A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash.

CVE Database V5

Detailed information about CVE-2025-7971: CWE-20: Improper Input Validation in Rockwell Automation Studio 5000 Logix Designer® affecting Rockwell Automation Stu

CVE-2025-7971: CWE-20: Improper Input Validation in Rockwell Automation Studio 5000 Logix Designer® - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7971: CWE-20: Improper Input Validation in Rockwell Automation Studio 5000 Logix Designer®

A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations.

Detailed information about CVE-2025-40758: CWE-347: Improper Verification of Cryptographic Signature in Siemens Mendix SAML (Mendix 10.12 compatible) affecting 

CVE-2025-40758: CWE-347: Improper Verification of Cryptographic Signature in Siemens Mendix SAML (Mendix 10.12 compatible) - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-40758: CWE-347: Improper Verification of Cryptographic Signature in Siemens Mendix SAML (Mendix 10.12 compatible)

Norway Blames Pro-Russian Hackers for Dam Cyberattack

Source: https://hackread.com/norway-blames-pro-russian-hackers-for-dam-cyberattack/

The reported security threat involves a cyberattack on a dam in Norway, which Norwegian authorities attribute to pro-Russian hacker groups. While specific technical details about the attack vector, exploited vulnerabilities, or malware used have not been disclosed, the incident highlights the increasing risk of state-sponsored or politically motivated cyber operations targeting critical infrastructure. Dams are considered critical national infrastructure due to their role in water management, hydroelectric power generation, and flood control. A successful cyberattack on such facilities can disrupt power supplies, cause physical damage, or endanger public safety. The attribution to pro-Russian hackers suggests a geopolitical motive, potentially linked to broader tensions between Russia and Western countries. The lack of detailed technical indicators or known exploits in the wild limits the ability to analyze the exact methods used; however, typical attack vectors against industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems include spear-phishing, exploitation of unpatched vulnerabilities, supply chain compromises, or insider threats. The medium severity rating indicates that while the attack is serious, it may not have resulted in catastrophic damage or widespread disruption at this stage. Nonetheless, the incident serves as a warning for critical infrastructure operators to enhance their cybersecurity posture against sophisticated threat actors.

Reddit InfoSec News

Detailed information about Norway Blames Pro-Russian Hackers for Dam Cyberattack. Get real-time updates, technical details, and mitigation strategies.

Norway Blames Pro-Russian Hackers for Dam Cyberattack - Live Threat Intelligence - Threat Radar | OffSeq.com

Norway Blames Pro-Russian Hackers for Dam Cyberattack

Reddit Discussion: Norway Blames Pro-Russian Hackers for Dam Cyberattack

SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

Detailed information about CVE-2025-36613: CWE-266: Incorrect Privilege Assignment in Dell SupportAssist for Home PCs affecting Dell SupportAssist for Home PCs.

CVE-2025-36613: CWE-266: Incorrect Privilege Assignment in Dell SupportAssist for Home PCs - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-36613: CWE-266: Incorrect Privilege Assignment in Dell SupportAssist for Home PCs

A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-8964: Improper Authentication in code-projects Hostel Management System affecting code-projects Hostel Management System. Ge

CVE-2025-8964: Improper Authentication in code-projects Hostel Management System

CVE-2025-8964: Improper Authentication in code-projects Hostel Management System

Description

Technical Details

Related Threats

CVE-2025-7971: CWE-20: Improper Input Validation in Rockwell Automation Studio 5000 Logix Designer®

CVE-2025-40758: CWE-347: Improper Verification of Cryptographic Signature in Siemens Mendix SAML (Mendix 10.12 compatible)

CVE-2025-36613: CWE-266: Incorrect Privilege Assignment in Dell SupportAssist for Home PCs

CVE-2025-27845: n/a

CVE-2025-7972: CWE-286: Incorrect User Management in Rockwell Automation FactoryTalk® Linx

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility