace: dump_stack lib/dump_stack.c:120 nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62 rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335 rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590 update_process_times kernel/time/timer.c:1953 tick_sched_handle kernel/time/tick-sched.c:227 tick_sched_timer kernel/time/tick- sched.c:1399 __hrtimer_run_queues kernel/time/hrtimer.c:1652 hrtimer_interrupt kernel/time/hrtimer.c:1717
__sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113 asm_call_irq_on_stack arch/x86/entry/entry_64.S:808 netlink_attachskb net/netlink/af_netlink.c:1234 netlink_unicast net/netlink/af_netlink.c:1349 kauditd_send_queue kernel/audit.c:776 kauditd_thread kernel/audit.c:897 kthread kernel/kthread.c:328 ret_from_fork arch/x86/entry/entry_64.S:304 Restore the original behavior of the check which commit in Fixes accidentally missed when restructuring the code. Found by Linux Verification Center (linuxtesting.org).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505165

]]> https://www.tenable.com/plugins/ot/505164 https://www.tenable.com/plugins/ot/505164 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505164 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL flag set but was missing the system.data extended attribute. Since this can happen due to a maiciouly fuzzed file system, we shouldn't BUG, but rather, report it as a corrupted file system. Add similar replacements of BUG_ON with EXT4_ERROR_INODE() ii ext4_create_inline_data() and ext4_inline_data_truncate().

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505164

]]> https://www.tenable.com/plugins/ot/505163 https://www.tenable.com/plugins/ot/505163 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505163 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: mdt_loader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients.
Validate the size of the firmware buffer to ensure that we don't read past the end as we iterate over the header. e_phentsize and e_shentsize are validated as well, to ensure that the assumptions about step size in the traversal are valid.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505163

]]> https://www.tenable.com/plugins/ot/505162 https://www.tenable.com/plugins/ot/505162 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505162 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function ext_tree_prepare_commit() reallocates a larger buffer to retry encoding extents, the layoutupdate_pages page array is initialized only after the retry loop. But ext_tree_free_commitdata() is called on every iteration and tries to put pages in the array, thus dereferencing uninitialized pointers. An additional problem is that there is no limit on the maximum possible buffer_size. When there are too many extents, the client may create a layoutcommit that is larger than the maximum possible RPC size accepted by the server.
During testing, we observed two typical scenarios. First, one memory page for extents is enough when we work with small files, append data to the end of the file, or preallocate extents before writing. But when we fill a new large file without preallocating, the number of extents can be huge, and counting the number of written extents in ext_tree_encode_commit() does not help much. Since this number increases even more between unlocking and locking of ext_tree, the reallocated buffer may not be large enough again and again.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505162

]]> https://www.tenable.com/plugins/ot/505161 https://www.tenable.com/plugins/ot/505161 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505161 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
block: avoid possible overflow for chunk_sectors check in blk_stack_limits() In blk_stack_limits(), we check that the t->chunk_sectors value is a multiple of the t->physical_block_size value. However, by finding the chunk_sectors value in bytes, we may overflow the unsigned int which holds chunk_sectors, so change the check to be based on sectors.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505161

]]> https://www.tenable.com/plugins/ot/505160 https://www.tenable.com/plugins/ot/505160 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505160 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
fbdev: Fix vmalloc out-of-bounds write in fast_imageblit This issue triggers when a userspace program does an ioctl FBIOPUT_CON2FBMAP by passing console number and frame buffer number. Ideally this maps console to frame buffer and updates the screen if console is visible.
As part of mapping it has to do resize of console according to frame buffer info. if this resize fails and returns from vc_do_resize() and continues further. At this point console and new frame buffer are mapped and sets display vars. Despite failure still it continue to proceed updating the screen at later stages where vc_data is related to previous frame buffer and frame buffer info and display vars are mapped to new frame buffer and eventully leading to out-of-bounds write in fast_imageblit(). This bheviour is excepted only when fg_console is equal to requested console which is a visible console and updates screen with invalid struct references in fbcon_putcs().

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505160

]]> https://www.tenable.com/plugins/ot/505159 https://www.tenable.com/plugins/ot/505159 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505159 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
ftrace: Also allocate and copy hash for reading of filter files Currently the reader of set_ftrace_filter and set_ftrace_notrace just adds the pointer to the global tracer hash to its iterator. Unlike the writer that allocates a copy of the hash, the reader keeps the pointer to the filter hashes. This is problematic because this pointer is static across function calls that release the locks that can update the global tracer hashes. This can cause UAF and similar bugs. Allocate and copy the hash for reading the filter files like it is done for the writers. This not only fixes UAF bugs, but also makes the code a bit simpler as it doesn't have to differentiate when to free the iterator's hash between writers and readers.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505159

]]> https://www.tenable.com/plugins/ot/505158 https://www.tenable.com/plugins/ot/505158 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505158 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM could race with a confirmed client expiring and fail to get a reference. That could later lead to a UAF. Fix this by getting a reference early in the case where there is an extant confirmed client. If that fails then treat it as if there were no confirmed client found at all. In the case where the unconfirmed client is expiring, just fail and return the result from get_client_locked().

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505158

]]> https://www.tenable.com/plugins/ot/505157 https://www.tenable.com/plugins/ot/505157 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505157 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links.
Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some recursion depth checks, but those recursion depth checks don't limit the depth of the resulting tree for two reasons:
- They don't look upwards in the tree. - If there are multiple downwards paths of different lengths, only one of the paths is actually considered for the depth check since commit 28d82dc1c4ed (epoll: limit paths). Essentially, the current recursion depth check in ep_loop_check_proc() just serves to prevent it from recursing too deeply while checking for loops. A more thorough check is done in reverse_path_check() after the new graph edge has already been created; this checks, among other things, that no paths going upwards from any non-epoll file with a length of more than 5 edges exist. However, this check does not apply to non-epoll files.
As a result, it is possible to recurse to a depth of at least roughly 500, tested on v6.15. (I am unsure if deeper recursion is possible;
and this may have changed with commit 8c44dac8add7 (eventpoll: Fix priority inversion problem).) To fix it: 1. In ep_loop_check_proc(), note the subtree depth of each visited node, and use subtree depths for the total depth calculation even when a subtree has already been visited. 2. Add ep_get_upwards_depth_proc() for similarly determining the maximum depth of an upwards walk. 3.
In ep_loop_check(), use these values to limit the total path length between epoll nodes to EP_MAX_NESTS edges.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505157

]]> https://www.tenable.com/plugins/ot/505156 https://www.tenable.com/plugins/ot/505156 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505156 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM When performing Generic Segmentation Offload (GSO) on an IPv6 packet that contains extension headers, the kernel incorrectly requests checksum offload if the egress device only advertises NETIF_F_IPV6_CSUM feature, which has a strict contract: it supports checksum offload only for plain TCP or UDP over IPv6 and explicitly does not support packets with extension headers. The current GSO logic violates this contract by failing to disable the feature for packets with extension headers, such as those used in GREoIPv6 tunnels. This violation results in the device being asked to perform an operation it cannot support, leading to a `skb_warn_bad_offload` warning and a collapse of network throughput.
While device TSO/USO is correctly bypassed in favor of software GSO for these packets, the GSO stack must be explicitly told not to request checksum offload. Mask NETIF_F_IPV6_CSUM, NETIF_F_TSO6 and NETIF_F_GSO_UDP_L4 in gso_features_check if the IPv6 header contains extension headers to compute checksum in software. The exception is a BIG TCP extension, which, as stated in commit 68e068cabd2c6c53 (net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets): The feature is only enabled on devices that support BIG TCP TSO. The header is only present for PF_PACKET taps like tcpdump, and not transmitted by physical devices. kernel log output (truncated):
WARNING: CPU: 1 PID: 5273 at net/core/dev.c:3535 skb_warn_bad_offload+0x81/0x140 ... Call Trace: skb_checksum_help+0x12a/0x1f0 validate_xmit_skb+0x1a3/0x2d0 validate_xmit_skb_list+0x4f/0x80 sch_direct_xmit+0x1a2/0x380
__dev_xmit_skb+0x242/0x670 __dev_queue_xmit+0x3fc/0x7f0 ip6_finish_output2+0x25e/0x5d0 ip6_finish_output+0x1fc/0x3f0 ip6_tnl_xmit+0x608/0xc00 [ip6_tunnel] ip6gre_tunnel_xmit+0x1c0/0x390 [ip6_gre] dev_hard_start_xmit+0x63/0x1c0
__dev_queue_xmit+0x6d0/0x7f0 ip6_finish_output2+0x214/0x5d0 ip6_finish_output+0x1fc/0x3f0 ip6_xmit+0x2ca/0x6f0 ip6_finish_output+0x1fc/0x3f0 ip6_xmit+0x2ca/0x6f0 inet6_csk_xmit+0xeb/0x150 __tcp_transmit_skb+0x555/0xa80 tcp_write_xmit+0x32a/0xe90 tcp_sendmsg_locked+0x437/0x1110 tcp_sendmsg+0x2f/0x50 ... skb linear: 00000000: e4 3d 1a 7d ec 30 e4 3d 1a 7e 5d 90 86 dd 60 0e skb linear: 00000010: 00 0a 1b 34 3c 40 20 11 00 00 00 00 00 00 00 00 skb linear: 00000020: 00 00 00 00 00 12 20 11 00 00 00 00 00 00 00 00 skb linear: 00000030: 00 00 00 00 00 11 2f 00 04 01 04 01 01 00 00 00 skb linear: 00000040: 86 dd 60 0e 00 0a 1b 00 06 40 20 23 00 00 00 00 skb linear: 00000050: 00 00 00 00 00 00 00 00 00 12 20 23 00 00 00 00 skb linear: 00000060:
00 00 00 00 00 00 00 00 00 11 bf 96 14 51 13 f9 skb linear:
00000070: ae 27 a0 a8 2b e3 80 18 00 40 5b 6f 00 00 01 01 skb linear:
00000080: 08 0a 42 d4 50 d5 4b 70 f8 1a

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505156

]]> https://www.tenable.com/plugins/ot/505155 https://www.tenable.com/plugins/ot/505155 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505155 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1.
Unregistration creates NULL gaps in registered_fb[] 2. All array slots become occupied despite num_registered_fb < FB_MAX 3. The registration loop exceeds array bounds Add boundary check to prevent registered_fb[FB_MAX] access.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505155

]]> https://www.tenable.com/plugins/ot/505154 https://www.tenable.com/plugins/ot/505154 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505154 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered: BUG:
KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0 Read of size 1 at addr ffff0000d00bd5ba by task ash/165 CPU: 1 UID: 0 PID: 165 Comm:
ash Not tainted 6.16.0-g6bcdbd62bd56-dirty Hardware name:
linux,dummy-virt (DT) Call trace: show_stack+0x34/0x50 (C) dump_stack_lvl+0xa0/0x158 print_address_description.constprop.0+0x88/0x398 print_report+0xb0/0x280 kasan_report+0xa4/0xf0
__asan_report_load1_noabort+0x20/0x30 strsep+0x18c/0x1b0 ftrace_process_regex.isra.0+0x100/0x2d8 ftrace_regex_release+0x484/0x618 __fput+0x364/0xa58
____fput+0x28/0x40 task_work_run+0x154/0x278 do_notify_resume+0x1f0/0x220 el0_svc+0xec/0xf0 el0t_64_sync_handler+0xa0/0xe8 el0t_64_sync+0x1ac/0x1b0 The reason is that trace_get_user will fail when processing a string longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0. Then an OOB access will be triggered in ftrace_regex_release-> ftrace_process_regex->strsep->strpbrk. We can solve this problem by limiting access to parser->buffer when trace_get_user failed.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505154

]]> https://www.tenable.com/plugins/ot/505153 https://www.tenable.com/plugins/ot/505153 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505153 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross into a new filesystem. They need to be reset to the minimal defaults, and then probed for again.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505153

]]> https://www.tenable.com/plugins/ot/505152 https://www.tenable.com/plugins/ot/505152 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505152 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
fs: Prevent file descriptor table allocations exceeding INT_MAX When sysctl_nr_open is set to a very high value (for example, 1073741816 as set by systemd), processes attempting to use file descriptors near the limit can trigger massive memory allocation attempts that exceed INT_MAX, resulting in a WARNING in mm/slub.c:
WARNING: CPU: 0 PID: 44 at mm/slub.c:5027
__kvmalloc_node_noprof+0x21a/0x288 This happens because kvmalloc_array() and kvmalloc() check if the requested size exceeds INT_MAX and emit a warning when the allocation is not flagged with
__GFP_NOWARN. Specifically, when nr_open is set to 1073741816 (0x3ffffff8) and a process calls dup2(oldfd, 1073741880), the kernel attempts to allocate: - File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes - Multiple bitmaps: ~400MB - Total allocation size: > 8GB (exceeding INT_MAX = 2,147,483,647) Reproducer: 1. Set /proc/sys/fs/nr_open to 1073741816: # echo 1073741816 > /proc/sys/fs/nr_open 2. Run a program that uses a high file descriptor: #include #include int main() { struct rlimit rlim = {1073741824, 1073741824};
setrlimit(RLIMIT_NOFILE, &rlim); dup2(2, 1073741880); // Triggers the warning return 0; } 3. Observe WARNING in dmesg at mm/slub.c:5027 systemd commit a8b627a introduced automatic bumping of fs.nr_open to the maximum possible value. The rationale was that systems with memory control groups (memcg) no longer need separate file descriptor limits since memory is properly accounted.
However, this change overlooked that: 1. The kernel's allocation functions still enforce INT_MAX as a maximum size regardless of memcg accounting 2. Programs and tests that legitimately test file descriptor limits can inadvertently trigger massive allocations 3. The resulting allocations (>8GB) are impractical and will always fail systemd's algorithm starts with INT_MAX and keeps halving the value until the kernel accepts it. On most systems, this results in nr_open being set to 1073741816 (0x3ffffff8), which is just under 1GB of file descriptors. While processes rarely use file descriptors near this limit in normal operation, certain selftests (like tools/testing/selftests/core/unshare_test.c) and programs that test file descriptor limits can trigger this issue. Fix this by adding a check in alloc_fdtable() to ensure the requested allocation size does not exceed INT_MAX. This causes the operation to fail with
-EMFILE instead of triggering a kernel warning and avoids the impractical >8GB memory allocation request.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505152

]]> https://www.tenable.com/plugins/ot/505151 https://www.tenable.com/plugins/ot/505151 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505151 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
serial: 8250: fix panic due to PSLVERR When the PSLVERR_RESP_EN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR (Receive Buffer Register) while the FIFO is enabled. In serial8250_do_startup(), calling serial_port_out(port, UART_LCR, UART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes dw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter function enables the FIFO via serial_out(p, UART_FCR, p->fcr). Execution proceeds to the serial_port_in(port, UART_RX). This satisfies the PSLVERR trigger condition. When another CPU (e.g., using printk()) is accessing the UART (UART is busy), the current CPU fails the check (value & ~UART_LCR_SPAR) == (lcr & ~UART_LCR_SPAR) in dw8250_check_lcr(), causing it to enter dw8250_force_idle(). Put serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under the port->lock to fix this issue.
Panic backtrace: [ 0.442336] Oops - unknown exception [#1] [ 0.442343] epc : dw8250_serial_in32+0x1e/0x4a [ 0.442351] ra :
serial8250_do_startup+0x2c8/0x88e ... [ 0.442416] console_on_rootfs+0x26/0x70

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505151

]]> https://www.tenable.com/plugins/ot/505150 https://www.tenable.com/plugins/ot/505150 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505150 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle. There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encode_fh() fails.
Relax those assertions because they are wrong. The second linked bug report states commit 16aac5ad1fa9 (ovl: support encoding non- decodable file handles) in v6.6 as the regressing commit, but this is not accurate. The aforementioned commit only increases the chances of the assertion and allows triggering the assertion with the reproducer using overlayfs, inotify and drop_caches. Triggering this assertion was always possible with other filesystems and other reasons of ->encode_fh() failures and more particularly, it was also possible with the exact same reproducer using overlayfs that is mounted with options index=on,nfs_export=on also on kernels < v6.6.
Therefore, I am not listing the aforementioned commit as a Fixes commit. Backport hint: this patch will have a trivial conflict applying to v6.6.y, and other trivial conflicts applying to stable kernels < v6.6.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505150

]]> https://www.tenable.com/plugins/ot/505149 https://www.tenable.com/plugins/ot/505149 Mon, 16 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505149 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Fix configfs group list head handling Doing a list_del() on the epf_group field of struct pci_epf_driver in pci_epf_remove_cfs() is not correct as this field is a list head, not a list entry. This list_del() call triggers a KASAN warning when an endpoint function driver which has a configfs attribute group is torn down:
================================================================== BUG: KASAN: slab-use-after-free in pci_epf_remove_cfs+0x17c/0x198 Write of size 8 at addr ffff00010f4a0d80 by task rmmod/319 CPU: 3 UID: 0 PID: 319 Comm: rmmod Not tainted 6.16.0-rc2 #1 NONE Hardware name: Radxa ROCK 5B (DT) Call trace: show_stack+0x2c/0x84 (C) dump_stack_lvl+0x70/0x98 print_report+0x17c/0x538 kasan_report+0xb8/0x190 __asan_report_store8_noabort+0x20/0x2c pci_epf_remove_cfs+0x17c/0x198 pci_epf_unregister_driver+0x18/0x30 nvmet_pci_epf_cleanup_module+0x24/0x30 [nvmet_pci_epf]
__arm64_sys_delete_module+0x264/0x424 invoke_syscall+0x70/0x260 el0_svc_common.constprop.0+0xac/0x230 do_el0_svc+0x40/0x58 el0_svc+0x48/0xdc el0t_64_sync_handler+0x10c/0x138 el0t_64_sync+0x198/0x19c ... Remove this incorrect list_del() call from pci_epf_remove_cfs().

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505149

]]> https://www.tenable.com/plugins/ot/505148 https://www.tenable.com/plugins/ot/505148 Fri, 13 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505148 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function.
Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505148

]]> https://www.tenable.com/plugins/ot/505147 https://www.tenable.com/plugins/ot/505147 Fri, 13 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505147 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low- level OCB encrypt and decrypt routines in the hardware- accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505147

]]> https://www.tenable.com/plugins/ot/505146 https://www.tenable.com/plugins/ot/505146 Fri, 13 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505146 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505146

]]> https://www.tenable.com/plugins/ot/505145 https://www.tenable.com/plugins/ot/505145 Fri, 13 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505145 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out- of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line- buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505145

]]> https://www.tenable.com/plugins/ot/505144 https://www.tenable.com/plugins/ot/505144 Fri, 13 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505144 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc().
For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker- controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.
OpenSSL 1.0.2 is not affected by this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505144

]]> https://www.tenable.com/plugins/ot/505143 https://www.tenable.com/plugins/ot/505143 Fri, 13 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505143 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition.
For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505143

]]> https://www.tenable.com/plugins/ot/505142 https://www.tenable.com/plugins/ot/505142 Fri, 13 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505142 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file.
Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service.
For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505142

]]> https://www.tenable.com/plugins/ot/505141 https://www.tenable.com/plugins/ot/505141 Thu, 12 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505141 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505141

]]> https://www.tenable.com/plugins/ot/505140 https://www.tenable.com/plugins/ot/505140 Thu, 12 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505140 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505140

]]> https://www.tenable.com/plugins/ot/505139 https://www.tenable.com/plugins/ot/505139 Thu, 12 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505139 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505139

]]> https://www.tenable.com/plugins/ot/505138 https://www.tenable.com/plugins/ot/505138 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505138 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() syzbot reported the splat below without a repro. In the splat, a single thread calling bt_accept_dequeue() freed sk and touched it after that.
The root cause would be the racy l2cap_sock_cleanup_listen() call added by the cited commit. bt_accept_dequeue() is called under lock_sock() except for l2cap_sock_release(). Two threads could see the same socket during the list iteration in bt_accept_dequeue():
CPU1 CPU2 (close()) ----
---- sock_hold(sk) sock_hold(sk); lock_sock(sk) <-- block close() sock_put(sk) bt_accept_unlink(sk) sock_put(sk) <-- refcnt by bt_accept_enqueue() release_sock(sk) lock_sock(sk) sock_put(sk) bt_accept_unlink(sk) sock_put(sk) <-- last refcnt bt_accept_unlink(sk) <-- UAF Depending on the timing, the other thread could show up in the Freed by task part. Let's call l2cap_sock_cleanup_listen() under lock_sock() in l2cap_sock_release(). [0]: BUG: KASAN: slab-use- after-free in debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline] BUG: KASAN: slab-use- after-free in do_raw_spin_lock+0x26f/0x2b0 kernel/locking/spinlock_debug.c:115 Read of size 4 at addr ffff88803b7eb1c4 by task syz.5.3276/16995 CPU: 3 UID: 0 PID: 16995 Comm: syz.5.3276 Not tainted syzkaller #0 PREEMPT(full) Hardware name:
QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace:
__dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xcd/0x630 mm/kasan/report.c:482 kasan_report+0xe0/0x110 mm/kasan/report.c:595 debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline] do_raw_spin_lock+0x26f/0x2b0 kernel/locking/spinlock_debug.c:115 spin_lock_bh include/linux/spinlock.h:356 [inline] release_sock+0x21/0x220 net/core/sock.c:3746 bt_accept_dequeue+0x505/0x600 net/bluetooth/af_bluetooth.c:312 l2cap_sock_cleanup_listen+0x5c/0x2a0 net/bluetooth/l2cap_sock.c:1451 l2cap_sock_release+0x5c/0x210 net/bluetooth/l2cap_sock.c:1425
__sock_release+0xb3/0x270 net/socket.c:649 sock_close+0x1c/0x30 net/socket.c:1439 __fput+0x3ff/0xb70 fs/file_table.c:468 task_work_run+0x14d/0x240 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xeb/0x110 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry- common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry- common.h:210 [inline] do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f2accf8ebe9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP:
002b:00007ffdb6cb1378 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 RAX:
0000000000000000 RBX: 00000000000426fb RCX: 00007f2accf8ebe9 RDX:
0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 RBP:
00007f2acd1b7da0 R08: 0000000000000001 R09: 00000012b6cb166f R10:
0000001b30e20000 R11: 0000000000000246 R12: 00007f2acd1b609c R13:
00007f2acd1b6090 R14: ffffffffffffffff R15: 00007ffdb6cb1490 Allocated by task 5326: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:388 [inline]
__kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:405 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4365 [inline] __kmalloc_nopro ---truncated---

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505138

]]> https://www.tenable.com/plugins/ot/505137 https://www.tenable.com/plugins/ot/505137 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505137 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the context pointer under the lock. Concurrent paths (e.g., ABTS and the repost path) also inspect and release the same pointer under the lock, so the old order could lead to double- free/UAF. Note that the repost path already uses the correct pattern:
detach the pointer under the lock, then free it after dropping the lock. The deferred path should do the same.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505137

]]> https://www.tenable.com/plugins/ot/505136 https://www.tenable.com/plugins/ot/505136 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505136 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In
__iodyn_find_io_region(), pcmcia_make_resource() is assigned to res and used in pci_bus_alloc_resource(). There is a dereference of res in pci_bus_alloc_resource(), which could lead to a NULL pointer dereference on failure of pcmcia_make_resource(). Fix this bug by adding a check of res.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505136

]]> https://www.tenable.com/plugins/ot/505135 https://www.tenable.com/plugins/ot/505135 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505135 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

1. A cookie is set using the `secure` keyword for `https://target` 2.
curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.
The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505135

]]> https://www.tenable.com/plugins/ot/505134 https://www.tenable.com/plugins/ot/505134 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505134 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called buff, which is initialised with control_read(). However buff is conditionally initialised inside control_read(): if (err == size) { memcpy(data, buf, size); } If the condition of err == size is not met, then buff remains uninitialised. Once this happens the uninitialised buff is accessed and returned during ch9200_mdio_read(): return (buff[0] | buff[1] << 8); The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uinit-access of buff. To fix this we should check the return value of control_read() and return early on error.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505134

]]> https://www.tenable.com/plugins/ot/505133 https://www.tenable.com/plugins/ot/505133 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505133 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

There is an issue in CPython when using `bytes.decode(unicode_escape, error=ignore|replace)`. If you are not using the unicode_escape encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try- except catching the DecodeError.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505133

]]> https://www.tenable.com/plugins/ot/505132 https://www.tenable.com/plugins/ot/505132 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505132 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505132

]]> https://www.tenable.com/plugins/ot/505131 https://www.tenable.com/plugins/ot/505131 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505131 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505131

]]> https://www.tenable.com/plugins/ot/505130 https://www.tenable.com/plugins/ot/505130 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505130 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA lock and rmap locks are taken - which is too early, it allows racing VMA-locked page faults in our process and racing rmap walks from other processes to cause page tables to be shared again before we actually perform the split. Fix it by explicitly calling into the hugetlb unshare logic from __split_vma() in the same place where THP splitting also happens.
At that point, both the VMA and the rmap(s) are write-locked. An annoying detail is that we can now call into the helper hugetlb_unshare_pmds() from two different locking contexts: 1. from hugetlb_split(), holding: - mmap lock (exclusively) - VMA lock
- file rmap lock (exclusively) 2. hugetlb_unshare_all_pmds(), which I think is designed to be able to call us with only the mmap lock held (in shared mode), but currently only runs while holding mmap lock (exclusively) and VMA lock Backporting note: This commit fixes a racy protection that was introduced in commit b30c14cd6102 (hugetlb:
unshare some PMDs when splitting VMAs); that commit claimed to fix an issue introduced in 5.13, but it should actually also go all the way back. [jannh@google.com: v2]

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505130

]]> https://www.tenable.com/plugins/ot/505129 https://www.tenable.com/plugins/ot/505129 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505129 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505129

]]> https://www.tenable.com/plugins/ot/505128 https://www.tenable.com/plugins/ot/505128 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505128 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505128

]]> https://www.tenable.com/plugins/ot/505127 https://www.tenable.com/plugins/ot/505127 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505127 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE:
This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505127

]]> https://www.tenable.com/plugins/ot/505126 https://www.tenable.com/plugins/ot/505126 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505126 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount(2).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505126

]]> https://www.tenable.com/plugins/ot/505125 https://www.tenable.com/plugins/ot/505125 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505125 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505125

]]> https://www.tenable.com/plugins/ot/505124 https://www.tenable.com/plugins/ot/505124 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505124 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thus make an in-flight class passive via qlen_notify(). Most qdiscs do not expect such behaviour at this point in time and may re-activate the class eventually anyways which will lead to a use-after-free. The referenced fix commit attempted to fix this behavior for the HFSC case by moving the backlog accounting around, though this turned out to be incomplete since the parent's parent may run into the issue too. The following reproducer demonstrates this use-after-free: tc qdisc add dev lo root handle 1: drr tc filter add dev lo parent 1: basic classid 1:1 tc class add dev lo parent 1: classid 1:1 drr tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1 tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0 tc qdisc add dev lo parent 2:1 handle 3: netem tc qdisc add dev lo parent 3:1 handle 4: blackhole echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888 tc class delete dev lo classid 1:1 echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888 Since backlog accounting issues leading to a use-after-frees on stale class pointers is a recurring pattern at this point, this patch takes a different approach. Instead of trying to fix the accounting, the patch ensures that qdisc_tree_reduce_backlog always calls qlen_notify when the child qdisc is empty. This solves the problem because deletion of qdiscs always involves a call to qdisc_reset() and / or qdisc_purge_queue() which ultimately resets its qlen to 0 thus causing the following qdisc_tree_reduce_backlog() to report to the parent. Note that this may call qlen_notify on passive classes multiple times. This is not a problem after the recent patch series that made all the classful qdiscs qlen_notify() handlers idempotent.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505124

]]> https://www.tenable.com/plugins/ot/505123 https://www.tenable.com/plugins/ot/505123 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505123 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.. While remote key recovery over a network was not attempted by the reporter, timing measurements revealed a timing signal which may allow such an attack.
OpenSSL does not directly support certificates with SM2 keys in TLS, and so this CVE is not relevant in most TLS contexts. However, given that it is possible to add support for such certificates via a custom provider, coupled with the fact that in such a custom provider context the private key may be recoverable via remote timing measurements, we consider this to be a Moderate severity issue. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as SM2 is not an approved algorithm.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505123

]]> https://www.tenable.com/plugins/ot/505122 https://www.tenable.com/plugins/ot/505122 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505122 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Erlang/OTP is a set of libraries for the Erlang programming language.
Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505122

]]> https://www.tenable.com/plugins/ot/505121 https://www.tenable.com/plugins/ot/505121 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505121 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in which unrelated VMAs can afterwards be installed. If this happens in the middle of a concurrent gup_fast(), gup_fast() could end up walking the page tables of another process. While I don't see any way in which that immediately leads to kernel memory corruption, it is really weird and unexpected. Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(), just like we do in khugepaged when removing page tables for a THP collapse.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505121

]]> https://www.tenable.com/plugins/ot/505120 https://www.tenable.com/plugins/ot/505120 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505120 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Allows modifying some file metadata (e.g. last modified) with filter=dataor file permissions (chmod) with filter=tarof files outside the extraction directory. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractall()or TarFile.extract()using the filter=parameter with a value of dataor tar. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction- filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter=changed from no filtering to `data, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505120

]]> https://www.tenable.com/plugins/ot/505119 https://www.tenable.com/plugins/ot/505119 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505119 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractall()or TarFile.extract()using the filter=parameter with a value of dataor tar. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction- filter for more information. Note that for Python 3.14 or later the default value of filter=changed from no filtering to `data, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505119

]]> https://www.tenable.com/plugins/ot/505118 https://www.tenable.com/plugins/ot/505118 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505118 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix potential invalid access when MAC list is empty list_first_entry() never returns NULL - if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access when dereferenced. Fix this by using list_first_entry_or_null instead of list_first_entry.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505118

]]> https://www.tenable.com/plugins/ot/505117 https://www.tenable.com/plugins/ot/505117 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505117 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
batman-adv: fix OOB read/write in network-coding decode batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload headroom, and the source skb length is not verified, allowing an out-of-bounds read and a small out-of-bounds write. Validate that coded_len fits within the payload area of both destination and source sk_buffs before XORing.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505117

]]> https://www.tenable.com/plugins/ot/505116 https://www.tenable.com/plugins/ot/505116 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505116 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505116

]]> https://www.tenable.com/plugins/ot/505115 https://www.tenable.com/plugins/ot/505115 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505115 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505115

]]> https://www.tenable.com/plugins/ot/505114 https://www.tenable.com/plugins/ot/505114 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505114 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505114

]]> https://www.tenable.com/plugins/ot/505113 https://www.tenable.com/plugins/ot/505113 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505113 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error.
Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505113

]]> https://www.tenable.com/plugins/ot/505112 https://www.tenable.com/plugins/ot/505112 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505112 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
tee: fix NULL pointer dereference in tee_shm_put tee_shm_put have NULL pointer dereference: __optee_disable_shm_cache --> shm = reg_pair_to_ptr(...);//shm maybe return NULL tee_shm_free(shm); --> tee_shm_put(shm);//crash Add check in tee_shm_put to fix it. panic log: Unable to handle kernel paging request at virtual address 0000000000100cca Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000002049d07000 [0000000000100cca] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] SMP CPU: 2 PID: 14442 Comm:
systemd-sleep Tainted: P OE ------- ---- 6.6.0-39-generic #38 Source Version: 938b255f6cb8817c95b0dd5c8c2944acfce94b07 Hardware name:
greatwall GW-001Y1A-FTH, BIOS Great Wall BIOS V3.0 10/26/2022 pstate:
80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc :
tee_shm_put+0x24/0x188 lr : tee_shm_free+0x14/0x28 sp :
ffff001f98f9faf0 x29: ffff001f98f9faf0 x28: ffff0020df543cc0 x27:
0000000000000000 x26: ffff001f811344a0 x25: ffff8000818dac00 x24:
ffff800082d8d048 x23: ffff001f850fcd18 x22: 0000000000000001 x21:
ffff001f98f9fb88 x20: ffff001f83e76218 x19: ffff001f83e761e0 x18:
000000000000ffff x17: 303a30303a303030 x16: 0000000000000000 x15:
0000000000000003 x14: 0000000000000001 x13: 0000000000000000 x12:
0101010101010101 x11: 0000000000000001 x10: 0000000000000001 x9 :
ffff800080e08d0c x8 : ffff001f98f9fb88 x7 : 0000000000000000 x6 :
0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 :
0000000000000000 x2 : ffff001f83e761e0 x1 : 00000000ffff001f x0 :
0000000000100cca Call trace: tee_shm_put+0x24/0x188 tee_shm_free+0x14/0x28 __optee_disable_shm_cache+0xa8/0x108 optee_shutdown+0x28/0x38 platform_shutdown+0x28/0x40 device_shutdown+0x144/0x2b0 kernel_power_off+0x3c/0x80 hibernate+0x35c/0x388 state_store+0x64/0x80 kobj_attr_store+0x14/0x28 sysfs_kf_write+0x48/0x60 kernfs_fop_write_iter+0x128/0x1c0 vfs_write+0x270/0x370 ksys_write+0x6c/0x100
__arm64_sys_write+0x20/0x30 invoke_syscall+0x4c/0x120 el0_svc_common.constprop.0+0x44/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x24/0x88 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x14c/0x15

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505112

]]> https://www.tenable.com/plugins/ot/505111 https://www.tenable.com/plugins/ot/505111 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505111 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505111

]]> https://www.tenable.com/plugins/ot/505110 https://www.tenable.com/plugins/ot/505110 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505110 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: fix use-after-free in cmp_bss() Following bss_free() quirk introduced in commit 776b3580178f (cfg80211: track hidden SSID networks properly), adjust cfg80211_update_known_bss() to free the last beacon frame elements only if they're not shared via the corresponding 'hidden_beacon_bss' pointer.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505110

]]> https://www.tenable.com/plugins/ot/505109 https://www.tenable.com/plugins/ot/505109 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505109 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. When early termination occurs due to malicious ACPI table, Linux kernel terminates ACPI function and continues to boot process. While kernel terminates ACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak. Boot log of ACPI operand cache leak is as follows: >[ 0.585957] ACPI: Added _OSI(Module Device) >[ 0.587218] ACPI: Added
_OSI(Processor Device) >[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions) >[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device) >[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155) >[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88) >[ 0.597858] ACPI: Unable to start the ACPI Interpreter >[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281) >[ 0.601836] kmem_cache_destroy Acpi-Operand:
Slab cache still has objects >[ 0.603556] CPU: 0 PID: 1 Comm:
swapper/0 Not tainted 4.12.0-rc5 #26 >[ 0.605159] Hardware name:
innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006 >[ 0.609177] Call Trace: >[ 0.610063] ? dump_stack+0x5c/0x81 >[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0 >[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27 >[ 0.613906] ? acpi_os_delete_cache+0xa/0x10 >[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b >[ 0.619293] ? acpi_terminate+0xa/0x14 >[ 0.620394] ? acpi_init+0x2af/0x34f >[ 0.621616] ? __class_create+0x4c/0x80 >[ 0.623412] ? video_setup+0x7f/0x7f >[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27 >[ 0.625861] ? do_one_initcall+0x4e/0x1a0 >[ 0.627513] ? kernel_init_freeable+0x19e/0x21f >[ 0.628972] ? rest_init+0x80/0x80 >[ 0.630043] ? kernel_init+0xa/0x100 >[ 0.631084] ? ret_from_fork+0x25/0x30 >[ 0.633343] vgaarb: loaded >[ 0.635036] EDAC MC: Ver: 3.0.0 >[ 0.638601] PCI: Probing PCI hardware >[ 0.639833] PCI host bridge to bus 0000:00 >[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff] > ...
Continue to boot and log is omitted ... I analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_ delete() function miscalculated the top of the stack. acpi_ds_obj_stack_push() function uses walk_state->operand_index for start position of the top, but acpi_ds_obj_stack_pop_and_delete() function considers index 0 for it.
Therefore, this causes acpi operand memory leak. This cache leak causes a security threat because an old kernel (<= 4.9) shows memory locations of kernel functions in stack dump. Some malicious users could use this information to neutralize kernel ASLR. I made a patch to fix ACPI operand cache leak.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505109

]]> https://www.tenable.com/plugins/ot/505108 https://www.tenable.com/plugins/ot/505108 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505108 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

When using a TarFile.errorlevel = 0and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0in affected versions is that the member would still be extracted and not skipped.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505108

]]> https://www.tenable.com/plugins/ot/505107 https://www.tenable.com/plugins/ot/505107 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505107 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractall()or TarFile.extract()using the filter=parameter with a value of dataor tar. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction- filter for more information. Note that for Python 3.14 or later the default value of filter=changed from no filtering to `data, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505107

]]> https://www.tenable.com/plugins/ot/505106 https://www.tenable.com/plugins/ot/505106 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505106 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the *macidn* IDN backend. The conversion function then fills up the provided buffer exactly - but does not null terminate the string. This flaw can lead to stack contents accidently getting returned as part of the converted string.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505106

]]> https://www.tenable.com/plugins/ot/505105 https://www.tenable.com/plugins/ot/505105 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505105 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=data. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractall()or TarFile.extract()using the filter=parameter with a value of dataor tar. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction- filter for more information. Note that for Python 3.14 or later the default value of filter=changed from no filtering to `data, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505105

]]> https://www.tenable.com/plugins/ot/505104 https://www.tenable.com/plugins/ot/505104 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505104 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505104

]]> https://www.tenable.com/plugins/ot/505103 https://www.tenable.com/plugins/ot/505103 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505103 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The Load Configuration from Local PC functionality in the web interface of affected products contains a race condition vulnerability. This could allow an authenticated remote attacker to make the affected product load an attacker controlled configuration instead of the legitimate one. Successful exploitation requires that a legitimate administrator invokes the functionality and the attacker wins the race condition.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC316-8 (6GK5324-8TS00-2AC2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2), SCALANCE XC332 (6GK5332-0GA00-2AC2), SCALANCE XC416-8 (6GK5424-8TR00-2AC2), SCALANCE XC424-4 (6GK5428-4TR00-2AC2), SCALANCE XC432 (6GK5432-0GR00-2AC2), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XR302-32 (6GK5334-5TS00-2AR3), SCALANCE XR302-32 (6GK5334-5TS00-3AR3), SCALANCE XR302-32 (6GK5334-5TS00-4AR3), SCALANCE XR322-12 (6GK5334-3TS00-2AR3), SCALANCE XR322-12 (6GK5334-3TS00-3AR3), SCALANCE XR322-12 (6GK5334-3TS00-4AR3), SCALANCE XR326-8 (6GK5334-2TS00-2AR3), SCALANCE XR326-8 (6GK5334-2TS00-3AR3), SCALANCE XR326-8 (6GK5334-2TS00-4AR3), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3), SCALANCE XR502-32 (6GK5534-5TR00-2AR3), SCALANCE XR502-32 (6GK5534-5TR00-3AR3), SCALANCE XR502-32 (6GK5534-5TR00-4AR3), SCALANCE XR522-12 (6GK5534-3TR00-2AR3), SCALANCE XR522-12 (6GK5534-3TR00-3AR3), SCALANCE XR522-12 (6GK5534-3TR00-4AR3), SCALANCE XR526-8 (6GK5534-2TR00-2AR3), SCALANCE XR526-8 (6GK5534-2TR00-3AR3), SCALANCE XR526-8 (6GK5534-2TR00-4AR3), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3): Update to V3.2 or later version
- SCALANCE XCM332 (6GK5332-0GA01-2AC2): Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-693776 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/505103

]]> https://www.tenable.com/plugins/ot/505102 https://www.tenable.com/plugins/ot/505102 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505102 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505102

]]> https://www.tenable.com/plugins/ot/505101 https://www.tenable.com/plugins/ot/505101 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505101 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with [f]ixed for 2.46.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505101

]]> https://www.tenable.com/plugins/ot/505100 https://www.tenable.com/plugins/ot/505100 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505100 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505100

]]> https://www.tenable.com/plugins/ot/505099 https://www.tenable.com/plugins/ot/505099 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505099 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state.
This could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/505099

]]> https://www.tenable.com/plugins/ot/505098 https://www.tenable.com/plugins/ot/505098 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505098 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The Load Rollback functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with guest role to make the affected product roll back configuration changes made by privileged users.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC316-8 (6GK5324-8TS00-2AC2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2), SCALANCE XC332 (6GK5332-0GA00-2AC2), SCALANCE XC416-8 (6GK5424-8TR00-2AC2), SCALANCE XC424-4 (6GK5428-4TR00-2AC2), SCALANCE XC432 (6GK5432-0GR00-2AC2), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XR302-32 (6GK5334-5TS00-2AR3), SCALANCE XR302-32 (6GK5334-5TS00-3AR3), SCALANCE XR302-32 (6GK5334-5TS00-4AR3), SCALANCE XR322-12 (6GK5334-3TS00-2AR3), SCALANCE XR322-12 (6GK5334-3TS00-3AR3), SCALANCE XR322-12 (6GK5334-3TS00-4AR3), SCALANCE XR326-8 (6GK5334-2TS00-2AR3), SCALANCE XR326-8 (6GK5334-2TS00-3AR3), SCALANCE XR326-8 (6GK5334-2TS00-4AR3), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3), SCALANCE XR502-32 (6GK5534-5TR00-2AR3), SCALANCE XR502-32 (6GK5534-5TR00-3AR3), SCALANCE XR502-32 (6GK5534-5TR00-4AR3), SCALANCE XR522-12 (6GK5534-3TR00-2AR3), SCALANCE XR522-12 (6GK5534-3TR00-3AR3), SCALANCE XR522-12 (6GK5534-3TR00-4AR3), SCALANCE XR526-8 (6GK5534-2TR00-2AR3), SCALANCE XR526-8 (6GK5534-2TR00-3AR3), SCALANCE XR526-8 (6GK5534-2TR00-4AR3), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3): Update to V3.2 or later version
- SCALANCE XCM332 (6GK5332-0GA01-2AC2): Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-693776 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/505098

]]> https://www.tenable.com/plugins/ot/505097 https://www.tenable.com/plugins/ot/505097 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505097 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505097

]]> https://www.tenable.com/plugins/ot/505096 https://www.tenable.com/plugins/ot/505096 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505096 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505096

]]> https://www.tenable.com/plugins/ot/505095 https://www.tenable.com/plugins/ot/505095 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505095 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505095

]]> https://www.tenable.com/plugins/ot/505094 https://www.tenable.com/plugins/ot/505094 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505094 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505094

]]> https://www.tenable.com/plugins/ot/505093 https://www.tenable.com/plugins/ot/505093 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505093 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505093

]]> https://www.tenable.com/plugins/ot/505092 https://www.tenable.com/plugins/ot/505092 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505092 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out- of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash.
Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505092

]]> https://www.tenable.com/plugins/ot/505091 https://www.tenable.com/plugins/ot/505091 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505091 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - Set merge to zero early in af_alg_sendmsg If an error causes af_alg_sendmsg to abort, ctx->merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into af_alg_sendmsg when it attempts to do a merge that can't be done. Fix this by setting ctx->merge to zero near the start of the loop.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505091

]]> https://www.tenable.com/plugins/ot/505090 https://www.tenable.com/plugins/ot/505090 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505090 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505090

]]> https://www.tenable.com/plugins/ot/505089 https://www.tenable.com/plugins/ot/505089 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505089 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futex_wait_requeue_pi() futex_do_wait() schedule() futex_requeue() futex_proxy_trylock_atomic() futex_requeue_pi_prepare() requeue_pi_wake_futex() futex_requeue_pi_complete() /* preempt */ * timeout/ signal wakes T1 * futex_requeue_pi_wakeup_sync() // Q_REQUEUE_PI_LOCKED futex_hash_put() // back to userland, on stack futex_q is garbage /* back */ wake_up_state(q->task, TASK_NORMAL); In this scenario futex_wait_requeue_pi() is able to leave without using futex_q::lock_ptr for synchronization. This can be prevented by reading futex_q::task before updating the futex_q::requeue_state. A reference on the task_struct is not needed because requeue_pi_wake_futex() is invoked with a spinlock_t held which implies a RCU read section. Even if T1 terminates immediately after, the task_struct will remain valid during T2's wake_up_state().
A READ_ONCE on futex_q::task before futex_requeue_pi_complete() is enough because it ensures that the variable is read before the state is updated. Read futex_q::task before updating the requeue state, use it for the following wakeup.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505089

]]> https://www.tenable.com/plugins/ot/505088 https://www.tenable.com/plugins/ot/505088 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505088 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap- based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name:
6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505088

]]> https://www.tenable.com/plugins/ot/505087 https://www.tenable.com/plugins/ot/505087 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505087 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505087

]]> https://www.tenable.com/plugins/ot/505086 https://www.tenable.com/plugins/ot/505086 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505086 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505086

]]> https://www.tenable.com/plugins/ot/505085 https://www.tenable.com/plugins/ot/505085 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505085 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A flaw has been found in GNU Binutils 2.45. Impacted is the function
_bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with [f]ixed for 2.46.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505085

]]> https://www.tenable.com/plugins/ot/505084 https://www.tenable.com/plugins/ot/505084 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505084 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505084

]]> https://www.tenable.com/plugins/ot/505083 https://www.tenable.com/plugins/ot/505083 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505083 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Commit 1b34cbbf4f01 (crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg) changed some fields from bool to 1-bit bitfields of type u32. However, some assignments to these fields, specifically 'more' and 'merge', assign values greater than 1. These relied on C's implicit conversion to bool, such that zero becomes false and nonzero becomes true. With a 1-bit bitfields of type u32 instead, mod 2 of the value is taken instead, resulting in 0 being assigned in some cases when 1 was intended. Fix this by restoring the bool type.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505083

]]> https://www.tenable.com/plugins/ot/505082 https://www.tenable.com/plugins/ot/505082 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505082 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out- of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name:
aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505082

]]> https://www.tenable.com/plugins/ot/505081 https://www.tenable.com/plugins/ot/505081 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505081 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505081

]]> https://www.tenable.com/plugins/ot/505080 https://www.tenable.com/plugins/ot/505080 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505080 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path During tests of another unrelated patch I was able to trigger this error: Objects remaining on __kmem_cache_shutdown()

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505080

]]> https://www.tenable.com/plugins/ot/505079 https://www.tenable.com/plugins/ot/505079 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505079 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/505079

]]> https://www.tenable.com/plugins/ot/505078 https://www.tenable.com/plugins/ot/505078 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505078 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An internal session termination functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with guest role to terminate legitimate users' sessions.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC316-8 (6GK5324-8TS00-2AC2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2), SCALANCE XC332 (6GK5332-0GA00-2AC2), SCALANCE XC416-8 (6GK5424-8TR00-2AC2), SCALANCE XC424-4 (6GK5428-4TR00-2AC2), SCALANCE XC432 (6GK5432-0GR00-2AC2), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XR302-32 (6GK5334-5TS00-2AR3), SCALANCE XR302-32 (6GK5334-5TS00-3AR3), SCALANCE XR302-32 (6GK5334-5TS00-4AR3), SCALANCE XR322-12 (6GK5334-3TS00-2AR3), SCALANCE XR322-12 (6GK5334-3TS00-3AR3), SCALANCE XR322-12 (6GK5334-3TS00-4AR3), SCALANCE XR326-8 (6GK5334-2TS00-2AR3), SCALANCE XR326-8 (6GK5334-2TS00-3AR3), SCALANCE XR326-8 (6GK5334-2TS00-4AR3), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3), SCALANCE XR502-32 (6GK5534-5TR00-2AR3), SCALANCE XR502-32 (6GK5534-5TR00-3AR3), SCALANCE XR502-32 (6GK5534-5TR00-4AR3), SCALANCE XR522-12 (6GK5534-3TR00-2AR3), SCALANCE XR522-12 (6GK5534-3TR00-3AR3), SCALANCE XR522-12 (6GK5534-3TR00-4AR3), SCALANCE XR526-8 (6GK5534-2TR00-2AR3), SCALANCE XR526-8 (6GK5534-2TR00-3AR3), SCALANCE XR526-8 (6GK5534-2TR00-4AR3), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3): Update to V3.2 or later version
- SCALANCE XCM332 (6GK5332-0GA01-2AC2): Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-693776 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/505078

]]> https://www.tenable.com/plugins/ot/505077 https://www.tenable.com/plugins/ot/505077 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505077 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505077

]]> https://www.tenable.com/plugins/ot/505076 https://www.tenable.com/plugins/ot/505076 Tue, 10 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505076 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack.
The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505076

]]> https://www.tenable.com/plugins/ot/505075 https://www.tenable.com/plugins/ot/505075 Fri, 06 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505075 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505075

]]> https://www.tenable.com/plugins/ot/505074 https://www.tenable.com/plugins/ot/505074 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505074 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505074

]]> https://www.tenable.com/plugins/ot/505073 https://www.tenable.com/plugins/ot/505073 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505073 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) may allow a remote attackers to lead a user to a phishing site or execute an arbitrary script on the user's web browser.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505073

]]> https://www.tenable.com/plugins/ot/505072 https://www.tenable.com/plugins/ot/505072 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505072 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505072

]]> https://www.tenable.com/plugins/ot/505071 https://www.tenable.com/plugins/ot/505071 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505071 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION.
For the details of the affected product names/model numbers, refer to the information provided by the vendor.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505071

]]> https://www.tenable.com/plugins/ot/505070 https://www.tenable.com/plugins/ot/505070 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505070 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505070

]]> https://www.tenable.com/plugins/ot/505069 https://www.tenable.com/plugins/ot/505069 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505069 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505069

]]> https://www.tenable.com/plugins/ot/505068 https://www.tenable.com/plugins/ot/505068 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505068 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery- mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505068

]]> https://www.tenable.com/plugins/ot/505067 https://www.tenable.com/plugins/ot/505067 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505067 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505067

]]> https://www.tenable.com/plugins/ot/505066 https://www.tenable.com/plugins/ot/505066 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505066 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longer functions until a reboot.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505066

]]> https://www.tenable.com/plugins/ot/505065 https://www.tenable.com/plugins/ot/505065 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505065 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505065

]]> https://www.tenable.com/plugins/ot/505064 https://www.tenable.com/plugins/ot/505064 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505064 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505064

]]> https://www.tenable.com/plugins/ot/505063 https://www.tenable.com/plugins/ot/505063 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505063 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505063

]]> https://www.tenable.com/plugins/ot/505062 https://www.tenable.com/plugins/ot/505062 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505062 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505062

]]> https://www.tenable.com/plugins/ot/505061 https://www.tenable.com/plugins/ot/505061 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505061 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION.
For the details of the affected product names/model numbers, refer to the information provided by the vendor.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505061

]]> https://www.tenable.com/plugins/ot/505060 https://www.tenable.com/plugins/ot/505060 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505060 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery- mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505060

]]> https://www.tenable.com/plugins/ot/505059 https://www.tenable.com/plugins/ot/505059 Thu, 05 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505059 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the web interface of the affected product.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505059

]]> https://www.tenable.com/plugins/ot/505058 https://www.tenable.com/plugins/ot/505058 Wed, 04 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505058 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache.
That cached poisoned content could then be served to all users of that proxy.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505058

]]> https://www.tenable.com/plugins/ot/505057 https://www.tenable.com/plugins/ot/505057 Wed, 04 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505057 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505057

]]> https://www.tenable.com/plugins/ot/505056 https://www.tenable.com/plugins/ot/505056 Wed, 04 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505056 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505056

]]> https://www.tenable.com/plugins/ot/505055 https://www.tenable.com/plugins/ot/505055 Wed, 04 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505055 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files.
Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505055

]]> https://www.tenable.com/plugins/ot/505054 https://www.tenable.com/plugins/ot/505054 Tue, 03 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505054 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505054

]]> https://www.tenable.com/plugins/ot/505053 https://www.tenable.com/plugins/ot/505053 Tue, 03 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505053 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505053

]]> https://www.tenable.com/plugins/ot/505052 https://www.tenable.com/plugins/ot/505052 Tue, 03 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505052 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505052

]]> https://www.tenable.com/plugins/ot/505051 https://www.tenable.com/plugins/ot/505051 Tue, 03 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505051 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505051

]]> https://www.tenable.com/plugins/ot/505050 https://www.tenable.com/plugins/ot/505050 Tue, 03 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505050 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505050

]]> https://www.tenable.com/plugins/ot/505049 https://www.tenable.com/plugins/ot/505049 Tue, 03 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505049 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505049

]]> https://www.tenable.com/plugins/ot/505048 https://www.tenable.com/plugins/ot/505048 Tue, 03 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505048 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505048

]]> https://www.tenable.com/plugins/ot/505047 https://www.tenable.com/plugins/ot/505047 Tue, 03 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505047 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505047

]]> https://www.tenable.com/plugins/ot/505046 https://www.tenable.com/plugins/ot/505046 Tue, 03 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505046 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505046

]]> https://www.tenable.com/plugins/ot/505045 https://www.tenable.com/plugins/ot/505045 Tue, 03 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505045 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505045

]]> https://www.tenable.com/plugins/ot/505044 https://www.tenable.com/plugins/ot/505044 Tue, 03 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505044 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505044

]]> https://www.tenable.com/plugins/ot/505043 https://www.tenable.com/plugins/ot/505043 Tue, 03 Feb 2026 00:00:00 GMT Tenable OT Security Plugin ID 505043 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505043

]]> https://www.tenable.com/plugins/ot/505042 https://www.tenable.com/plugins/ot/505042 Fri, 30 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505042 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QTS 5.2.0.2851 build 20240808 and later QuTS hero h5.2.0.2851 build 20240808 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505042

]]> https://www.tenable.com/plugins/ot/505041 https://www.tenable.com/plugins/ot/505041 Wed, 21 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505041 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service (HTTP TCP port 80) SOAP request. The attacker can not control the data sent in the SSRF connection, nor can the attacker receive any data back. This SSRF is suitable for TCP port scanning of an internal network when the Web service (HTTP TCP port 80) is exposed across a network segment.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505041

]]> https://www.tenable.com/plugins/ot/505040 https://www.tenable.com/plugins/ot/505040 Wed, 21 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505040 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505040

]]> https://www.tenable.com/plugins/ot/505039 https://www.tenable.com/plugins/ot/505039 Wed, 21 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505039 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505039

]]> https://www.tenable.com/plugins/ot/505038 https://www.tenable.com/plugins/ot/505038 Wed, 21 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505038 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the existing credentials for that external service. In the case of an external LDAP or FTP service, this will disclose the plaintext password for that external service to the attacker.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505038

]]> https://www.tenable.com/plugins/ot/505037 https://www.tenable.com/plugins/ot/505037 Wed, 21 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505037 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505037

]]> https://www.tenable.com/plugins/ot/505036 https://www.tenable.com/plugins/ot/505036 Wed, 21 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505036 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control all the HTTP data sent in the SSRF connection, but the attacker can not receive any data back from this connection.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505036

]]> https://www.tenable.com/plugins/ot/505035 https://www.tenable.com/plugins/ot/505035 Wed, 21 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505035 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631). The malformed request will contain an empty Origin header value and a malformed Referer header value. The Referer header value will trigger a stack based buffer overflow when the host value in the Referer header is processed and is greater than 64 bytes in length.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505035

]]> https://www.tenable.com/plugins/ot/505034 https://www.tenable.com/plugins/ot/505034 Wed, 21 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505034 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505034

]]> https://www.tenable.com/plugins/ot/505033 https://www.tenable.com/plugins/ot/505033 Wed, 21 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505033 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device's model, firmware version, IP address, and serial number.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505033

]]> https://www.tenable.com/plugins/ot/505032 https://www.tenable.com/plugins/ot/505032 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505032 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QTS 5.2.8.3332 build 20251128 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505032

]]> https://www.tenable.com/plugins/ot/505031 https://www.tenable.com/plugins/ot/505031 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505031 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505031

]]> https://www.tenable.com/plugins/ot/505030 https://www.tenable.com/plugins/ot/505030 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505030 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505030

]]> https://www.tenable.com/plugins/ot/505029 https://www.tenable.com/plugins/ot/505029 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505029 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QTS 5.2.8.3332 build 20251128 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505029

]]> https://www.tenable.com/plugins/ot/505028 https://www.tenable.com/plugins/ot/505028 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505028 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505028

]]> https://www.tenable.com/plugins/ot/505027 https://www.tenable.com/plugins/ot/505027 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505027 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505027

]]> https://www.tenable.com/plugins/ot/505026 https://www.tenable.com/plugins/ot/505026 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505026 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505026

]]> https://www.tenable.com/plugins/ot/505025 https://www.tenable.com/plugins/ot/505025 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505025 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505025

]]> https://www.tenable.com/plugins/ot/505024 https://www.tenable.com/plugins/ot/505024 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505024 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505024

]]> https://www.tenable.com/plugins/ot/505023 https://www.tenable.com/plugins/ot/505023 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505023 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505023

]]> https://www.tenable.com/plugins/ot/505022 https://www.tenable.com/plugins/ot/505022 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505022 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505022

]]> https://www.tenable.com/plugins/ot/505021 https://www.tenable.com/plugins/ot/505021 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505021 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505021

]]> https://www.tenable.com/plugins/ot/505020 https://www.tenable.com/plugins/ot/505020 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505020 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505020

]]> https://www.tenable.com/plugins/ot/505019 https://www.tenable.com/plugins/ot/505019 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505019 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505019

]]> https://www.tenable.com/plugins/ot/505018 https://www.tenable.com/plugins/ot/505018 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505018 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505018

]]> https://www.tenable.com/plugins/ot/505017 https://www.tenable.com/plugins/ot/505017 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505017 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505017

]]> https://www.tenable.com/plugins/ot/505016 https://www.tenable.com/plugins/ot/505016 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505016 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505016

]]> https://www.tenable.com/plugins/ot/505015 https://www.tenable.com/plugins/ot/505015 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505015 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505015

]]> https://www.tenable.com/plugins/ot/505014 https://www.tenable.com/plugins/ot/505014 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505014 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505014

]]> https://www.tenable.com/plugins/ot/505013 https://www.tenable.com/plugins/ot/505013 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505013 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505013

]]> https://www.tenable.com/plugins/ot/505012 https://www.tenable.com/plugins/ot/505012 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505012 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505012

]]> https://www.tenable.com/plugins/ot/505011 https://www.tenable.com/plugins/ot/505011 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505011 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.1.3250 build 20250912 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505011

]]> https://www.tenable.com/plugins/ot/505010 https://www.tenable.com/plugins/ot/505010 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505010 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.0.3192 build 20250716 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505010

]]> https://www.tenable.com/plugins/ot/505009 https://www.tenable.com/plugins/ot/505009 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505009 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.0.3192 build 20250716 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505009

]]> https://www.tenable.com/plugins/ot/505008 https://www.tenable.com/plugins/ot/505008 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505008 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.0.3192 build 20250716 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505008

]]> https://www.tenable.com/plugins/ot/505007 https://www.tenable.com/plugins/ot/505007 Tue, 20 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505007 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505007

]]> https://www.tenable.com/plugins/ot/505006 https://www.tenable.com/plugins/ot/505006 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505006 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505006

]]> https://www.tenable.com/plugins/ot/505005 https://www.tenable.com/plugins/ot/505005 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505005 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505005

]]> https://www.tenable.com/plugins/ot/505004 https://www.tenable.com/plugins/ot/505004 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505004 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505004

]]> https://www.tenable.com/plugins/ot/505003 https://www.tenable.com/plugins/ot/505003 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505003 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505003

]]> https://www.tenable.com/plugins/ot/505002 https://www.tenable.com/plugins/ot/505002 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505002 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505002

]]> https://www.tenable.com/plugins/ot/505001 https://www.tenable.com/plugins/ot/505001 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505001 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2627 build 20231225 and later QuTS hero h4.5.4.2626 build 20231225 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505001

]]> https://www.tenable.com/plugins/ot/505000 https://www.tenable.com/plugins/ot/505000 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 505000 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505000

]]> https://www.tenable.com/plugins/ot/504999 https://www.tenable.com/plugins/ot/504999 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504999 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of- service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2277 and later QTS 4.5.4.2280 build 20230112 and later QuTS hero h5.0.1.2277 build 20230112 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504999

]]> https://www.tenable.com/plugins/ot/504998 https://www.tenable.com/plugins/ot/504998 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504998 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504998

]]> https://www.tenable.com/plugins/ot/504997 https://www.tenable.com/plugins/ot/504997 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504997 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504997

]]> https://www.tenable.com/plugins/ot/504996 https://www.tenable.com/plugins/ot/504996 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504996 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to obtain privileges without consent via unspecified vectors.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504996

]]> https://www.tenable.com/plugins/ot/504995 https://www.tenable.com/plugins/ot/504995 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504995 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504995

]]> https://www.tenable.com/plugins/ot/504994 https://www.tenable.com/plugins/ot/504994 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504994 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QuTScloud c5.1.5.2651 and later QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504994

]]> https://www.tenable.com/plugins/ot/504993 https://www.tenable.com/plugins/ot/504993 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504993 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504993

]]> https://www.tenable.com/plugins/ot/504992 https://www.tenable.com/plugins/ot/504992 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504992 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504992

]]> https://www.tenable.com/plugins/ot/504991 https://www.tenable.com/plugins/ot/504991 Mon, 19 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504991 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow when an affected device processes HTTP packets.
An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504991

]]> https://www.tenable.com/plugins/ot/504990 https://www.tenable.com/plugins/ot/504990 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504990 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504990

]]> https://www.tenable.com/plugins/ot/504989 https://www.tenable.com/plugins/ot/504989 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504989 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504989

]]> https://www.tenable.com/plugins/ot/504988 https://www.tenable.com/plugins/ot/504988 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504988 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504988

]]> https://www.tenable.com/plugins/ot/504987 https://www.tenable.com/plugins/ot/504987 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504987 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504987

]]> https://www.tenable.com/plugins/ot/504986 https://www.tenable.com/plugins/ot/504986 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504986 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504986

]]> https://www.tenable.com/plugins/ot/504985 https://www.tenable.com/plugins/ot/504985 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504985 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504985

]]> https://www.tenable.com/plugins/ot/504984 https://www.tenable.com/plugins/ot/504984 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504984 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504984

]]> https://www.tenable.com/plugins/ot/504983 https://www.tenable.com/plugins/ot/504983 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504983 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later and later QuTS hero h5.2.6.3195 build 20250715 and later QuTS hero h5.3.0.3192 build 20250716 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504983

]]> https://www.tenable.com/plugins/ot/504982 https://www.tenable.com/plugins/ot/504982 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504982 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504982

]]> https://www.tenable.com/plugins/ot/504981 https://www.tenable.com/plugins/ot/504981 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504981 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504981

]]> https://www.tenable.com/plugins/ot/504980 https://www.tenable.com/plugins/ot/504980 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504980 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504980

]]> https://www.tenable.com/plugins/ot/504979 https://www.tenable.com/plugins/ot/504979 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504979 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504979

]]> https://www.tenable.com/plugins/ot/504978 https://www.tenable.com/plugins/ot/504978 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504978 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504978

]]> https://www.tenable.com/plugins/ot/504977 https://www.tenable.com/plugins/ot/504977 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504977 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504977

]]> https://www.tenable.com/plugins/ot/504976 https://www.tenable.com/plugins/ot/504976 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504976 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504976

]]> https://www.tenable.com/plugins/ot/504975 https://www.tenable.com/plugins/ot/504975 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504975 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504975

]]> https://www.tenable.com/plugins/ot/504974 https://www.tenable.com/plugins/ot/504974 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504974 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504974

]]> https://www.tenable.com/plugins/ot/504973 https://www.tenable.com/plugins/ot/504973 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504973 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504973

]]> https://www.tenable.com/plugins/ot/504972 https://www.tenable.com/plugins/ot/504972 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504972 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504972

]]> https://www.tenable.com/plugins/ot/504971 https://www.tenable.com/plugins/ot/504971 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504971 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504971

]]> https://www.tenable.com/plugins/ot/504970 https://www.tenable.com/plugins/ot/504970 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504970 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504970

]]> https://www.tenable.com/plugins/ot/504969 https://www.tenable.com/plugins/ot/504969 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504969 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504969

]]> https://www.tenable.com/plugins/ot/504968 https://www.tenable.com/plugins/ot/504968 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504968 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504968

]]> https://www.tenable.com/plugins/ot/504967 https://www.tenable.com/plugins/ot/504967 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504967 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504967

]]> https://www.tenable.com/plugins/ot/504966 https://www.tenable.com/plugins/ot/504966 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504966 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504966

]]> https://www.tenable.com/plugins/ot/504965 https://www.tenable.com/plugins/ot/504965 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504965 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504965

]]> https://www.tenable.com/plugins/ot/504964 https://www.tenable.com/plugins/ot/504964 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504964 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504964

]]> https://www.tenable.com/plugins/ot/504963 https://www.tenable.com/plugins/ot/504963 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504963 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504963

]]> https://www.tenable.com/plugins/ot/504962 https://www.tenable.com/plugins/ot/504962 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504962 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504962

]]> https://www.tenable.com/plugins/ot/504961 https://www.tenable.com/plugins/ot/504961 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504961 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504961

]]> https://www.tenable.com/plugins/ot/504960 https://www.tenable.com/plugins/ot/504960 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504960 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504960

]]> https://www.tenable.com/plugins/ot/504959 https://www.tenable.com/plugins/ot/504959 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504959 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504959

]]> https://www.tenable.com/plugins/ot/504958 https://www.tenable.com/plugins/ot/504958 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504958 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504958

]]> https://www.tenable.com/plugins/ot/504957 https://www.tenable.com/plugins/ot/504957 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504957 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. QTS 5.2.x/QuTS hero h5.2.x are not affected. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QuTS hero h5.1.9.2954 build 20241120 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504957

]]> https://www.tenable.com/plugins/ot/504956 https://www.tenable.com/plugins/ot/504956 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504956 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cisco Systems, Inc. (Cisco) released an advisory regarding a vulnerability in the logic that handles access control to a hardware component in Cisco's proprietary Secure Boot implementation. If successfully exploited, an attacker could write a modified firmware image to the component. The Allen-Bradley Stratix 5950 utilizes Cisco's proprietary Secure Boot implementation.

Customers using affected versions of this product are encouraged to evaluate the mitigations provided below and apply any appropriate mitigations to their deployed products. Additional details relating to the discovered vulnerability, including affected products and recommended countermeasures, are provided below.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Rockwell Automation recommends users update to firmware version FRN v6.4.0, which addresses the reported vulnerability.

Rockwell also provides the following general security guidelines:

- Utilize proper network infrastructure controls, such as firewalls, to help ensure that requests from unauthorized sources are blocked and the controls are isolated from the business network.
- Consult the product documentation for specific features, such as access control lists and deep packet inspection, that may be used to block unauthorized changes, etc.
- Block all traffic to EtherNet/IP or other CIP protocol-based devices from outside the manufacturing zone by blocking or restricting access to TCP and UDP Port 2222 and Port 44818, using proper network infrastructure controls such as firewalls, UTM devices, or other security appliances. For more information on TCP/UDP ports used by Rockwell Automation products, see Knowledgebase Article ID 898270.
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.

Read more at https://www.tenable.com/plugins/ot/504956

]]> https://www.tenable.com/plugins/ot/504955 https://www.tenable.com/plugins/ot/504955 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504955 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504955

]]> https://www.tenable.com/plugins/ot/504954 https://www.tenable.com/plugins/ot/504954 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504954 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504954

]]> https://www.tenable.com/plugins/ot/504953 https://www.tenable.com/plugins/ot/504953 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504953 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504953

]]> https://www.tenable.com/plugins/ot/504952 https://www.tenable.com/plugins/ot/504952 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504952 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504952

]]> https://www.tenable.com/plugins/ot/504951 https://www.tenable.com/plugins/ot/504951 Fri, 16 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504951 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an attacker to execute specific commands on the user's host PC.The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504951

]]> https://www.tenable.com/plugins/ot/504950 https://www.tenable.com/plugins/ot/504950 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504950 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-112551163References: Upstream kernel

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504950

]]> https://www.tenable.com/plugins/ot/504949 https://www.tenable.com/plugins/ot/504949 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504949 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

There is a MEDIUM severity vulnerability affecting CPython. The email module didn't properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504949

]]> https://www.tenable.com/plugins/ot/504948 https://www.tenable.com/plugins/ot/504948 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504948 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), data stage handler for OUT transfer uses memcpy to copy req->actual bytes to uvc_event->data.data array of size 60. This may result in an overflow of 4 bytes.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504948

]]> https://www.tenable.com/plugins/ot/504947 https://www.tenable.com/plugins/ot/504947 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504947 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Linux PV device frontends vulnerable to attacks by backends [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc:
CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re- used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- Update all of the affected products to v7.2 or later version or the software.

As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens' operational guidelines for Industrial Security, and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found on the Siemens page for Industrial Security.

For further inquiries on security vulnerabilities in Siemens products and solutions, contact the Siemens ProductCERT.

For more information, see the associated Siemens security advisory SSA-419740 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504947

]]> https://www.tenable.com/plugins/ot/504946 https://www.tenable.com/plugins/ot/504946 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504946 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504946

]]> https://www.tenable.com/plugins/ot/504945 https://www.tenable.com/plugins/ot/504945 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504945 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An issue was discovered in FRRouting FRR through 9.0.
bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504945

]]> https://www.tenable.com/plugins/ot/504944 https://www.tenable.com/plugins/ot/504944 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504944 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
mcb: fix error handling in mcb_alloc_bus() There are two bugs: 1) If ida_simple_get() fails then this code calls put_device(carrier) but we haven't yet called get_device(carrier) and probably that leads to a use after free. 2) After device_initialize() then we need to use put_device() to release the bus. This will free the internal resources tied to the device and call mcb_free_bus() which will free the rest.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504944

]]> https://www.tenable.com/plugins/ot/504943 https://www.tenable.com/plugins/ot/504943 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504943 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs.
This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504943

]]> https://www.tenable.com/plugins/ot/504942 https://www.tenable.com/plugins/ot/504942 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504942 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to:
if (cpu_online(pp->rxq_def)) inside the mvneta_percpu_elect() function. It needs bounds checkeding to ensure that it is not beyond the end of the cpu bitmap.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504942

]]> https://www.tenable.com/plugins/ot/504941 https://www.tenable.com/plugins/ot/504941 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504941 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504941

]]> https://www.tenable.com/plugins/ot/504940 https://www.tenable.com/plugins/ot/504940 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504940 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504940

]]> https://www.tenable.com/plugins/ot/504939 https://www.tenable.com/plugins/ot/504939 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504939 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
staging: greybus: uart: fix tty use after free User space can hold a tty open indefinitely and tty drivers must not release the underlying structures until the last user is gone. Switch to using the tty-port reference counter to manage the life time of the greybus tty state to avoid use after free after a disconnect.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504939

]]> https://www.tenable.com/plugins/ot/504938 https://www.tenable.com/plugins/ot/504938 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504938 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504938

]]> https://www.tenable.com/plugins/ot/504937 https://www.tenable.com/plugins/ot/504937 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504937 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504937

]]> https://www.tenable.com/plugins/ot/504936 https://www.tenable.com/plugins/ot/504936 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504936 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused because Smatch marks 'link_len' as untrusted since it comes from sscanf(). Add a check to ensure that 'link_len' is not larger than the size of the 'link_str' buffer.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504936

]]> https://www.tenable.com/plugins/ot/504935 https://www.tenable.com/plugins/ot/504935 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504935 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used group blacklisting (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504935

]]> https://www.tenable.com/plugins/ot/504934 https://www.tenable.com/plugins/ot/504934 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504934 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- Update all of the affected products to v7.2 or later version or the software.

As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens' operational guidelines for Industrial Security, and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found on the Siemens page for Industrial Security.

For further inquiries on security vulnerabilities in Siemens products and solutions, contact the Siemens ProductCERT.

For more information, see the associated Siemens security advisory SSA-419740 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504934

]]> https://www.tenable.com/plugins/ot/504933 https://www.tenable.com/plugins/ot/504933 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504933 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504933

]]> https://www.tenable.com/plugins/ot/504932 https://www.tenable.com/plugins/ot/504932 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504932 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504932

]]> https://www.tenable.com/plugins/ot/504931 https://www.tenable.com/plugins/ot/504931 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504931 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- Update all of the affected products to v7.2 or later version or the software.

As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens' operational guidelines for Industrial Security, and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found on the Siemens page for Industrial Security.

For further inquiries on security vulnerabilities in Siemens products and solutions, contact the Siemens ProductCERT.

For more information, see the associated Siemens security advisory SSA-419740 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504931

]]> https://www.tenable.com/plugins/ot/504930 https://www.tenable.com/plugins/ot/504930 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504930 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and using it instead of the pointer dereference.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504930

]]> https://www.tenable.com/plugins/ot/504929 https://www.tenable.com/plugins/ot/504929 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504929 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() The bounds checks in snd_soc_put_volsw_sx() are only being applied to the first channel, meaning it is possible to write out of bounds values to the second channel in stereo controls. Add appropriate checks.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504929

]]> https://www.tenable.com/plugins/ot/504928 https://www.tenable.com/plugins/ot/504928 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504928 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function.
This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504928

]]> https://www.tenable.com/plugins/ot/504927 https://www.tenable.com/plugins/ot/504927 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504927 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Linux PV device frontends vulnerable to attacks by backends [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc:
CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re- used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- Update all of the affected products to v7.2 or later version or the software.

As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens' operational guidelines for Industrial Security, and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found on the Siemens page for Industrial Security.

For further inquiries on security vulnerabilities in Siemens products and solutions, contact the Siemens ProductCERT.

For more information, see the associated Siemens security advisory SSA-419740 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504927

]]> https://www.tenable.com/plugins/ot/504926 https://www.tenable.com/plugins/ot/504926 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504926 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504926

]]> https://www.tenable.com/plugins/ot/504925 https://www.tenable.com/plugins/ot/504925 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504925 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504925

]]> https://www.tenable.com/plugins/ot/504924 https://www.tenable.com/plugins/ot/504924 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504924 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504924

]]> https://www.tenable.com/plugins/ot/504923 https://www.tenable.com/plugins/ot/504923 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504923 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504923

]]> https://www.tenable.com/plugins/ot/504922 https://www.tenable.com/plugins/ot/504922 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504922 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504922

]]> https://www.tenable.com/plugins/ot/504921 https://www.tenable.com/plugins/ot/504921 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504921 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An information disclosure vulnerability exists in curl This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504921

]]> https://www.tenable.com/plugins/ot/504920 https://www.tenable.com/plugins/ot/504920 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504920 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An integer coercion error was found in the openvswitch kernel module.
Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- Update all of the affected products to v7.2 or later version or the software.

As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens' operational guidelines for Industrial Security, and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found on the Siemens page for Industrial Security.

For further inquiries on security vulnerabilities in Siemens products and solutions, contact the Siemens ProductCERT.

For more information, see the associated Siemens security advisory SSA-419740 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504920

]]> https://www.tenable.com/plugins/ot/504919 https://www.tenable.com/plugins/ot/504919 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504919 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504919

]]> https://www.tenable.com/plugins/ot/504918 https://www.tenable.com/plugins/ot/504918 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504918 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504918

]]> https://www.tenable.com/plugins/ot/504917 https://www.tenable.com/plugins/ot/504917 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504917 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/504917

]]> https://www.tenable.com/plugins/ot/504916 https://www.tenable.com/plugins/ot/504916 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504916 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504916

]]> https://www.tenable.com/plugins/ot/504915 https://www.tenable.com/plugins/ot/504915 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504915 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504915

]]> https://www.tenable.com/plugins/ot/504914 https://www.tenable.com/plugins/ot/504914 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504914 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

CPython 3.9 and earlier doesn't disallow configuring an empty list ([]) for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504914

]]> https://www.tenable.com/plugins/ot/504913 https://www.tenable.com/plugins/ot/504913 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504913 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: rndis: add spinlock for rndis response list There's no lock for rndis response list. It could cause list corruption if there're two different list_add at the same time like below. It's better to add in rndis_add_response / rndis_free_response / rndis_get_next_response to prevent any race condition on response list. [ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.
next->prev should be prev (ffffff80651764d0), but was ffffff883dc36f80. (next=ffffff80651764d0). [ 361.904380] [1:
irq/191-dwc3:16979] Call trace: [ 361.904391] [1:
irq/191-dwc3:16979] __list_add_valid+0x74/0x90 [ 361.904401] [1:
irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0 [ 361.904409] [1:
irq/191-dwc3:16979] rndis_command_complete+0x24/0x84 [ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4 [ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60 [ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0 [ 361.904442] [1:
irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc [ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc [ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec [ 361.904465] [1:
irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504913

]]> https://www.tenable.com/plugins/ot/504912 https://www.tenable.com/plugins/ot/504912 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504912 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504912

]]> https://www.tenable.com/plugins/ot/504911 https://www.tenable.com/plugins/ot/504911 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504911 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504911

]]> https://www.tenable.com/plugins/ot/504910 https://www.tenable.com/plugins/ot/504910 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504910 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free the context. In this situation we should not proceed to enter the out: section in cifs_smb3_do_mount() and free the same resources a second time. [Thu Feb 10 12:59:06 2022] BUG: KASAN:
use-after-free in rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0 [Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 5.17.0-rc3+ #4 [Thu Feb 10 12:59:06 2022] Hardware name:
Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019 [Thu Feb 10 12:59:06 2022] Call Trace:
[Thu Feb 10 12:59:06 2022] [Thu Feb 10 12:59:06 2022] dump_stack_lvl+0x5d/0x78 [Thu Feb 10 12:59:06 2022] print_address_description.constprop.0+0x24/0x150 [Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] kasan_report.cold+0x7d/0x117 [Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022]
__asan_load8+0x86/0xa0 [Thu Feb 10 12:59:06 2022] rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] rcu_core+0x547/0xca0 [Thu Feb 10 12:59:06 2022] ? call_rcu+0x3c0/0x3c0 [Thu Feb 10 12:59:06 2022] ?
__this_cpu_preempt_check+0x13/0x20 [Thu Feb 10 12:59:06 2022] ? lock_is_held_type+0xea/0x140 [Thu Feb 10 12:59:06 2022] rcu_core_si+0xe/0x10 [Thu Feb 10 12:59:06 2022]
__do_softirq+0x1d4/0x67b [Thu Feb 10 12:59:06 2022]
__irq_exit_rcu+0x100/0x150 [Thu Feb 10 12:59:06 2022] irq_exit_rcu+0xe/0x30 [Thu Feb 10 12:59:06 2022] sysvec_hyperv_stimer0+0x9d/0xc0 ... [Thu Feb 10 12:59:07 2022] Freed by task 58179: [Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50 [Thu Feb 10 12:59:07 2022] kasan_set_track+0x25/0x30 [Thu Feb 10 12:59:07 2022] kasan_set_free_info+0x24/0x40 [Thu Feb 10 12:59:07 2022] ____kasan_slab_free+0x137/0x170 [Thu Feb 10 12:59:07 2022]
__kasan_slab_free+0x12/0x20 [Thu Feb 10 12:59:07 2022] slab_free_freelist_hook+0xb3/0x1d0 [Thu Feb 10 12:59:07 2022] kfree+0xcd/0x520 [Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0x149/0xbe0 [cifs] [Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs] [Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140 [Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0 [Thu Feb 10 12:59:07 2022]
__x64_sys_mount+0x1bf/0x210 [Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0 [Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae [Thu Feb 10 12:59:07 2022] Last potentially related work creation: [Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50 [Thu Feb 10 12:59:07 2022]
__kasan_record_aux_stack+0xb6/0xc0 [Thu Feb 10 12:59:07 2022] kasan_record_aux_stack_noalloc+0xb/0x10 [Thu Feb 10 12:59:07 2022] call_rcu+0x76/0x3c0 [Thu Feb 10 12:59:07 2022] cifs_umount+0xce/0xe0 [cifs] [Thu Feb 10 12:59:07 2022] cifs_kill_sb+0xc8/0xe0 [cifs] [Thu Feb 10 12:59:07 2022] deactivate_locked_super+0x5d/0xd0 [Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0xab9/0xbe0 [cifs] [Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs] [Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140 [Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0 [Thu Feb 10 12:59:07 2022]
__x64_sys_mount+0x1bf/0x210 [Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0 [Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504910

]]> https://www.tenable.com/plugins/ot/504909 https://www.tenable.com/plugins/ot/504909 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504909 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.
This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504909

]]> https://www.tenable.com/plugins/ot/504908 https://www.tenable.com/plugins/ot/504908 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504908 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has released update V2.4 for SCALANCE X-300 and recommends updating to the latest version.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see the associated Siemens security advisory SSA-806742 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504908

]]> https://www.tenable.com/plugins/ot/504907 https://www.tenable.com/plugins/ot/504907 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504907 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504907

]]> https://www.tenable.com/plugins/ot/504906 https://www.tenable.com/plugins/ot/504906 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504906 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition.
Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504906

]]> https://www.tenable.com/plugins/ot/504905 https://www.tenable.com/plugins/ot/504905 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504905 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A flaw was found in the Linux kernel's driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out- of-bounds writes.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504905

]]> https://www.tenable.com/plugins/ot/504904 https://www.tenable.com/plugins/ot/504904 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504904 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504904

]]> https://www.tenable.com/plugins/ot/504903 https://www.tenable.com/plugins/ot/504903 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504903 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition.
Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504903

]]> https://www.tenable.com/plugins/ot/504902 https://www.tenable.com/plugins/ot/504902 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504902 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition.
Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504902

]]> https://www.tenable.com/plugins/ot/504901 https://www.tenable.com/plugins/ot/504901 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504901 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A defect was discovered in the Python ssl module where there is a memory race condition with the ssl.SSLContext methods cert_store_stats() and get_ca_certs(). The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504901

]]> https://www.tenable.com/plugins/ot/504900 https://www.tenable.com/plugins/ot/504900 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504900 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

he urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504900

]]> https://www.tenable.com/plugins/ot/504899 https://www.tenable.com/plugins/ot/504899 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504899 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504899

]]> https://www.tenable.com/plugins/ot/504898 https://www.tenable.com/plugins/ot/504898 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504898 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504898

]]> https://www.tenable.com/plugins/ot/504897 https://www.tenable.com/plugins/ot/504897 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504897 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504897

]]> https://www.tenable.com/plugins/ot/504896 https://www.tenable.com/plugins/ot/504896 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504896 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use-after-free flaw was found in the Linux kernel's SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504896

]]> https://www.tenable.com/plugins/ot/504895 https://www.tenable.com/plugins/ot/504895 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504895 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition.
Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504895

]]> https://www.tenable.com/plugins/ot/504894 https://www.tenable.com/plugins/ot/504894 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504894 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- Update all of the affected products to v7.2 or later version or the software.

As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens' operational guidelines for Industrial Security, and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found on the Siemens page for Industrial Security.

For further inquiries on security vulnerabilities in Siemens products and solutions, contact the Siemens ProductCERT.

For more information, see the associated Siemens security advisory SSA-419740 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504894

]]> https://www.tenable.com/plugins/ot/504893 https://www.tenable.com/plugins/ot/504893 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504893 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504893

]]> https://www.tenable.com/plugins/ot/504892 https://www.tenable.com/plugins/ot/504892 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504892 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504892

]]> https://www.tenable.com/plugins/ot/504891 https://www.tenable.com/plugins/ot/504891 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504891 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504891

]]> https://www.tenable.com/plugins/ot/504890 https://www.tenable.com/plugins/ot/504890 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504890 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504890

]]> https://www.tenable.com/plugins/ot/504889 https://www.tenable.com/plugins/ot/504889 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504889 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field target->sensf_res at net/nfc/nci/ntf.c:260 (size 18) This appears to be a legitimate lack of bounds checking in nci_add_new_protocol(). Add the missing checks.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504889

]]> https://www.tenable.com/plugins/ot/504888 https://www.tenable.com/plugins/ot/504888 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504888 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In the Linux kernel, the following vulnerability has been resolved:
net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504888

]]> https://www.tenable.com/plugins/ot/504887 https://www.tenable.com/plugins/ot/504887 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504887 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c.
Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive.
Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504887

]]> https://www.tenable.com/plugins/ot/504886 https://www.tenable.com/plugins/ot/504886 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504886 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- Update all of the affected products to v7.2 or later version or the software.

As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens' operational guidelines for Industrial Security, and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found on the Siemens page for Industrial Security.

For further inquiries on security vulnerabilities in Siemens products and solutions, contact the Siemens ProductCERT.

For more information, see the associated Siemens security advisory SSA-419740 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504886

]]> https://www.tenable.com/plugins/ot/504885 https://www.tenable.com/plugins/ot/504885 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504885 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504885

]]> https://www.tenable.com/plugins/ot/504884 https://www.tenable.com/plugins/ot/504884 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504884 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504884

]]> https://www.tenable.com/plugins/ot/504883 https://www.tenable.com/plugins/ot/504883 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504883 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/504883

]]> https://www.tenable.com/plugins/ot/504882 https://www.tenable.com/plugins/ot/504882 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504882 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/504882

]]> https://www.tenable.com/plugins/ot/504881 https://www.tenable.com/plugins/ot/504881 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504881 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/504881

]]> https://www.tenable.com/plugins/ot/504880 https://www.tenable.com/plugins/ot/504880 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504880 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/504880

]]> https://www.tenable.com/plugins/ot/504879 https://www.tenable.com/plugins/ot/504879 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504879 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/504879

]]> https://www.tenable.com/plugins/ot/504878 https://www.tenable.com/plugins/ot/504878 Fri, 09 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504878 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Read more at https://www.tenable.com/plugins/ot/504878

]]> https://www.tenable.com/plugins/ot/504877 https://www.tenable.com/plugins/ot/504877 Tue, 06 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504877 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504877

]]> https://www.tenable.com/plugins/ot/504876 https://www.tenable.com/plugins/ot/504876 Tue, 06 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504876 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504876

]]> https://www.tenable.com/plugins/ot/504875 https://www.tenable.com/plugins/ot/504875 Tue, 06 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504875 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504875

]]> https://www.tenable.com/plugins/ot/504874 https://www.tenable.com/plugins/ot/504874 Tue, 06 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504874 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504874

]]> https://www.tenable.com/plugins/ot/504873 https://www.tenable.com/plugins/ot/504873 Tue, 06 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504873 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504873

]]> https://www.tenable.com/plugins/ot/504872 https://www.tenable.com/plugins/ot/504872 Fri, 02 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504872 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potentially causing remote code execution or denial of service.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504872

]]> https://www.tenable.com/plugins/ot/504871 https://www.tenable.com/plugins/ot/504871 Fri, 02 Jan 2026 00:00:00 GMT Tenable OT Security Plugin ID 504871 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504871

]]> https://www.tenable.com/plugins/ot/504870 https://www.tenable.com/plugins/ot/504870 Tue, 23 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504870 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504870

]]> https://www.tenable.com/plugins/ot/504869 https://www.tenable.com/plugins/ot/504869 Mon, 22 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504869 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504869

]]> https://www.tenable.com/plugins/ot/504868 https://www.tenable.com/plugins/ot/504868 Fri, 19 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504868 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in
- LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions)
- LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions)
- LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions)
- LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions)
- LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions)
- LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions)
- LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions)
- LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions)
- SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions)
- SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions)
- SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions)
- SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions)
- SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions)
- SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions)
- SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions)
- SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions).


Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens is preparing fixed versions and recommends specific countermeasures for products where fixes are not available or not yet available. Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- (CVE-2025-40815) Protect the LSC access to the device with a strong password. Currently no fix is available.
- (CVE-2025-40816, CVE-2025-40817) Restrict network access to port 10006/udp to trusted IP addresses. Currently no fix is planned.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-267056 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504868

]]> https://www.tenable.com/plugins/ot/504867 https://www.tenable.com/plugins/ot/504867 Fri, 19 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504867 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in
- LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions)
- LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions)
- LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions)
- LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions)
- LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions)
- LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions)
- LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions)
- LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions)
- SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions)
- SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions)
- SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions)
- SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions)
- SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions)
- SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions)
- SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions)
- SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions).

Affected devices do not conduct certain validations when interacting with them.
This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens is preparing fixed versions and recommends specific countermeasures for products where fixes are not available or not yet available. Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- (CVE-2025-40815) Protect the LSC access to the device with a strong password. Currently no fix is available.
- (CVE-2025-40816, CVE-2025-40817) Restrict network access to port 10006/udp to trusted IP addresses. Currently no fix is planned.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-267056 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504867

]]> https://www.tenable.com/plugins/ot/504866 https://www.tenable.com/plugins/ot/504866 Fri, 19 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504866 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in
- LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions)
- LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions)
- LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions)
- LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions)
- LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions)
- LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions)
- LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions)
- LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions)
- SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions)
- SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions)
- SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions)
- SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions)
- SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions)
- SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions)
- SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions)
- SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions).

Affected devices do not conduct certain validations when interacting with them.
This could allow an unauthenticated remote attacker to change time of the device, which means the device could behave differently.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens is preparing fixed versions and recommends specific countermeasures for products where fixes are not available or not yet available. Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- (CVE-2025-40815) Protect the LSC access to the device with a strong password. Currently no fix is available.
- (CVE-2025-40816, CVE-2025-40817) Restrict network access to port 10006/udp to trusted IP addresses. Currently no fix is planned.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-267056 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504866

]]> https://www.tenable.com/plugins/ot/504865 https://www.tenable.com/plugins/ot/504865 Fri, 19 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504865 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

If external server authentication is used, a remote attacker with administrative privileges could steal user credentials by sending specific SOAP messages.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504865

]]> https://www.tenable.com/plugins/ot/504864 https://www.tenable.com/plugins/ot/504864 Fri, 19 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504864 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

If a scanning destination that requires the registration of authentication information, such as FTP, SMB, or WebDAV, is registered in the address book of a multifunction printer, a remote attacker could steal the registered authentication information by sending a specific SOAP message.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504864

]]> https://www.tenable.com/plugins/ot/504863 https://www.tenable.com/plugins/ot/504863 Fri, 19 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504863 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

When using external authentication with an LDAP server, a remote attacker could steal specific authentication information in Administrator settings by sending specific SOAP messages.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504863

]]> https://www.tenable.com/plugins/ot/504862 https://www.tenable.com/plugins/ot/504862 Fri, 19 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504862 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An authenticated attacker can disclose the password of a configured external service.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504862

]]> https://www.tenable.com/plugins/ot/504861 https://www.tenable.com/plugins/ot/504861 Fri, 19 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504861 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross-site request forgery vulnerability (CWE-352, CWE-862) was found in the Web Connection.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504861

]]> https://www.tenable.com/plugins/ot/504860 https://www.tenable.com/plugins/ot/504860 Fri, 19 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504860 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Through the use of eSCL or SNMP protocols, an attacker can retrieve the serial number of a printer. By applying the attack technique described in CVE-2024-51978, the default administrator password can be derived from the obtained serial number. Consequently, if the administrator password has not been changed from its default setting, there is a risk that an attacker could use the generated password to gain unauthorized control of the device.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504860

]]> https://www.tenable.com/plugins/ot/504859 https://www.tenable.com/plugins/ot/504859 Fri, 19 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504859 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An attacker could bypass the tamper detection feature of the firmware and install malicious firmware.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504859

]]> https://www.tenable.com/plugins/ot/504858 https://www.tenable.com/plugins/ot/504858 Fri, 19 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504858 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross-site scripting vulnerability (CWE94, CWE-79) was found in the specific input fields of the Web Connection.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504858

]]> https://www.tenable.com/plugins/ot/504857 https://www.tenable.com/plugins/ot/504857 Fri, 19 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504857 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

When scan transmission is interrupted by a network error, a physically accessible attacker could steal the scanned image data by removing the HDD before the scan job times out.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504857

]]> https://www.tenable.com/plugins/ot/504856 https://www.tenable.com/plugins/ot/504856 Fri, 19 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504856 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Importing a malformed file in [Registration of Certification Information] for S/MIME for Email Destination causes the Web Connection to stop.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504856

]]> https://www.tenable.com/plugins/ot/504855 https://www.tenable.com/plugins/ot/504855 Tue, 16 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504855 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504855

]]> https://www.tenable.com/plugins/ot/504854 https://www.tenable.com/plugins/ot/504854 Tue, 16 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504854 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection. This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504854

]]> https://www.tenable.com/plugins/ot/504853 https://www.tenable.com/plugins/ot/504853 Tue, 16 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504853 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504853

]]> https://www.tenable.com/plugins/ot/504852 https://www.tenable.com/plugins/ot/504852 Tue, 16 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504852 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation. This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504852

]]> https://www.tenable.com/plugins/ot/504851 https://www.tenable.com/plugins/ot/504851 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504851 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504851

]]> https://www.tenable.com/plugins/ot/504850 https://www.tenable.com/plugins/ot/504850 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504850 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A stored cross-site scripting (XSS) vulnerability was discovered in /Forms/device_vars_1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. This vulnerability allows authenticated attackers to obtain other users' information via a crafted POST request.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504850

]]> https://www.tenable.com/plugins/ot/504849 https://www.tenable.com/plugins/ot/504849 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504849 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504849

]]> https://www.tenable.com/plugins/ot/504848 https://www.tenable.com/plugins/ot/504848 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504848 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504848

]]> https://www.tenable.com/plugins/ot/504847 https://www.tenable.com/plugins/ot/504847 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504847 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504847

]]> https://www.tenable.com/plugins/ot/504846 https://www.tenable.com/plugins/ot/504846 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504846 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504846

]]> https://www.tenable.com/plugins/ot/504845 https://www.tenable.com/plugins/ot/504845 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504845 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504845

]]> https://www.tenable.com/plugins/ot/504844 https://www.tenable.com/plugins/ot/504844 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504844 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504844

]]> https://www.tenable.com/plugins/ot/504843 https://www.tenable.com/plugins/ot/504843 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504843 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504843

]]> https://www.tenable.com/plugins/ot/504842 https://www.tenable.com/plugins/ot/504842 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504842 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504842

]]> https://www.tenable.com/plugins/ot/504841 https://www.tenable.com/plugins/ot/504841 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504841 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504841

]]> https://www.tenable.com/plugins/ot/504840 https://www.tenable.com/plugins/ot/504840 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504840 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504840

]]> https://www.tenable.com/plugins/ot/504839 https://www.tenable.com/plugins/ot/504839 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504839 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504839

]]> https://www.tenable.com/plugins/ot/504838 https://www.tenable.com/plugins/ot/504838 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504838 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504838

]]> https://www.tenable.com/plugins/ot/504837 https://www.tenable.com/plugins/ot/504837 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504837 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504837

]]> https://www.tenable.com/plugins/ot/504836 https://www.tenable.com/plugins/ot/504836 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504836 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504836

]]> https://www.tenable.com/plugins/ot/504835 https://www.tenable.com/plugins/ot/504835 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504835 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504835

]]> https://www.tenable.com/plugins/ot/504834 https://www.tenable.com/plugins/ot/504834 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504834 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504834

]]> https://www.tenable.com/plugins/ot/504833 https://www.tenable.com/plugins/ot/504833 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504833 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504833

]]> https://www.tenable.com/plugins/ot/504832 https://www.tenable.com/plugins/ot/504832 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504832 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.2.2.2952 build 20241116 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504832

]]> https://www.tenable.com/plugins/ot/504831 https://www.tenable.com/plugins/ot/504831 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504831 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504831

]]> https://www.tenable.com/plugins/ot/504830 https://www.tenable.com/plugins/ot/504830 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504830 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504830

]]> https://www.tenable.com/plugins/ot/504829 https://www.tenable.com/plugins/ot/504829 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504829 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504829

]]> https://www.tenable.com/plugins/ot/504828 https://www.tenable.com/plugins/ot/504828 Thu, 11 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504828 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504828

]]> https://www.tenable.com/plugins/ot/504827 https://www.tenable.com/plugins/ot/504827 Tue, 09 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504827 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504827

]]> https://www.tenable.com/plugins/ot/504826 https://www.tenable.com/plugins/ot/504826 Tue, 09 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504826 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504826

]]> https://www.tenable.com/plugins/ot/504825 https://www.tenable.com/plugins/ot/504825 Tue, 09 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504825 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504825

]]> https://www.tenable.com/plugins/ot/504824 https://www.tenable.com/plugins/ot/504824 Tue, 09 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504824 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504824

]]> https://www.tenable.com/plugins/ot/504823 https://www.tenable.com/plugins/ot/504823 Tue, 09 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504823 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504823

]]> https://www.tenable.com/plugins/ot/504822 https://www.tenable.com/plugins/ot/504822 Tue, 09 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504822 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504822

]]> https://www.tenable.com/plugins/ot/504821 https://www.tenable.com/plugins/ot/504821 Tue, 09 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504821 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504821

]]> https://www.tenable.com/plugins/ot/504820 https://www.tenable.com/plugins/ot/504820 Tue, 09 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504820 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504820

]]> https://www.tenable.com/plugins/ot/504819 https://www.tenable.com/plugins/ot/504819 Tue, 09 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504819 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504819

]]> https://www.tenable.com/plugins/ot/504818 https://www.tenable.com/plugins/ot/504818 Tue, 09 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504818 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504818

]]> https://www.tenable.com/plugins/ot/504817 https://www.tenable.com/plugins/ot/504817 Tue, 09 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504817 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504817

]]> https://www.tenable.com/plugins/ot/504816 https://www.tenable.com/plugins/ot/504816 Mon, 08 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504816 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.829 ( 2024/10/01 ) and later QuLog Center 1.8.0.888 ( 2024/10/15 ) and later QTS 4.5.4.2957 build 20241119 and later QuTS hero h4.5.4.2956 build 20241119 and later

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504816

]]> https://www.tenable.com/plugins/ot/504815 https://www.tenable.com/plugins/ot/504815 Thu, 04 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504815 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross-site scripting vulnerability exists in SNC-CX600W. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504815

]]> https://www.tenable.com/plugins/ot/504814 https://www.tenable.com/plugins/ot/504814 Wed, 03 Dec 2025 00:00:00 GMT Tenable OT Security Plugin ID 504814 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504814

]]> https://www.tenable.com/plugins/ot/504813 https://www.tenable.com/plugins/ot/504813 Sat, 22 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504813 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Schneider Electric has identified the following specific remediations and mitigations users can apply to reduce risk:

- Modicon M580 communication modules BMENOC BMENOC0321: Version SV1.10 of BMENOC0321 includes a fix for this vulnerability and is available for download.
- Modicon M580 communication modules BMECRA BMECRA31210, Modicon M580/Quantum communication modules BMXCRA BMXCRA31200/BMXCRA31210: Version SV02.80 of BMECRA31210, BMXCRA31200, BMXCRA31210 includes a fix for these vulnerabilities and is available for download.
- 140CRA31200 (Quantum RIO Drop): Version V02.80 of 140CRA31200 includes a fix for these vulnerabilities and is available for download.
- 140CRA31908 (M580 Quantum S908 RIO Drop Adapter): Version V02.80 of 140CRA31908 includes a fix for these vulnerabilities and is available for download.

Schneider Electric strongly recommends the following industry cybersecurity best practices:

- Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
- Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.
- Place all controllers in locked cabinets and never leave them in the "Program" mode.
- Never connect programming software to any network other than the network intended for that device.
- Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.
- Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.
- Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.
- When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.

For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document.

For more information, see Schneider Electric security notification "SEVD-2025-014-03 Wind River VxWorks DHCP server vulnerability"

Additional information about the vulnerability can be found on the Wind River site.

Read more at https://www.tenable.com/plugins/ot/504813

]]> https://www.tenable.com/plugins/ot/504812 https://www.tenable.com/plugins/ot/504812 Thu, 20 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504812 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:

- BMXNOE0100 Modbus/TCP Ethernet Modicon M340 module: Version 3.60 of BMXNOE0100 includes a fix for this vulnerability and is available for download here. Reboot is needed to complete the firmware upgrade.
- BMXNOE0110 Modbus/TCP Ethernet Modicon M340 FactoryCast module: Version 6.80 of BMXNOE0110 includes a fix for this vulnerability and is available for download here. Reboot is needed to complete the firmware upgrade.

Schneider Electric is establishing a remediation plan for all future versions of Modicon M340, BMXNOR0200H, BMXNGD0100, and BMXNOC401. Until then, users should immediately apply the following mitigations to reduce the risk of exploit:

- FTP service is disabled by default
- Ensure to disable FTP service when not in use
- Setup network segmentation and implement a firewall to block all unauthorized access to ports 21/FTP
- Use VPN (Virtual Private Networks) tunnels if remote access is required

For more information see the associated Schneider Electric CPCERT security advisory SEVD-2025-224-05.

Read more at https://www.tenable.com/plugins/ot/504812

]]> https://www.tenable.com/plugins/ot/504811 https://www.tenable.com/plugins/ot/504811 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504811 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- POWER METER SICAM Q100 (7KG9501-0AA01-0AA1), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1): Update to V2.62 or later version
- POWER METER SICAM Q200 family: Update to V2.80 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-529291 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504811

]]> https://www.tenable.com/plugins/ot/504810 https://www.tenable.com/plugins/ot/504810 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504810 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in- the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has provided a fix and recommends applying it to the following products:

- RUGGEDCOM ROS RMC8388 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RS416Pv2 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RS416v2 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RS900 (32M) V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RS900G (32M) V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG2100 (32M) V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG2288 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG2300P V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG2300 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG2488 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG907R V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG908C V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG909R V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG910C V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG920P V4.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG920P V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSL910 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RST2228 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RST2228P V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RST916C V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RST916P V5.X: Update to v5.7.0 or later

Siemens has identified the following specific workarounds users can apply to reduce the risk:

- Configure the SSH clients to make use of the following strong key exchange ciphers, supported by the ROS SSH server:
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- Add only the trusted SSH client public keys to ROS, and allow only those clients access

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and to follow the recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information, see the associated Siemens security advisory SSA-764417 in HTML and CSAF.

For more information see Siemens Security Advisory SSA-764417

Read more at https://www.tenable.com/plugins/ot/504810

]]> https://www.tenable.com/plugins/ot/504809 https://www.tenable.com/plugins/ot/504809 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504809 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- SIPROTEC 4 6MD61, SIPROTEC 4 6MD63, SIPROTEC 4 6MD66, SIPROTEC 4 6MD665, SIPROTEC 4 7SA522, SIPROTEC 4 7SJ61, SIPROTEC 4 7SJ62, SIPROTEC 4 7SJ63, SIPROTEC 4 7SJ64, SIPROTEC 4 7SS52, SIPROTEC 4 7ST6, SIPROTEC 4 7UM61, SIPROTEC 4 7UM62, SIPROTEC 4 7UT63, SIPROTEC 4 7UT612, SIPROTEC 4 7UT613, SIPROTEC 4 7VE6, SIPROTEC 4 7VK61, SIPROTEC 4 7VU683, SIPROTEC 4 Compact 7RW80, SIPROTEC 4 Compact 7SD80, SIPROTEC 4 Compact 7SJ80, SIPROTEC 4 Compact 7SJ81, SIPROTEC 4 Compact 7SK80, SIPROTEC 4 Compact 7SK81: Currently no fix is planned
- SIPROTEC 4 7SJ66: Currently no fix is available
- SIPROTEC 4 7SA6: Update to V4.78 or later version
- SIPROTEC 4 7SD5: Update to V4.78 or later version
- SIPROTEC 4 7SD610: Update to V4.78 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-400089 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504809

]]> https://www.tenable.com/plugins/ot/504808 https://www.tenable.com/plugins/ot/504808 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504808 with Low Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. The protection function is not affected of this vulnerability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- SIPROTEC 5 6MD84 (CP300), SIPROTEC 5 6MD85 (CP300), SIPROTEC 5 6MD86 (CP300), SIPROTEC 5 6MD89 (CP300), SIPROTEC 5 6MU85 (CP300), SIPROTEC 5 7KE85 (CP300), SIPROTEC 5 7SA86 (CP300), SIPROTEC 5 7SA87 (CP300), SIPROTEC 5 7SD86 (CP300), SIPROTEC 5 7SD87 (CP300), SIPROTEC 5 7SJ85 (CP300), SIPROTEC 5 7SJ86 (CP300), SIPROTEC 5 7SK85 (CP300), SIPROTEC 5 7SL86 (CP300), SIPROTEC 5 7SL87 (CP300), SIPROTEC 5 7SS85 (CP300), SIPROTEC 5 7ST85 (CP300), SIPROTEC 5 7ST86 (CP300), SIPROTEC 5 7SX85 (CP300), SIPROTEC 5 7UM85 (CP300), SIPROTEC 5 7UT85 (CP300), SIPROTEC 5 7UT86 (CP300), SIPROTEC 5 7UT87 (CP300), SIPROTEC 5 7VE85 (CP300), SIPROTEC 5 7VK87 (CP300), SIPROTEC 5 7VU85 (CP300): Update to V10.0 or later version
- SIPROTEC 5 7SA82 (CP150), SIPROTEC 5 7SD82 (CP150), SIPROTEC 5 7SJ81 (CP150), SIPROTEC 5 7SJ82 (CP150), SIPROTEC 5 7SK82 (CP150), SIPROTEC 5 7SL82 (CP150), SIPROTEC 5 7SX82 (CP150), SIPROTEC 5 7SY82 (CP150), SIPROTEC 5 7UT82 (CP150):
Update to V10.0 or later version
- SIPROTEC 5 Compact 7SX800 (CP050): Update to V10.0 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see the associated Siemens security advisory SSA-894058 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504808

]]> https://www.tenable.com/plugins/ot/504807 https://www.tenable.com/plugins/ot/504807 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504807 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The web server of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause total loss of availability of the web server, which might recover after the attack is over.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

​Siemens released updates for several affected products and recommends updating to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not or are not currently available:

- ​Update to V4.3.8 or later versions.
- ​RUGGEDCOM i800: Update to V4.3.8 or later versions.
- ​RUGGEDCOM i800NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM i801: Update to V4.3.8 or later versions.
- ​RUGGEDCOM i801NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM i802: Update to V4.3.8 or later versions.
- ​RUGGEDCOM i802NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM i803: Update to V4.3.8 or later versions.
- ​RUGGEDCOM i803NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM M2100: Update to V4.3.8 or later versions.
- ​RUGGEDCOM M2100F: Currently no fix is planned.
- ​RUGGEDCOM M2100NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM M2200: Update to V4.3.8 or later versions.
- ​RUGGEDCOM M2200F: Currently no fix is planned.
- ​RUGGEDCOM M2200NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM M969: Update to V4.3.8 or later versions.
- ​RUGGEDCOM M969F: Currently no fix is planned.
- ​RUGGEDCOM M969NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RMC30: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RMC30NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RMC8388 V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RMC8388 V5.X: Currently no fix is available.
- ​RUGGEDCOM RMC8388NC V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RMC8388NC V5.X: Currently no fix is available.
- ​RUGGEDCOM RP110: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RP110NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS1600: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS1600F: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS1600FNC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS1600NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS1600T: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS1600TNC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS400: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS400F: Currently no fix is planned.
- ​RUGGEDCOM RS400NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS401: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS401NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS416: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS416F: Currently no fix is planned.
- ​RUGGEDCOM RS416NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS416NC v2: Currently no fix is available.
- ​RUGGEDCOM RS416P: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS416PF: Currently no fix is planned.
- ​RUGGEDCOM RS416PNC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS416PNC v2: Currently no fix is available.
- ​RUGGEDCOM RS416Pv2: Currently no fix is available.
- ​RUGGEDCOM RS416v2: Currently no fix is available.
- ​RUGGEDCOM RS8000: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS8000A: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS8000ANC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS8000H: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS8000HNC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS8000NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS8000T: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS8000TNC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900 (32M) V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900 (32M) V5.X: Currently no fix is available.
- ​RUGGEDCOM RS900F: Currently no fix is planned.
- ​RUGGEDCOM RS900G: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900G (32M) V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900G (32M) V5.X: Currently no fix is available.
- ​RUGGEDCOM RS900GF: Currently no fix is planned.
- ​RUGGEDCOM RS900GNC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900GNC(32M) V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900GNC(32M) V5.X: Currently no fix is available.
- ​RUGGEDCOM RS900GP: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900GPF: Currently no fix is planned.
- ​RUGGEDCOM RS900GPNC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900L: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900LNC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900M-GETS-C01: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900M-GETS-XX: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900M-STND-C01: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900M-STND-XX: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900MNC-GETS-C01: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900MNC-GETS-XX: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900MNC-STND-XX: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900MNC-STND-XX-C01: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900NC(32M) V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS900NC(32M) V5.X: Currently no fix is available.
- ​RUGGEDCOM RS900W: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS910: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS910L: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS910LNC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS910NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS910W: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS920L: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS920LNC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS920W: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS930L: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS930LNC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS930W: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS940G: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS940GF: Currently no fix is planned.
- ​RUGGEDCOM RS940GNC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS969: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RS969NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2100: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2100 (32M) V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2100 (32M) V5.X: Currently no fix is available.
- ​RUGGEDCOM RSG2100F: Currently no fix is planned.
- ​RUGGEDCOM RSG2100NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2100NC(32M) V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2100NC(32M) V5.X: Currently no fix is available.
- ​RUGGEDCOM RSG2100P: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2100PF: Currently no fix is planned.
- ​RUGGEDCOM RSG2100PNC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2200: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2200F: Currently no fix is planned.
- ​RUGGEDCOM RSG2200NC: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2288 V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2288 V5.X: Currently no fix is available.
- ​RUGGEDCOM RSG2288NC V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2288NC V5.X: Currently no fix is available.
- ​RUGGEDCOM RSG2300 V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2300 V5.X: Currently no fix is available.
- ​RUGGEDCOM RSG2300F: Currently no fix is planned.
- ​RUGGEDCOM RSG2300NC V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2300NC V5.X: Currently no fix is available.
- ​RUGGEDCOM RSG2300P V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2300P V5.X: Currently no fix is available.
- ​RUGGEDCOM RSG2300PF: Currently no fix is planned.
- ​RUGGEDCOM RSG2300PNC V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2300PNC V5.X: Currently no fix is available.
- ​RUGGEDCOM RSG2488 V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2488 V5.X: Currently no fix is available.
- ​RUGGEDCOM RSG2488F: Currently no fix is planned.
- ​RUGGEDCOM RSG2488NC V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG2488NC V5.X: Currently no fix is available.
- ​RUGGEDCOM RSG907R: Currently no fix is available.
- ​RUGGEDCOM RSG908C: Currently no fix is available.
- ​RUGGEDCOM RSG909R: Currently no fix is available.
- ​RUGGEDCOM RSG910C: Currently no fix is available.
- ​RUGGEDCOM RSG920P V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG920P V5.X: Currently no fix is available.
- ​RUGGEDCOM RSG920PNC V4.X: Update to V4.3.8 or later versions.
- ​RUGGEDCOM RSG920PNC V5.X: Currently no fix is available.
- ​RUGGEDCOM RSL910: Currently no fix is available.
- ​RUGGEDCOM RSL910NC: Currently no fix is available.
- ​RUGGEDCOM RST2228: Currently no fix is available.
- ​RUGGEDCOM RST2228P: Currently no fix is available.
- ​RUGGEDCOM RST916C: Currently no fix is available.
- ​RUGGEDCOM RST916P: Currently no fix is available.
- ​Restrict access to Port 80/tcp and 443/tcp to trusted IP addresses only.
- ​Deactivate the webserver if not required and if the product supports deactivation.

​As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to the Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

​Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

​For more information see the associated Siemens security advisory SSA-770902 in HTML and CSAF.

​

Read more at https://www.tenable.com/plugins/ot/504807

]]> https://www.tenable.com/plugins/ot/504806 https://www.tenable.com/plugins/ot/504806 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504806 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The affected devices include session identifiers in URL requests for certain functionalities. This could allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens is preparing fixed versions and recommends countermeasures for products where fixes are unavailable or not yet available.

Operators of critical power systems (e.g., TSOs or DSOs) worldwide are typically required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. Therefore, operators should check whether appropriate resilient protection measures are in place. The risk of cyber incidents affecting the grid's reliability can thus be minimized by the grid design. Siemens strongly recommends applying the provided security updates using the corresponding tools and documented procedures that accompany the product. If the product supports this capability, an automated method can be used to apply the security updates across multiple product instances. Siemens strongly recommends validating any security update before it is applied and ensuring that trained staff supervise the update process in the target environment. As a general security measure, Siemens strongly recommends protecting network access with appropriate security mechanisms (e.g., firewalls, segmentation, VPN). It is advised that the environment be configured according to Siemens' operational guidelines to operate the devices in a protected IT environment.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-904646 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504806

]]> https://www.tenable.com/plugins/ot/504805 https://www.tenable.com/plugins/ot/504805 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504805 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- POWER METER SICAM Q100 (7KG9501-0AA01-0AA1), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1): Update to V2.62 or later version
- POWER METER SICAM Q200 family: Update to V2.80 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-529291 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504805

]]> https://www.tenable.com/plugins/ot/504804 https://www.tenable.com/plugins/ot/504804 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504804 with Critical Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The affected products insufficiently block data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has released updates for several affected products and recommends updating to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available:

- RUGGEDCOM i800: Update to V4.3.8 or later version
- RUGGEDCOM i800NC: Update to V4.3.8 or later version
- RUGGEDCOM i801: Update to V4.3.8 or later version
- RUGGEDCOM i801NC: Update to V4.3.8 or later version
- RUGGEDCOM i802: Update to V4.3.8 or later version
- RUGGEDCOM i802NC: Update to V4.3.8 or later version
- RUGGEDCOM i803: Update to V4.3.8 or later version
- RUGGEDCOM i803NC: Update to V4.3.8 or later version
- RUGGEDCOM M2100: Update to V4.3.8 or later version
- RUGGEDCOM M2100F: Currently no fix is planned.
- RUGGEDCOM M2100NC: Update to V4.3.8 or later version
- RUGGEDCOM M2200: Update to V4.3.8 or later version
- RUGGEDCOM M2200F: Currently no fix is planned.
- RUGGEDCOM M2200NC: Update to V4.3.8 or later version
- RUGGEDCOM M969: Update to V4.3.8 or later version
- RUGGEDCOM M969F: Currently no fix is planned.
- RUGGEDCOM M969NC: Update to V4.3.8 or later version
- RUGGEDCOM RMC30: Update to V4.3.8 or later version
- RUGGEDCOM RMC30NC: Update to V4.3.8 or later version
- RUGGEDCOM RMC8388 V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RMC8388 V5.X: Currently no fix is available.
- RUGGEDCOM RMC8388NC V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RMC8388NC V5.X: Currently no fix is available.
- RUGGEDCOM RP110: Update to V4.3.8 or later version
- RUGGEDCOM RP110NC: Update to V4.3.8 or later version
- RUGGEDCOM RS1600: Currently no fix is planned.
- RUGGEDCOM RS1600F: Currently no fix is planned.
- RUGGEDCOM RS1600FNC: Currently no fix is planned.
- RUGGEDCOM RS1600NC: Currently no fix is planned.
- RUGGEDCOM RS1600T: Currently no fix is planned.
- RUGGEDCOM RS1600TNC: Currently no fix is planned.
- RUGGEDCOM RS400: Currently no fix is planned.
- RUGGEDCOM RS400F: Currently no fix is planned.
- RUGGEDCOM RS400NC: Currently no fix is planned.
- RUGGEDCOM RS401: Currently no fix is planned.
- RUGGEDCOM RS401NC: Currently no fix is planned.
- RUGGEDCOM RS416: Update to V4.3.8 or later version
- RUGGEDCOM RS416F: Currently no fix is planned.
- RUGGEDCOM RS416NC: Update to V4.3.8 or later version
- RUGGEDCOM RS416NC v2: Currently no fix is available.
- RUGGEDCOM RS416P: Update to V4.3.8 or later version
- RUGGEDCOM RS416PF: Currently no fix is planned.
- RUGGEDCOM RS416PNC: Update to V4.3.8 or later version
- RUGGEDCOM RS416PNC v2: Currently no fix is available.
- RUGGEDCOM RS416Pv2: Currently no fix is available.
- RUGGEDCOM RS416v2: Currently no fix is available.
- RUGGEDCOM RS8000: Currently no fix is planned.
- RUGGEDCOM RS8000A: Currently no fix is planned.
- RUGGEDCOM RS8000ANC: Currently no fix is planned.
- RUGGEDCOM RS8000H: Currently no fix is planned.
- RUGGEDCOM RS8000HNC: Currently no fix is planned.
- RUGGEDCOM RS8000NC: Currently no fix is planned.
- RUGGEDCOM RS8000T: Currently no fix is planned.
- RUGGEDCOM RS8000TNC: Currently no fix is planned.
- RUGGEDCOM RS900: Update to V4.3.8 or later version
- RUGGEDCOM RS900 with switch chip M88E6083: Currently no fix is planned.
- RUGGEDCOM RS900 (32M) V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RS900 (32M) V5.X: Currently no fix is available.
- RUGGEDCOM RS900F: Currently no fix is planned.
- RUGGEDCOM RS900G: Update to V4.3.8 or later version
- RUGGEDCOM RS900G (32M) V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RS900G (32M) V5.X: Currently no fix is available.
- RUGGEDCOM RS900GF: Currently no fix is planned.
- RUGGEDCOM RS900GNC: Update to V4.3.8 or later version
- RUGGEDCOM RS900GNC(32M) V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RS900GNC(32M) V5.X: Currently no fix is available.
- RUGGEDCOM RS900GP: Update to V4.3.8 or later version
- RUGGEDCOM RS900GPF: Currently no fix is planned.
- RUGGEDCOM RS900GPNC: Update to V4.3.8 or later version
- RUGGEDCOM RS900L: Update to V4.3.8 or later version
- RUGGEDCOM RS900L with switch chip M88E6083: Currently no fix is planned.
- RUGGEDCOM RS900LNC: Update to V4.3.8 or later version
- RUGGEDCOM RS900LNC with switch chip M88E6083: Currently no fix is planned.
- RUGGEDCOM RS900M-GETS-C01: Update to V4.3.8 or later version
- RUGGEDCOM RS900M-GETS-XX: Update to V4.3.8 or later version
- RUGGEDCOM RS900M-STND-C01: Update to V4.3.8 or later version
- RUGGEDCOM RS900M-STND-XX: Update to V4.3.8 or later version
- RUGGEDCOM RS900MNC-GETS-C01: Update to V4.3.8 or later version
- RUGGEDCOM RS900MNC-GETS-XX: Update to V4.3.8 or later version
- RUGGEDCOM RS900MNC-STND-XX: Update to V4.3.8 or later version
- RUGGEDCOM RS900MNC-STND-XX-C01: Update to V4.3.8 or later version
- RUGGEDCOM RS900NC: Update to V4.3.8 or later version
- RUGGEDCOM RS900NC with switch chip M88E6083: Currently no fix is planned.
- RUGGEDCOM RS900NC(32M) V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RS900NC(32M) V5.X: Currently no fix is available.
- RUGGEDCOM RS900W: Update to V4.3.8 or later version
- RUGGEDCOM RS910: Update to V4.3.8 or later version
- RUGGEDCOM RS910L: Update to V4.3.8 or later version
- RUGGEDCOM RS910LNC: Update to V4.3.8 or later version
- RUGGEDCOM RS910NC: Update to V4.3.8 or later version
- RUGGEDCOM RS910W: Update to V4.3.8 or later version
- RUGGEDCOM RS920L: Update to V4.3.8 or later version
- RUGGEDCOM RS920LNC: Update to V4.3.8 or later version
- RUGGEDCOM RS920W: Update to V4.3.8 or later version
- RUGGEDCOM RS930L: Update to V4.3.8 or later version
- RUGGEDCOM RS930LNC: Update to V4.3.8 or later version
- RUGGEDCOM RS930W: Update to V4.3.8 or later version
- RUGGEDCOM RS940G: Update to V4.3.8 or later version
- RUGGEDCOM RS940GF: Currently no fix is planned.
- RUGGEDCOM RS940GNC: Update to V4.3.8 or later version
- RUGGEDCOM RS969: Update to V4.3.8 or later version
- RUGGEDCOM RS969NC: Update to V4.3.8 or later version
- RUGGEDCOM RSG2100: Update to V4.3.8 or later version
- RUGGEDCOM RSG2100 (32M) V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RSG2100 (32M) V5.X: Currently no fix is available.
- RUGGEDCOM RSG2100F: Currently no fix is planned.
- RUGGEDCOM RSG2100NC: Update to V4.3.8 or later version
- RUGGEDCOM RSG2100NC (32M) V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RSG2100NC (32M) V5.X: Currently no fix is available.
- RUGGEDCOM RSG2100P: Update to V4.3.8 or later version
- RUGGEDCOM RSG2100PF: Currently no fix is planned.
- RUGGEDCOM RSG2100PNC: Update to V4.3.8 or later version
- RUGGEDCOM RSG2200: Update to V4.3.8 or later version
- RUGGEDCOM RSG2200F: Currently no fix is planned.
- RUGGEDCOM RSG2200NC: Update to V4.3.8 or later version
- RUGGEDCOM RSG2288 V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RSG2288 V5.X: Currently no fix is available.
- RUGGEDCOM RSG2288NC V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RSG2288NC V5.X: Currently no fix is available.
- RUGGEDCOM RSG2300 V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RSG2300 V5.X: Currently no fix is available.
- RUGGEDCOM RSG2300F: Currently no fix is planned.
- RUGGEDCOM RSG2300NC V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RSG2300NC V5.X: Currently no fix is available.
- RUGGEDCOM RSG2300P V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RSG2300P V5.X: Currently no fix is available.
- RUGGEDCOM RSG2300PF: Currently no fix is planned.
- RUGGEDCOM RSG2300PNC V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RSG2300PNC V5.X: Currently no fix is available.
- RUGGEDCOM RSG2488 V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RSG2488 V5.X: Currently no fix is available.
- RUGGEDCOM RSG2488F: Currently no fix is planned.
- RUGGEDCOM RSG2488NC V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RSG2488NC V5.X: Currently no fix is available.
- RUGGEDCOM RSG907R: Currently no fix is available.
- RUGGEDCOM RSG908C: Currently no fix is available.
- RUGGEDCOM RSG909R: Currently no fix is available.
- RUGGEDCOM RSG910C: Currently no fix is available.
- RUGGEDCOM RSG920P V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RSG920P V5.X: Currently no fix is available.
- RUGGEDCOM RSG920PNC V4.X: Update to V4.3.8 or later version
- RUGGEDCOM RSG920PNC V5.X: Currently no fix is available.
- RUGGEDCOM RSL910: Currently no fix is available.
- RUGGEDCOM RSL910NC: Currently no fix is available.
- RUGGEDCOM RST2228: Currently no fix is available.
- RUGGEDCOM RST2228P: Currently no fix is available.
- RUGGEDCOM RST916C: Currently no fix is available.
- RUGGEDCOM RST916P: Currently no fix is available.

Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:

- Configure ingress filtering to control traffic flow when port mirroring is enabled:
- Enable ingress filtering
- Disable RSTP on the target port(s)
- Disable neighbor discovery protocol on the target port(s)
- Disable LLDP on the target port(s)
- Further details can be found at https://support.industry.siemens.com/cs/ww/en/view/109759351

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-908185 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504804

]]> https://www.tenable.com/plugins/ot/504803 https://www.tenable.com/plugins/ot/504803 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504803 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet network to send a specially crafted message that results in a partial denial of service condition of the targeted device, and potentially reduce the availability of BACnet network. A power cycle is required to restore the device's normal operation.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- APOGEE PXC+TALON TC Series (BACnet): Currently no fix is planned

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-718393 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504803

]]> https://www.tenable.com/plugins/ot/504802 https://www.tenable.com/plugins/ot/504802 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504802 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Affected devices are vulnerable to a web-based code injection attack via the console. An attacker could exploit this vulnerability to inject code into the web server and cause malicious behavior in legitimate users accessing certain web resources on the affected device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has released updates for several affected products and recommends updating to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet, available.

- RUGGEDCOM ROS RMC8388: Update to v5.6.0 or later version
- RUGGEDCOM ROS RS416v2: Update to v5.6.0 or later version
- RUGGEDCOM ROS RS900 (32M): Update to v5.6.0 or later version
- RUGGEDCOM ROS RS900G (32M): Update to v5.6.0 or later version
- RUGGEDCOM ROS RSG907R: Update to v5.6.0 or later version
- RUGGEDCOM ROS RSG908C: Update to v5.6.0 or later version
- RUGGEDCOM ROS RSG909R: Update to v5.6.0 or later version
- RUGGEDCOM ROS RSG910C: Update to v5.6.0 or later version
- RUGGEDCOM ROS RSG920P: Update to v5.6.0 or later version
- RUGGEDCOM ROS RSG2100 (32M): Update to v5.6.0 or later version
- RUGGEDCOM ROS RSG2288: Update to v5.6.0 or later version
- RUGGEDCOM ROS RSG2300: Update to v5.6.0 or later version
- RUGGEDCOM ROS RSG2300P: Update to v5.6.0 or later version
- RUGGEDCOM ROS RSG2488: Update to v5.6.0 or later version
- RUGGEDCOM ROS RSL910: Update to v5.6.0 or later version
- RUGGEDCOM ROS RST916C: Update to v5.6.0 or later version
- RUGGEDCOM ROS RST916P: Update to v5.6.0 or later version
- RUGGEDCOM ROS RST2228: Update to v5.6.0 or later version
- RUGGEDCOM ROS RST2228P: Update to v5.6.0 or later version

Siemens recommends implementing the following specific workarounds and mitigations that customers can apply to reduce the risk:

- Restrict network access to only trusted IP addresses in affected systems to ports 443/TCP and 22/TCP.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following the recommendations in the product manuals to help ensure security within an environment.

Additional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity

For more information about this issue, please see Siemens’ security advisory SSA-840800

Read more at https://www.tenable.com/plugins/ot/504802

]]> https://www.tenable.com/plugins/ot/504801 https://www.tenable.com/plugins/ot/504801 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504801 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

ceph: incorrect Fw reference check when dirtying pages.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504801

]]> https://www.tenable.com/plugins/ot/504800 https://www.tenable.com/plugins/ot/504800 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504800 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

mailbox: bcm2835: timeout during suspend mode.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504800

]]> https://www.tenable.com/plugins/ot/504799 https://www.tenable.com/plugins/ot/504799 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504799 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create(). sock_init_data() attaches the allocated sk object to the provided sock object. If ieee802154_create() fails later, the allocated sk object is freed, but the dangling pointer remains in the provided sock object, which may allow use-after-free.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504799

]]> https://www.tenable.com/plugins/ot/504798 https://www.tenable.com/plugins/ot/504798 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504798 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

batman-adv: empty buckets in batadv_purge_orig_ref() are pointing to soft lockups in batadv_purge_orig_ref().

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504798

]]> https://www.tenable.com/plugins/ot/504797 https://www.tenable.com/plugins/ot/504797 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504797 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Bluetooth: hci_core: deadlock at destroy_workqueue().

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504797

]]> https://www.tenable.com/plugins/ot/504796 https://www.tenable.com/plugins/ot/504796 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504796 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

sh: cpuinfo: warning for CONFIG_CPUMASK_OFFSTACK. When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected, cpu_max_bits_warn() generates a runtime warning when showing /proc/cpuinfo.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504796

]]> https://www.tenable.com/plugins/ot/504795 https://www.tenable.com/plugins/ot/504795 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504795 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

vmci: speculation leaks by sanitizing event in event_deliver().
event_msg is controlled by user-space, event_msg->event_data.event is passed to event_deliver() and used as an index without sanitization, leading to information leaks.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504795

]]> https://www.tenable.com/plugins/ot/504794 https://www.tenable.com/plugins/ot/504794 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504794 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

ocfs2: remove unreasonable unlock in ocfs2_read_blocks Patch series Misc fixes for ocfs2_read_blocks, v5.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504794

]]> https://www.tenable.com/plugins/ot/504793 https://www.tenable.com/plugins/ot/504793 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504793 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the end.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504793

]]> https://www.tenable.com/plugins/ot/504792 https://www.tenable.com/plugins/ot/504792 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504792 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

drm/panel: ilitek-ili9881c: warning with GPIO controllers.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504792

]]> https://www.tenable.com/plugins/ot/504791 https://www.tenable.com/plugins/ot/504791 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504791 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

net: lapb: It is unclear if net/lapb code is supposed to be ready for 8021q, this may lead to crashes.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504791

]]> https://www.tenable.com/plugins/ot/504790 https://www.tenable.com/plugins/ot/504790 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504790 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

pci/hotplug/pnv_php: hotplug driver crash on Powernv.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504790

]]> https://www.tenable.com/plugins/ot/504789 https://www.tenable.com/plugins/ot/504789 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504789 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

scsi: aacraid: Fix double-free on probe failure. aac_probe_one() calls hardware-specific init functions through the aac_driver_ident::init pointer, all of which eventually call down to aac_init_adapter(). If aac_init_adapter() fails after allocating memory for aac_dev::queues, it frees the memory but does not clear that member. After the hardware-specific init function returns an error, aac_probe_one() goes down an error path that frees the memory pointed to by aac_dev::queues, resulting in a double-free.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504789

]]> https://www.tenable.com/plugins/ot/504788 https://www.tenable.com/plugins/ot/504788 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504788 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

media: dvbdev: risk of out of memory access.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504788

]]> https://www.tenable.com/plugins/ot/504787 https://www.tenable.com/plugins/ot/504787 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504787 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

xhci: Panther point NULL pointer deref at full-speed re-enumeration.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504787

]]> https://www.tenable.com/plugins/ot/504786 https://www.tenable.com/plugins/ot/504786 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504786 with Medium Severity

Synopsis

This plugin has been deprecated.

Description

This plugin has been deprecated as CVE rejected by Siemens.

Solution

null

Read more at https://www.tenable.com/plugins/ot/504786

]]> https://www.tenable.com/plugins/ot/504785 https://www.tenable.com/plugins/ot/504785 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504785 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package().

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504785

]]> https://www.tenable.com/plugins/ot/504784 https://www.tenable.com/plugins/ot/504784 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504784 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

nvmet: possible leak when destroy a ctrl during qp establishment.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504784

]]> https://www.tenable.com/plugins/ot/504783 https://www.tenable.com/plugins/ot/504783 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504783 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

rtc: check if __rtc_read_time was successful in rtc_timer_do_work() If the __rtc_read_time call fails, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue, they will continually expire, may causing kernel softlockup.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504783

]]> https://www.tenable.com/plugins/ot/504782 https://www.tenable.com/plugins/ot/504782 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504782 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

drm/amdgpu/pm: null pointer dereference in apply_state_adjust_rules.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504782

]]> https://www.tenable.com/plugins/ot/504781 https://www.tenable.com/plugins/ot/504781 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504781 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

powerpc/pseries: Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-* results in a BUG().

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504781

]]> https://www.tenable.com/plugins/ot/504780 https://www.tenable.com/plugins/ot/504780 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504780 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

ubi: fastmap: The duplicate slab cache names can be detected and a kernel WARNING is thrown out.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504780

]]> https://www.tenable.com/plugins/ot/504779 https://www.tenable.com/plugins/ot/504779 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504779 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

uprobes: vma xol_add_vma() maps the uninitialized page allocated by
__create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ permission. Additionally setting VM_EXEC produces the same page protection attributes (pgprot_t) as setting both VM_EXEC and VM_READ. Nevertheless, the debugger can read this memory.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504779

]]> https://www.tenable.com/plugins/ot/504778 https://www.tenable.com/plugins/ot/504778 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504778 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

udp: small race window.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504778

]]> https://www.tenable.com/plugins/ot/504777 https://www.tenable.com/plugins/ot/504777 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504777 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

PCI: keystone: Fix if-statement expression in ks_pcie_quirk(). This code accidentally uses && where || was intended. It potentially results in a NULL dereference.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504777

]]> https://www.tenable.com/plugins/ot/504776 https://www.tenable.com/plugins/ot/504776 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504776 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c. Add error pointer check after calling otx2_mbox_get_rsp().

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504776

]]> https://www.tenable.com/plugins/ot/504775 https://www.tenable.com/plugins/ot/504775 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504775 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

dccp: vulnerability in DCCP (Datagram Congestion Control Protocol) involves a memory leak in dccp_feat_change_recv where memory allocated for a new SP feature value is not freed if dccp_feat_push_confirm() fails, leading to potential resource exhaustion.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504775

]]> https://www.tenable.com/plugins/ot/504774 https://www.tenable.com/plugins/ot/504774 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504774 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

drivers: media: dvb-frontends/rtl2832: An out-of-bounds access occurs if rtl2832_pid_filter exceed 31, which was not verified.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504774

]]> https://www.tenable.com/plugins/ot/504773 https://www.tenable.com/plugins/ot/504773 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504773 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

MIPS:The standard PCIe configuration read-write interface is used to access the configuration space of the peripheral PCIe devices of the mips processor after the PCIe link surprise down, it can generate kernel panic caused by Data bus error.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504773

]]> https://www.tenable.com/plugins/ot/504772 https://www.tenable.com/plugins/ot/504772 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504772 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

greybus: use-after-free vulnerability in gb_interface_release due to race condition.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504772

]]> https://www.tenable.com/plugins/ot/504771 https://www.tenable.com/plugins/ot/504771 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504771 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

vfs: Some filesystems(eg. ext4 with ea_inode feature, ubifs with xattr) may do inode lookup in the inode evicting callback function, if the inode lookup is operated under the inode lru traversing context, deadlock problems may happen.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504771

]]> https://www.tenable.com/plugins/ot/504770 https://www.tenable.com/plugins/ot/504770 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504770 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

net: af_can: do not leave a dangling sk pointer in can_create(). On error can_create() frees the allocated sk object, but sock_init_data() has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock object and may cause use-after-free later.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504770

]]> https://www.tenable.com/plugins/ot/504769 https://www.tenable.com/plugins/ot/504769 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504769 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

net: can: j1939: vulnerability related to error handling for closely received RTS messages in xtp_rx_rts_session_new, which is addressed by replacing less informative backtraces with a new method that provides clearer error messages and allows for early termination of problematic sessions.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504769

]]> https://www.tenable.com/plugins/ot/504768 https://www.tenable.com/plugins/ot/504768 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504768 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

tap: add missing verification for short frame. Missing to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack. Even before the skb is transmitted, the tap_get_user_xdp()-->skb_set_network_header() may assume the size is more than ETH_HLEN. Once transmitted, this could either cause out-of- bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504768

]]> https://www.tenable.com/plugins/ot/504767 https://www.tenable.com/plugins/ot/504767 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504767 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as write into the write protected region leading to secure interrupt which causes an endless loop somewhere in Trust Zone.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504767

]]> https://www.tenable.com/plugins/ot/504766 https://www.tenable.com/plugins/ot/504766 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504766 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

hns3: A kernel crash may occur when the driver is uninstalled and the VF is disabled concurrently.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504766

]]> https://www.tenable.com/plugins/ot/504765 https://www.tenable.com/plugins/ot/504765 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504765 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504765

]]> https://www.tenable.com/plugins/ot/504764 https://www.tenable.com/plugins/ot/504764 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504764 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

ila: call nf_unregister_net_hooks() use-after-free Read in ila_nf_input.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504764

]]> https://www.tenable.com/plugins/ot/504763 https://www.tenable.com/plugins/ot/504763 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504763 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait().

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504763

]]> https://www.tenable.com/plugins/ot/504762 https://www.tenable.com/plugins/ot/504762 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504762 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

MIPS: Loongson64: DTS: issues with PCIe port nodes for ls7a.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504762

]]> https://www.tenable.com/plugins/ot/504761 https://www.tenable.com/plugins/ot/504761 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504761 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

fbdev: pxafb:use after free in pxafb_task(). In the pxafb_probe function, it calls the pxafb_init_fbinfo function, after which &fbi->task is associated with pxafb_task. Moreover, within this pxafb_init_fbinfo function, the pxafb_blank function within the &pxafb_ops struct is capable of scheduling work. If we remove the module which will call pxafb_remove to make cleanup, it will call unregister_framebuffer function which can call do_unregister_framebuffer to free fbi->fb through put_fb_info(fb_info), while the work mentioned above will be used.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504761

]]> https://www.tenable.com/plugins/ot/504760 https://www.tenable.com/plugins/ot/504760 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504760 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where the first host is a subdomain of the second host.
(The HSTS cache either needs to have been populated manually or there needs to have been previous HTTPS accesses done as the cache needs to have entries for the domains involved to trigger this problem.) When `x.example.com` responds with `Strict-Transport-Security:` headers, this bug can make the subdomain's expiry timeout *bleed over* and get set for the parent domain `example.com` in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to `example.com` get converted to HTTPS for a different period of time than what was asked for by the origin server. If `example.com` for example stops supporting HTTPS at its expiry time, curl might then fail to access `http://example.com` until the (wrongly set) timeout expires. This bug can also expire the parent's entry *earlier*, thus making curl inadvertently switch back to insecure HTTP earlier than otherwise intended.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504760

]]> https://www.tenable.com/plugins/ot/504759 https://www.tenable.com/plugins/ot/504759 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504759 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

net/xen-netback: prevent UAF in xenvif_flush_hash(). During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read critical section, so if kfree_rcu is called when the rcu grace period ends during the iteration, UAF occurs when accessing head->next after the entry becomes free.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504759

]]> https://www.tenable.com/plugins/ot/504758 https://www.tenable.com/plugins/ot/504758 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504758 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504758

]]> https://www.tenable.com/plugins/ot/504757 https://www.tenable.com/plugins/ot/504757 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504757 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

net: hsr: avoid potential out-of-bound access in fill_frame_info(). By extending the check to cover packets with only 14 bytes, it prevents uninitialized values from causing undefined behavior or security issues.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504757

]]> https://www.tenable.com/plugins/ot/504756 https://www.tenable.com/plugins/ot/504756 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504756 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk object, but the dangling pointer is still attached to the sock object, which may create use-after-free in other code.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504756

]]> https://www.tenable.com/plugins/ot/504755 https://www.tenable.com/plugins/ot/504755 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504755 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

ALSA: us122l: OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504755

]]> https://www.tenable.com/plugins/ot/504754 https://www.tenable.com/plugins/ot/504754 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504754 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

firmware_loader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such.
However, there are a couple codepaths in the kernel where firmware file names contain string components that are passed through from a device or semi-privileged userspace.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504754

]]> https://www.tenable.com/plugins/ot/504753 https://www.tenable.com/plugins/ot/504753 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504753 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

drm/amd/display: index out of bounds in DCN30 color transformation.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504753

]]> https://www.tenable.com/plugins/ot/504752 https://www.tenable.com/plugins/ot/504752 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504752 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

USB: serial: mos7840: fix crash on resume Since(USB: serial: use generic method if no alternative is provided in usb serial layer), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 since support for multiple read URBs was added back in 2011.
Specifically, both port read URBs are now submitted on resume for open ports, but the context pointer of the second URB is left set to the core rather than mos7840 port structure.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504752

]]> https://www.tenable.com/plugins/ot/504751 https://www.tenable.com/plugins/ot/504751 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504751 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

netfilter: ipset: vulnerability involves a race condition where the ip_set.ko module can be unloaded by user space while it is requesting a set type backend module, potentially causing a kernel crash.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504751

]]> https://www.tenable.com/plugins/ot/504750 https://www.tenable.com/plugins/ot/504750 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504750 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

IB/core: an unbounded UMAD receive list, poses a risk of uncontrolled growth.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504750

]]> https://www.tenable.com/plugins/ot/504749 https://www.tenable.com/plugins/ot/504749 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504749 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

uio_hv_generic: kernel NULL pointer dereference in hv_uio_rescind.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504749

]]> https://www.tenable.com/plugins/ot/504748 https://www.tenable.com/plugins/ot/504748 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504748 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

x86/entry_32: Clear CPU buffers after register restore in NMI return CPU buffers are currently cleared after call to exc_nmi, but before register state is restored. This may be okay for MDS mitigation but not for RDFS. Because RDFS mitigation requires CPU buffers to be cleared when registers don't have any sensitive data. Move CLEAR_CPU_BUFFERS after RESTORE_ALL_NMI.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504748

]]> https://www.tenable.com/plugins/ot/504747 https://www.tenable.com/plugins/ot/504747 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504747 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

HID: wacom: Due to incorrect dev->product reporting by certain devices, null pointer dereferences occur when dev->product is empty, leading to potential system crashes.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504747

]]> https://www.tenable.com/plugins/ot/504746 https://www.tenable.com/plugins/ot/504746 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504746 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans. During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504746

]]> https://www.tenable.com/plugins/ot/504745 https://www.tenable.com/plugins/ot/504745 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504745 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

PCI: keystone: Missing workaround for Errata #i2037 (AM65x SR 1.0).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504745

]]> https://www.tenable.com/plugins/ot/504744 https://www.tenable.com/plugins/ot/504744 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504744 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

blk-rq-qos: vulnerability in blk-rq-qos can cause a crash due to a race condition between rq_qos_wait and rq_qos_wake_function, which is fixed by ensuring the waitqueue entry is accessed in the correct order.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504744

]]> https://www.tenable.com/plugins/ot/504743 https://www.tenable.com/plugins/ot/504743 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504743 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

drm/amd/display: Check gpio_id before used as array index.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504743

]]> https://www.tenable.com/plugins/ot/504742 https://www.tenable.com/plugins/ot/504742 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504742 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

drm/nouveau/dispnv04: null pointer dereference in nv17_tv_get_ld_modes.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504742

]]> https://www.tenable.com/plugins/ot/504741 https://www.tenable.com/plugins/ot/504741 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504741 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

ppp: claimed-as-LCP but actually malformed packets.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504741

]]> https://www.tenable.com/plugins/ot/504740 https://www.tenable.com/plugins/ot/504740 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504740 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

ocfs2: reserve space for inline xattr before attaching reflink tree.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504740

]]> https://www.tenable.com/plugins/ot/504739 https://www.tenable.com/plugins/ot/504739 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504739 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

powerpc/eeh: possible crash when edev->pdev changes.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504739

]]> https://www.tenable.com/plugins/ot/504738 https://www.tenable.com/plugins/ot/504738 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504738 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

VMCI: use-after-free when removing resource in vmci_resource_remove().

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504738

]]> https://www.tenable.com/plugins/ot/504737 https://www.tenable.com/plugins/ot/504737 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504737 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

ubifs: authentication: After an insertion in TNC, the tree might split and cause a node to change its `znode->parent`. A further deletion of other nodes in the tree (which also could free the nodes), the aforementioned node's `znode->cparent` could still point to a freed node. This `znode->cparent` may not be updated when getting nodes to commit in `ubifs_tnc_start_commit()`. This could then trigger a use- after-free when accessing the `znode->cparent` in `write_index()` in `ubifs_tnc_end_commit()`.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504737

]]> https://www.tenable.com/plugins/ot/504736 https://www.tenable.com/plugins/ot/504736 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504736 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[].

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504736

]]> https://www.tenable.com/plugins/ot/504735 https://www.tenable.com/plugins/ot/504735 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504735 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

nilfs2: vulnerability involves a use-after-free bug during mount-time recovery, where inodes with recovered data are not freed if an error occurs before the log writer starts, leading to potential memory issues.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504735

]]> https://www.tenable.com/plugins/ot/504734 https://www.tenable.com/plugins/ot/504734 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504734 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device. While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) vulnerability.
This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/504734

]]> https://www.tenable.com/plugins/ot/504733 https://www.tenable.com/plugins/ot/504733 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504733 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Input: missing limit on max slots results in too large allocation at input_mt_init_slots().

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504733

]]> https://www.tenable.com/plugins/ot/504732 https://www.tenable.com/plugins/ot/504732 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504732 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

mlxsw: spectrum_acl_erp: object nesting warning.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504732

]]> https://www.tenable.com/plugins/ot/504731 https://www.tenable.com/plugins/ot/504731 Tue, 18 Nov 2025 00:00:00 GMT Tenable OT Security Plugin ID 504731 with High Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

vhost_vdpa: assign irq bypass producer token correctly.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- All affected products: Update to V3.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.

Read more at https://www.tenable.com/plugins/ot/504731

]]>