Monthly
Cleartext-transmission exposure in Hitachi Energy PROMOD V allows a network man-in-the-middle to intercept or read sensitive data because the application relies on unencrypted HTTP rather than HTTPS when communicating with a third-party Digipede grid-computing server. The flaw (CWE-1428, reliance on an insecure communications channel) carries a CVSS 4.0 base score of 7.0 and is rated high confidentiality impact with limited integrity impact; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Man-in-the-middle attacks against AMD's optional desktop tools - AMD Management Console (AMC), AMD Ryzen Master, and AMD μProf - can lead to arbitrary code execution because the affected utilities transport data over plaintext HTTP rather than TLS. An attacker positioned on the network path between a victim workstation and the AMD endpoint can tamper with traffic (most plausibly update or telemetry channels) to substitute malicious content that is then executed by the tool. No public exploit identified at time of analysis and the issue is not in CISA KEV; EPSS data was not provided.
Cleartext-transmission exposure in Hitachi Energy PROMOD V allows a network man-in-the-middle to intercept or read sensitive data because the application relies on unencrypted HTTP rather than HTTPS when communicating with a third-party Digipede grid-computing server. The flaw (CWE-1428, reliance on an insecure communications channel) carries a CVSS 4.0 base score of 7.0 and is rated high confidentiality impact with limited integrity impact; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Man-in-the-middle attacks against AMD's optional desktop tools - AMD Management Console (AMC), AMD Ryzen Master, and AMD μProf - can lead to arbitrary code execution because the affected utilities transport data over plaintext HTTP rather than TLS. An attacker positioned on the network path between a victim workstation and the AMD endpoint can tamper with traffic (most plausibly update or telemetry channels) to substitute malicious content that is then executed by the tool. No public exploit identified at time of analysis and the issue is not in CISA KEV; EPSS data was not provided.