Lucene search

K

SICK FX0-GENT00000, SICK FX0-GENT00030, SICK FX0-GMOD00000, SICK FX0-GMOD00010, SICK FX0-GPNT00000, SICK FX0-GPNT00030, SICK UE410-EN1, SICK UE410-EN3, SICK UE410-EN3S04, SICK UE410-EN4 Security Vulnerabilities

cve
cve

CVE-2024-5659

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device...

6.8AI Score

0.0004EPSS

2024-06-14 05:15 PM
6
ics
ics

Rockwell Automation ControlLogix, GuardLogix, and CompactLogix

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, CompactLogix Vulnerability: Always-Incorrect Control Flow Implementation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise...

6.9AI Score

0.0004EPSS

2024-06-11 12:00 PM
schneier
schneier

Friday Squid Blogging: Emotional Support Squid

When asked what makes this an "emotional support squid" and not just another stuffed animal, its creator says: They're emotional support squid because they're large, and cuddly, but also cheerfully bright and derpy. They make great neck pillows (and you can fidget with the arms and tentacles) for.....

7.2AI Score

2024-05-17 09:04 PM
3
hackerone
hackerone

curl: Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below `curl` results in indeterminate SSRF vulnerabilities.

Summary: Octal Type Handling of Errors in IPv4 Mapped IPv6 Addresses in curl allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on curl. RFC 4291 defines ways to embed an IPv4 address into IPv6 addresses. One of the methods...

8.1CVSS

8.4AI Score

0.001EPSS

2024-05-07 03:11 PM
50
filippoio
filippoio

My Maintenance Policy

I wrote a short document describing how I maintain open source projects, to link it from my global CODE_OF_CONDUCT, CONTRIBUTING, and SECURITY files. It talks about how I prefer issues to PRs, how I work in batches, and how I'm trigger-happy with bans. It's all about setting expectations. It got...

7.6AI Score

2024-04-06 08:40 PM
10
osv
osv

BIT-python-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP...

9.8CVSS

6.6AI Score

0.008EPSS

2024-03-06 11:06 AM
21
osv
osv

BIT-golang-2021-29923

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and...

7.5CVSS

6.6AI Score

0.002EPSS

2024-03-06 11:06 AM
5
malwarebytes
malwarebytes

Pig butchering scams, how they work and how to avoid them

Pig butchering scams are big business. There are hundreds of millions of dollars involved every year. The numbers are not very precise because some see them as a special kind of romance scam, while others classify them as investment fraud. The victims in Pig Butchering schemes are referred to as...

6.8AI Score

2024-03-01 01:41 PM
10
filippoio
filippoio

PINs for Cryptography with Hardware Secure Elements

I'm a big fan of technologies that enable otherwise impossible security properties and user experiences, like cryptography often can. One such technology is hardware secure elements. Here's a thing you can't do with cryptography: encrypt data securely with a low-entropy secret, like a PIN. If a...

6.5AI Score

2024-02-14 02:01 PM
6
malwarebytes
malwarebytes

Deepfake Taylor Swift images circulate online, politicians call for laws to ban deepfake creation

Deepfake images of Taylor Swift have really made some serious waves. Explicit images of the popstar, generated by Artificial Intelligence (AI) were posted on social media and Telegram. The images were viewed millions of times. The impact of the deepfake was enormous. Social media platform X...

7.3AI Score

2024-01-30 12:53 PM
4
malwarebytes
malwarebytes

Ransomware review: January 2024

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

7.1AI Score

2024-01-11 04:39 PM
11
malwarebytes
malwarebytes

Alarm system cyberattack leaves those in need struggling to call for help

An alarm system company that allows those in need to ask for help at the touch of a button has suffered a cyberattack, causing serious disruption. Tunstall Netherlands says the attack left the control room struggling to receive distress calls from clients on Sunday November 12, 2023. Tunstall,...

7.1AI Score

2023-11-16 02:29 PM
8
filippoio
filippoio

Enough Polynomials and Linear Algebra to Implement Kyber

I was once talking with a mathematician and trying to explain elliptic curve cryptography. Eventually, something clicked and they went "oh, that! I think there was a chapter about it in the book. You made a whole field out of it?" Yes, in cryptography we end up focusing on a very narrow slice of...

6.6AI Score

2023-11-07 06:37 PM
19
thn
thn

PentestPad: Platform for Pentest Teams

In the ever-evolving cybersecurity landscape, the game-changers are those who adapt and innovate swiftly. Pen test solutions not only supercharge productivity but also provide a crucial layer of objectivity, ensuring efficiency and exceptional accuracy. The synergy between a skilled penetration...

6.9AI Score

2023-10-31 11:21 AM
30
filippoio
filippoio

Why We Don’t Generate Elliptic Curves Every Day

With all the talk recently of how the NIST curve parameters were selected, a reasonable observer could wonder why we all use the same curves instead of generating them along with keys, like we do for Diffie-Hellman parameters. (You might have memories of waiting around for openssl dhparam to run...

7.1AI Score

2023-10-24 02:56 PM
13
cve
cve

CVE-2023-5246

Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and...

8.8CVSS

8.8AI Score

0.001EPSS

2023-10-23 01:15 PM
21
nvd
nvd

CVE-2023-5246

Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and...

8.8CVSS

9AI Score

0.001EPSS

2023-10-23 01:15 PM
prion
prion

Authentication flaw

Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and...

8.8CVSS

8.9AI Score

0.001EPSS

2023-10-23 01:15 PM
7
cvelist
cvelist

CVE-2023-5246

Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and...

8.8CVSS

9.1AI Score

0.001EPSS

2023-10-23 12:22 PM
nvd
nvd

CVE-2023-43698

Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the...

6.1CVSS

7AI Score

0.001EPSS

2023-10-09 01:15 PM
nvd
nvd

CVE-2023-5102

Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP...

5.3CVSS

5.3AI Score

0.001EPSS

2023-10-09 01:15 PM
cve
cve

CVE-2023-5103

Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an...

4.3CVSS

4.5AI Score

0.001EPSS

2023-10-09 01:15 PM
22
cve
cve

CVE-2023-43698

Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the...

7.1CVSS

6.5AI Score

0.001EPSS

2023-10-09 01:15 PM
21
cve
cve

CVE-2023-5101

Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP...

5.3CVSS

5.3AI Score

0.001EPSS

2023-10-09 01:15 PM
17
nvd
nvd

CVE-2023-5101

Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP...

5.3CVSS

5.3AI Score

0.001EPSS

2023-10-09 01:15 PM
cve
cve

CVE-2023-5100

Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not...

6.5CVSS

6.3AI Score

0.001EPSS

2023-10-09 01:15 PM
15
nvd
nvd

CVE-2023-43697

Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP...

6.5CVSS

6.4AI Score

0.001EPSS

2023-10-09 01:15 PM
cve
cve

CVE-2023-5102

Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP...

5.3CVSS

5.3AI Score

0.001EPSS

2023-10-09 01:15 PM
22
nvd
nvd

CVE-2023-5100

Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not...

6.5CVSS

5.9AI Score

0.001EPSS

2023-10-09 01:15 PM
nvd
nvd

CVE-2023-5103

Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an...

4.3CVSS

4.5AI Score

0.001EPSS

2023-10-09 01:15 PM
cve
cve

CVE-2023-43697

Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP...

6.5CVSS

6.4AI Score

0.001EPSS

2023-10-09 01:15 PM
14
prion
prion

Code injection

Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP...

5.3CVSS

5.3AI Score

0.001EPSS

2023-10-09 01:15 PM
1
prion
prion

Design/Logic Flaw

Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP...

6.5CVSS

6.4AI Score

0.001EPSS

2023-10-09 01:15 PM
4
prion
prion

Design/Logic Flaw

Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP...

5.3CVSS

5.3AI Score

0.001EPSS

2023-10-09 01:15 PM
5
prion
prion

Design/Logic Flaw

Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not...

6.5CVSS

6.3AI Score

0.001EPSS

2023-10-09 01:15 PM
2
prion
prion

Cross site scripting

Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the...

6.1CVSS

6.5AI Score

0.001EPSS

2023-10-09 01:15 PM
4
prion
prion

Input validation

Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an...

4.3CVSS

4.6AI Score

0.001EPSS

2023-10-09 01:15 PM
4
nvd
nvd

CVE-2023-43700

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require...

7.5CVSS

7.5AI Score

0.001EPSS

2023-10-09 12:15 PM
1
nvd
nvd

CVE-2023-43699

Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not...

7.5CVSS

7.6AI Score

0.001EPSS

2023-10-09 12:15 PM
cve
cve

CVE-2023-43700

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require...

7.7CVSS

7.4AI Score

0.001EPSS

2023-10-09 12:15 PM
12
cve
cve

CVE-2023-43696

Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP...

9.8CVSS

9.3AI Score

0.001EPSS

2023-10-09 12:15 PM
15
cve
cve

CVE-2023-43699

Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not...

7.5CVSS

7.6AI Score

0.001EPSS

2023-10-09 12:15 PM
15
nvd
nvd

CVE-2023-43696

Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP...

9.8CVSS

8.9AI Score

0.001EPSS

2023-10-09 12:15 PM
prion
prion

Authorization

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require...

7.5CVSS

7.4AI Score

0.001EPSS

2023-10-09 12:15 PM
5
prion
prion

Input validation

Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not...

7.5CVSS

7.7AI Score

0.001EPSS

2023-10-09 12:15 PM
5
prion
prion

Improper access control

Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP...

9.8CVSS

9.4AI Score

0.001EPSS

2023-10-09 12:15 PM
5
cvelist
cvelist

CVE-2023-5103

Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an...

4.3CVSS

4.8AI Score

0.001EPSS

2023-10-09 12:11 PM
cvelist
cvelist

CVE-2023-5102

Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP...

5.3CVSS

5.6AI Score

0.001EPSS

2023-10-09 12:09 PM
cvelist
cvelist

CVE-2023-5101

Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP...

5.3CVSS

5.6AI Score

0.001EPSS

2023-10-09 12:07 PM
cvelist
cvelist

CVE-2023-5100

Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not...

5.9CVSS

6.5AI Score

0.001EPSS

2023-10-09 12:05 PM
Total number of security vulnerabilities919