Scalance S602, Scalance S612, Scalance S623, Scalance S627-2m Security Vulnerabilities
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers....
7.4CVSS
7.3AI Score
0.001EPSS
virt:ol and virt-devel:rhel security and bug fix update
hivex libguestfs [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101280...
5.5CVSS
7.8AI Score
0.0004EPSS
China-Linked Spyware Found in Google Play Store Apps, 2m Downloads
By Waqas Mobile security solutions provider Pradeo's security researchers have shared details of the spyware they discovered hiding on the… This is a post from HackRead.com Read the original post: China-Linked Spyware Found in Google Play Store Apps, 2m...
6.8AI Score
Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers....
6.6AI Score
0.001EPSS
2m-deutschland.de Cross Site Scripting vulnerability OBB-3478560
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Siemens SINAMICS Medium Voltage Products
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services.....
9.8CVSS
8.4AI Score
0.106EPSS
Siemens SIMATIC WinCC using obsolete function vulnerability
SIMATIC NET PC software is a separately sold software product that implements the SIMATIC NET communication products.SIMATIC PCS 7 is a centralized control system (DCS) that integrates SIMATIC WinCC, SIMATIC Batch, SIMATIC Route control, OpenPCS 7 and other components.SIMATIC WinCC is a...
8.8CVSS
7.1AI Score
0.001EPSS
HackerOne: 2M Reports on HackerOne Celebration! - Ability to bulk-submit many reports.
The researcher was able to bulk submit many reports by creating a lot of them in Draft mode and them submitting them simultaneously, As result, we've limited the maximum number of drafts you can have to...
6.8AI Score
Siemens SCALANCE W1750D Uncontrolled Resource Consumption (CVE-2002-20001)
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular- exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and...
7.7AI Score
0.011EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the deviceinfo binary via the mac parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any.....
4.1AI Score
0.0004EPSS
Siemens SCALANCE LPE9403 Heap-Based Buffer Overflow (CVE-2023-27410)
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the edgebox_web_app binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged...
4.5AI Score
0.0005EPSS
Siemens SCALANCE W1750D Improper Input Validation (CVE-2022-47522)
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication....
7.7AI Score
0.001EPSS
Stale risk fund assets may make protocol loose funds
Lines of code https://github.com/code-423n4/2023-05-venus/blob/8be784ed9752b80e6f1b8b781e2e6251748d0d7e/contracts/Shortfall/Shortfall.sol#L381 Vulnerability details Vulnerability Details When swapping Risk funds in a pool swapPoolsAssets(address[],uint256[],address[][]) from one market underlying.....
6.7AI Score
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating syste...
9.6AI Score
0.001EPSS
Siemens SCALANCE LPE9403 Creation of Temporary File with Insecure Permissions (CVE-2023-27408)
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The i2c mutex file is created with the permissions bits of -rw-rw-rw-. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH...
4.2AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
7.5AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.9CVSS
6.8AI Score
0.001EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating syste...
9.9CVSS
9.5AI Score
0.001EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The i2c mutex file is created with the permissions bits of -rw-rw-rw-. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH...
3.3CVSS
4.1AI Score
0.0004EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the deviceinfo binary via the mac parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any.....
3.3CVSS
3.9AI Score
0.0004EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the edgebox_web_app binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged...
2.7CVSS
4.2AI Score
0.0005EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The i2c mutex file is created with the permissions bits of -rw-rw-rw-. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH...
3.3CVSS
3.9AI Score
0.0004EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the deviceinfo binary via the mac parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any.....
3.3CVSS
3.7AI Score
0.0004EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the edgebox_web_app binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged...
2.7CVSS
4.3AI Score
0.0005EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating syste...
9.9CVSS
9.3AI Score
0.001EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating syste...
9.9CVSS
9.4AI Score
0.001EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the deviceinfo binary via the mac parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any.....
3.3CVSS
4.8AI Score
0.0004EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The i2c mutex file is created with the permissions bits of -rw-rw-rw-. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH...
3.3CVSS
4.9AI Score
0.0004EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the edgebox_web_app binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged...
2.7CVSS
5.2AI Score
0.0005EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the edgebox_web_app binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged...
2.7CVSS
4.3AI Score
0.0005EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the deviceinfo binary via the mac parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any.....
2.5CVSS
3.9AI Score
0.0004EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The i2c mutex file is created with the permissions bits of -rw-rw-rw-. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH...
3.3CVSS
4.1AI Score
0.0004EPSS
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating syste...
9.9CVSS
9.6AI Score
0.001EPSS
Siemens SCALANCE XCM332 Allocation of Resources Without Limits or Throttling (CVE-2021-46828)
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. This plugin only works with Tenable.ot. Please visit.....
7.6AI Score
0.005EPSS
Siemens SCALANCE XCM332 Use After Free (CVE-2022-40674)
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
8.4AI Score
0.006EPSS
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. This plugin only works with Tenable.ot....
6.9AI Score
0.0004EPSS
Siemens SCALANCE XCM332 Incorrect Default Permissions (CVE-2022-32207)
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving t...
8.8AI Score
0.003EPSS
Siemens SCALANCE XCM332 Use After Free (CVE-2022-1652)
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service....
8.1AI Score
0.0004EPSS
Siemens SCALANCE XCM332 Improper Validation of Syntactic Correctness of Input (CVE-2022-35252)
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing asister site to deny service to all siblings. This plugin only works with...
6.4AI Score
0.001EPSS
Siemens SCALANCE XCM332 Out-of-Bounds Write (CVE-2022-32208)
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. This plugin only works with Tenable.ot. Please visit...
7.8AI Score
0.003EPSS
Siemens Multiple RTOS Integer Overflow or Wraparound (CVE-2020-28895)
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. SCALANCE X-200, X-200IRT, and X-300....
8.8AI Score
0.001EPSS
Siemens Multiple RTOS Integer Overflow or Wraparound (CVE-2020-35198)
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.....
9.8AI Score
0.002EPSS
Siemens SCALANCE X-200IRT Devices Inadequate Encryption Strength (CVE-2023-29054)
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2...
7.2AI Score
0.001EPSS
Siemens SCALANCE X-200IRT Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.4CVSS
7.3AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.5AI Score
0.006EPSS
Siemens SCALANCE X-200, X-200IRT, and X-300 Switch Families BadAlloc Vulnerabilities
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.5AI Score
0.002EPSS
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2...
7.4CVSS
6.6AI Score
0.001EPSS
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2...
7.4CVSS
7AI Score
0.001EPSS
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2...
7.4CVSS
7.1AI Score
0.001EPSS
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2...
6.7CVSS
7.2AI Score
0.001EPSS