Cvss
The latest Cvss coverage — news, analysis, and updates from the WindowsNews.AI desk.
Siemens, Schneider, Daikin ICS Flaws Could Let Attackers Remotely Cripple Operations
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on September 11, 2025, released eleven industrial control systems (ICS) advisories detailing urgent security defects in Siemens,...
CVE-2025-54906: Microsoft Office Memory Bug Enables Code Execution via Malicious Docs – Patch Now
Microsoft has issued a security advisory for CVE-2025-54906, a critical memory-corruption vulnerability in Office that can lead to arbitrary code execution when a user opens or previews a specially...
Redis Misconfiguration Exposes Sensitive Data in Rockwell Automation's LogixAI: CISA Warns
Rockwell Automation’s FactoryTalk Analytics LogixAI contains a high-severity configuration weakness that could expose sensitive operational data to attackers on adjacent networks. The U.S....
CISA Warns: Remote Attackers Can Brick Rockwell ControlLogix 5580 Controllers — Patch Immediately
A critical flaw in Rockwell Automation’s ControlLogix 5580 programmable logic controllers can be exploited over the network to trigger a ‘major nonrecoverable fault,’ effectively bricking the...
Rockwell Automation FactoryTalk Activation Manager Vulnerability Allows Remote Decryption and Hijacking
Rockwell Automation has issued an urgent security advisory after a critical cryptographic weakness was discovered in its FactoryTalk Activation Manager, a licensing tool deployed across thousands of...
CVE-2025-9866: Chrome and Edge Fix CSP Bypass That Could Let Attackers Steal Data via Extensions
A high-severity security flaw in Chromium’s Extensions subsystem allows attackers to bypass Content Security Policy (CSP) protections using a maliciously crafted HTML page, potentially exposing...
GE Vernova Issues Urgent Patch for CIMPLICITY DLL Hijacking Flaw Rated CVSS 7.0
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory detailing a dangerous privilege escalation vulnerability in GE Vernova’s CIMPLICITY HMI/SCADA platform....
CISA Flags Actively Exploited Citrix NetScaler CVE-2025-7775, Demands Urgent Patch
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Citrix NetScaler vulnerability, tracked as CVE-2025-7775, to its Known Exploited Vulnerabilities (KEV) Catalog after...
CISA's August 19 ICS Alert: Siemens Desigo CC SAML Bypass, Tigo Hardcoded Credentials, and EG4 Inverter Firmware Risks Exposed
Four industrial control system advisories released by CISA on August 19, 2025, pack an urgent punch for critical infrastructure operators, exposing dangerous flaws across building management...
Chrome's File Picker Cross-Origin Leak Prompts Emergency Patch for Windows Browsers
A critical logic flaw in Chromium's File Picker—one of the browser's most sensitive UI components—can be weaponized to leak data across origins, forcing Google and Microsoft to ship urgent...
Siemens Admits No Fix Planned for Critical PLCSIM Vulnerability as TIA Portal Flaw Scores 8.5 CVSS
Siemens has disclosed a high-severity deserialization vulnerability in its TIA Portal engineering platform that carries a CVSS v4 score of 8.5, and in a troubling admission, says no fix is planned...
Siemens Patches Critical Simcenter Femap Bugs Allowing Code Execution from Malicious STP and BMP Files
Siemens has released urgent patches for two high-severity vulnerabilities in its Simcenter Femap engineering simulation software that could allow local attackers to execute arbitrary code by...