Overview
APC Easy UPS Online Monitoring Software: Schneider Electric has disclosed three vulnerabilities: two critical- and one high-severity affecting their monitoring software. APS is one of the most popular brands worldwide for controlling uninterrupted power supply (UPS) systems online. These flaws could allow an attacker to carry out remote code-execution and denial-of-service.
VMWare had released security updates for four critical vulnerabilities in Workstation Pro and Player and in VMWare Fusion. These vulnerabilities could allow an attacker with administrative privileges on a virtual machine to execute code or to access privileged information stored in hypervisor memory. These could be used in an exploit chain where more than one vulnerability is exploited to carry out an attack.
Zyxel has issued security updates to address vulnerabilities in Zyxel VPN, ATP and USG. One of the vulnerabilities is critical-severity and could potentially allow an unauthorised attacker to execute remote commands by sending malicious packets to an affected device.
Recommended Action
Organisations are encouraged to review the appropriate security and advisory pages and apply the updates:
Schneider Electric (APS) – Security Notification
VMWare – Security Advisories
Zyxel – Security Advisories
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.