FREE DIAGNOSTIC

Serial number:AV25-394
Date:July 3, 2025

On July 2, 2025, Grafana published a security advisory to address critical vulnerabilities in the following products:

• Grafana Image Renderer – versions prior to 3.12.9
• Synthetic Monitoring Agent – versions prior to 0.38.3

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Grafana Security Advisory

Serial number:AV25-393
Date:July 3, 2025

On July 3, 2025, ABB published a security advisory to address vulnerabilities in the following products:

• RMC-100 – versions 2105457-043 to 2105457-045
• RMC-100 LITE – versions 2106229-015 to 2106229-016

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• ABB Cyber Security Advisory - Vulnerabilities in web UI (REST Interface) RMC-100
• ABB Cyber security alerts and notifications

Serial number:AV25-392
Date:July 3, 2025

On June 19 and 25, 2025, Brother, Toshiba, Ricoh, Fujifilm and Konica Minolta released security advisories to address vulnerabilities in multiple products.

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• Brother FAQs and Troubleshooting - Addressing Security Vulnerabilities
• Toshiba - Response to vulnerability in some Toshiba Tec's digital multi-function peripherals
• Ricoh - Specific Ricoh MFP and Printer Products - Multiple vulnerabilities (CVE-2017-9765, CVE-2024-2169, CVE-2024-51977, CVE-2024-51979, CVE-2024-51980, CVE-2024-51981, CVE-2024-51982, CVE-2024-51983, CVE-2024-51984)
• Notice on Vulnerabilities in FUJIFILM Multifunction Devices and Printers
• Konica Minolta - Multiple vulnerabilities in B/W small multifunction and single-function printers

Serial number:AV25-391
Date: July 3, 2025

On May 14, 2025, Wing FTP a published an update to address a critical vulnerability in the following product:

• Wing FTP Server – version v7.4.3 and prior

Open-source reporting has indicated that proof-of-concept exploit code is available for CVE-2025-47812.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Wing FTP Server v7.4.4

Serial number:AV25-390
Date:July 7, 2025

On July 2, 2025, HPE published a security advisory to address a vulnerability in the following product:

• HPE Telco Service Orchestrator – versions prior to v5.3.3

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPE Security Bulletin - HPESBNW04886 rev.1 - HPE Telco Service Orchestrator Software, Server-Side Request Forgery (SSRF) Vulnerability
• HPE Security Bulletin Library

Serial number:AV25-389
Date:July 3, 2025

On July 2, 2025, Drupal published security advisories to address vulnerabilities in the following products :

• Config Pages Viewer – versions prior to 1.0.4
• Two-factor Authentication (TFA) – versions prior to 1.11.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086
• Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085
• Drupal Security Advisories