Today CISA announced that it had added a deserialization of untrusted data vulnerability in the Trimble Cityworks products to their Known Exploited Vulnerabilities (KEV) catalog. This vulnerability was reported by Trimble. CISA published an advisory yesterday describing this vulnerability. Trimble has published a list of indicators of compromise.
CISA has directed Federal agencies utilizing the affected
Trimble products to apply “mitigations per vendor instructions or discontinue
use of the product if mitigations are unavailable.” CISA has set a deadline of
February 28th, 2025, for such agencies to complete these actions.
Posts
No comments:
Post a Comment