Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device...
6.8AI Score
0.0004EPSS
Rockwell Automation ControlLogix, GuardLogix, and CompactLogix
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, CompactLogix Vulnerability: Always-Incorrect Control Flow Implementation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise...
6.9AI Score
0.0004EPSS
Friday Squid Blogging: Emotional Support Squid
When asked what makes this an "emotional support squid" and not just another stuffed animal, its creator says: They're emotional support squid because they're large, and cuddly, but also cheerfully bright and derpy. They make great neck pillows (and you can fidget with the arms and tentacles) for.....
7.2AI Score
Summary: Octal Type Handling of Errors in IPv4 Mapped IPv6 Addresses in curl allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on curl. RFC 4291 defines ways to embed an IPv4 address into IPv6 addresses. One of the methods...
8.1CVSS
8.4AI Score
0.001EPSS
I wrote a short document describing how I maintain open source projects, to link it from my global CODE_OF_CONDUCT, CONTRIBUTING, and SECURITY files. It talks about how I prefer issues to PRs, how I work in batches, and how I'm trigger-happy with bans. It's all about setting expectations. It got...
7.6AI Score
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP...
9.8CVSS
6.6AI Score
0.008EPSS
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and...
7.5CVSS
6.6AI Score
0.002EPSS
Pig butchering scams, how they work and how to avoid them
Pig butchering scams are big business. There are hundreds of millions of dollars involved every year. The numbers are not very precise because some see them as a special kind of romance scam, while others classify them as investment fraud. The victims in Pig Butchering schemes are referred to as...
6.8AI Score
PINs for Cryptography with Hardware Secure Elements
I'm a big fan of technologies that enable otherwise impossible security properties and user experiences, like cryptography often can. One such technology is hardware secure elements. Here's a thing you can't do with cryptography: encrypt data securely with a low-entropy secret, like a PIN. If a...
6.5AI Score
Deepfake Taylor Swift images circulate online, politicians call for laws to ban deepfake creation
Deepfake images of Taylor Swift have really made some serious waves. Explicit images of the popstar, generated by Artificial Intelligence (AI) were posted on social media and Telegram. The images were viewed millions of times. The impact of the deepfake was enormous. Social media platform X...
7.3AI Score
Ransomware review: January 2024
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...
7.1AI Score
Alarm system cyberattack leaves those in need struggling to call for help
An alarm system company that allows those in need to ask for help at the touch of a button has suffered a cyberattack, causing serious disruption. Tunstall Netherlands says the attack left the control room struggling to receive distress calls from clients on Sunday November 12, 2023. Tunstall,...
7.1AI Score
Enough Polynomials and Linear Algebra to Implement Kyber
I was once talking with a mathematician and trying to explain elliptic curve cryptography. Eventually, something clicked and they went "oh, that! I think there was a chapter about it in the book. You made a whole field out of it?" Yes, in cryptography we end up focusing on a very narrow slice of...
6.6AI Score
PentestPad: Platform for Pentest Teams
In the ever-evolving cybersecurity landscape, the game-changers are those who adapt and innovate swiftly. Pen test solutions not only supercharge productivity but also provide a crucial layer of objectivity, ensuring efficiency and exceptional accuracy. The synergy between a skilled penetration...
6.9AI Score
Why We Don’t Generate Elliptic Curves Every Day
With all the talk recently of how the NIST curve parameters were selected, a reasonable observer could wonder why we all use the same curves instead of generating them along with keys, like we do for Diffie-Hellman parameters. (You might have memories of waiting around for openssl dhparam to run...
7.1AI Score
Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and...
8.8CVSS
8.8AI Score
0.001EPSS
Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and...
8.8CVSS
9AI Score
0.001EPSS
Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and...
8.8CVSS
8.9AI Score
0.001EPSS
Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and...
8.8CVSS
9.1AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the...
6.1CVSS
7AI Score
0.001EPSS
Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP...
5.3CVSS
5.3AI Score
0.001EPSS
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an...
4.3CVSS
4.5AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the...
7.1CVSS
6.5AI Score
0.001EPSS
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP...
5.3CVSS
5.3AI Score
0.001EPSS
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP...
5.3CVSS
5.3AI Score
0.001EPSS
Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not...
6.5CVSS
6.3AI Score
0.001EPSS
Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP...
6.5CVSS
6.4AI Score
0.001EPSS
Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP...
5.3CVSS
5.3AI Score
0.001EPSS
Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not...
6.5CVSS
5.9AI Score
0.001EPSS
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an...
4.3CVSS
4.5AI Score
0.001EPSS
Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP...
6.5CVSS
6.4AI Score
0.001EPSS
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP...
5.3CVSS
5.3AI Score
0.001EPSS
Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP...
6.5CVSS
6.4AI Score
0.001EPSS
Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP...
5.3CVSS
5.3AI Score
0.001EPSS
Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not...
6.5CVSS
6.3AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the...
6.1CVSS
6.5AI Score
0.001EPSS
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an...
4.3CVSS
4.6AI Score
0.001EPSS
Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require...
7.5CVSS
7.5AI Score
0.001EPSS
Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not...
7.5CVSS
7.6AI Score
0.001EPSS
Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require...
7.7CVSS
7.4AI Score
0.001EPSS
Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP...
9.8CVSS
9.3AI Score
0.001EPSS
Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not...
7.5CVSS
7.6AI Score
0.001EPSS
Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP...
9.8CVSS
8.9AI Score
0.001EPSS
Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require...
7.5CVSS
7.4AI Score
0.001EPSS
Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not...
7.5CVSS
7.7AI Score
0.001EPSS
Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP...
9.8CVSS
9.4AI Score
0.001EPSS
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an...
4.3CVSS
4.8AI Score
0.001EPSS
Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP...
5.3CVSS
5.6AI Score
0.001EPSS
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP...
5.3CVSS
5.6AI Score
0.001EPSS
Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not...
5.9CVSS
6.5AI Score
0.001EPSS