NVD disclosure day

Published threat advisories for February 9, 2021

CVE advisoryCRITICAL

CVE-2020-15798

Siemens HMI Panels and SINAMICS Drives Unsecured Telnet Access Risk

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

Certain Siemens industrial control systems are affected by a vulnerability that allows unauthenticated remote attackers to gain full access to devices by exploiting an enabled telnet service. This could lead to significant compromise of operational technology systems.

NVD published:

CVE advisoryKnown Exploit

CVE-2021-21148

Google Chrome: Heap Corruption Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in the V8 engine of Google Chrome could allow attackers to exploit heap corruption via a crafted HTML page, potentially affecting systems and data. The risk to organizations is significant, particularly as it is listed on the Known Exploited Vulnerabilities catalog.

NVD published: • CISA KEV