World's Tallest Buildings Security Vulnerabilities

Siemens CP-XXXX Series Exposed Serial Shell

...

Vulnerabilities in employee management system could lead to remote code execution, login credential theft

Cisco Talos' Vulnerability Research team has disclosed more than a dozen vulnerabilities over the past three weeks, five in a device that allows employees to check in and out of their shifts, and another that exists in an open-source library used in medical device imaging files. The Peplink Smart.....

Network Threats: A Step-by-Step Attack Demonstration

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally...

Peplink Smart Reader web interface /cgi-bin/upload_config.cgi data integrity vulnerability

Talos Vulnerability Report TALOS-2023-1866 Peplink Smart Reader web interface /cgi-bin/upload_config.cgi data integrity vulnerability April 17, 2024 CVE Number CVE-2023-45744 SUMMARY A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink...

Peplink Smart Reader web interface mac2name OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1867 Peplink Smart Reader web interface mac2name OS command injection vulnerability April 17, 2024 CVE Number CVE-2023-39367 SUMMARY An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in...

Peplink Smart Reader /bin/login privilege escalation vulnerability

Talos Vulnerability Report TALOS-2023-1868 Peplink Smart Reader /bin/login privilege escalation vulnerability April 17, 2024 CVE Number CVE-2023-40146 SUMMARY A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted...

Peplink Smart Reader web interface /cgi-bin/debug_dump.cgi information disclosure vulnerability

Talos Vulnerability Report TALOS-2023-1863 Peplink Smart Reader web interface /cgi-bin/debug_dump.cgi information disclosure vulnerability April 17, 2024 CVE Number CVE-2023-43491 SUMMARY An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of...

Peplink Smart Reader web interface /cgi-bin/download_config.cgi information disclosure vulnerability

Talos Vulnerability Report TALOS-2023-1865 Peplink Smart Reader web interface /cgi-bin/download_config.cgi information disclosure vulnerability April 17, 2024 CVE Number CVE-2023-45209 SUMMARY An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi...

CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities added are as follows - CVE-2023-48788 (CVSS score: 9.3) - Fortinet FortiClient...

Satellite Images Point to Indiscriminate Israeli Attacks on Gaza’s Health Care Facilities

New research finds that Israel’s attacks on Gaza damaged hospitals and other medical facilities at the same rate as other buildings, potentially in violation of international...

10 years on from the Target breach. Has building cyber security improved?

It’s over a decade since the Target data breach. It was an event that reinforced the need for supply chain security reviews. It seems that much has changed since then, or has it? Has the security profile of the average connected building in the USA improved in that time period, be it retail,...

CVE-2023-5641 Martins Free & Easy SEO Link buildings < 1.2.30 - Reflected XSS

The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

Martins Free & Easy SEO Link buildings < 1.2.30 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in amin open...

Martins Free & Easy SEO Link buildings < 1.2.30 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

The Future of Drone Warfare

Ukraine is using $400 drones to destroy tanks: Facing an enemy with superior numbers of troops and armor, the Ukrainian defenders are holding on with the help of tiny drones flown by operators like Firsov that, for a few hundred dollars, can deliver an explosive charge capable of destroying a...

Is it bad to have a major security incident on your résumé? (Seriously I don’t know)

Welcome to this week's edition of the Threat Source newsletter. It's Cybersecurity Awareness Month, which means it's time to hug your nearest defender -- they're probably tired, could be facing burnout or just have had too much coffee today. What makes the cybersecurity landscape even more fraught....

QR codes in email phishing

QR codes are everywhere: you can see them on posters and leaflets, ATM screens, price tags and merchandise, historical buildings and monuments. People use them to share information, promote various online resources, pay for their goodies, and pass verification. And yet you don't see lots of QR...

Siemens A8000 CP-8050 / CP-8031 Code Execution / Command Injection

...

Surveillance camera insecurities argument comes to one inevitable conclusion: Always update

Chinese-made surveillance cameras find themselves in a spot of controversy, after a BBC investigation uncovered flaws in devices during several brand tests. Surveillance and webcam vulnerabilities are common, and we've covered them many times on our blog. What's interesting with this story is that....

Jenkins plugins Multiple Vulnerabilities (2023-06-14)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default....

Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting

Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create...

Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting

Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create...

CVE-2023-35146

Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create...

CVE-2023-35146

Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create...

CVE-2023-35146

Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create...

Cross site scripting

Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create...

CVE-2023-35146

Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create...

All your building are belong to us

TL;DR Building Management Systems (BMS) bring new risks to businesses that haven't had previous experience of securing Operational Technology (OT) While there might not be direct financial gain from hacking BMS, these systems can be a soft target for attackers to pivot into your business...

Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)

Prior to Mar 18, 2023, due to a reliance on client-side controls, authorized users of Raptor Technologies Volunteer Management SaaS products could effectively enumerate authorized users, and could modify restricted and unrestricted fields in the accounts of other users associated with the same...

Carbon reduction at PTP

Introduction I’ve been a bit of an eco-warrior since I got my first electric car in 2015, and I’ve been on a personal mission since then to reduce my carbon footprint. I realised I could do more for the environment if I could get Pen Test Partners (PTP) on board with some carbon reduction ideas...

Ransomware pushes City of Oakland into state of emergency

The ransomware attack that hit Oakland on Wednesday February 8, 2023 is still crippling many of the city's services a week later. In fact, the situation is so bad that the Interim City Administrator has now declared a state of emergency. Tweet announcing the state of emergency The ransomware...

land-buildings-geek.com Cross Site Scripting vulnerability OBB-3173836

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Priva TopControl Suite

EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Priva Equipment: TopControl Suite Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

A Digital Red Cross

The International Committee of the Red Cross wants some digital equivalent to the iconic red cross, to alert would-be hackers that they are accessing a medical network. The emblem wouldn’t provide technical cybersecurity protection to hospitals, Red Cross infrastructure or other medical...

Gas, a positive social network for teens (no, really)

A new social network is currently in the news, billed as a positive space for teens to enjoy themselves. I'm all for positive spaces online, but what is it, and will teens really be happier there than (say) Instagram, or even just hanging out in WhatsApp groups? Pump the gas Launched in August of.....

Thermal cameras could help reveal your password

Thermal imaging cameras detect heat energy, a helpful tool for engineers when hunting for thermal insulation gaps in buildings. But did you know that such devices can now aid in password theft? Because these devices are sold a lot cheaper than they used to, pretty much anyone can get their hands...

CVE-2013-0108

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code....

CVE-2013-0108

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code....

The Queen’s Funeral Sets Off the Biggest UK Police Operation Ever

Snipers on buildings. Drone no-fly zones. Temporary CCTV. The security plan is even more complex than it was for the London 2012...

Planning Go 1.20 Cryptography Work

As you might know, I left Google in spring to try and make the concept of a professional Open Source maintainer a thing. I'm staying on as a maintainer of the Go cryptography standard library, and I am going to seek funding from companies that rely on it, want to ensure its security and...

Inside the World’s Biggest Hacker Rickroll

As a graduation prank, four high school students hijacked 500 screens across six school buildings to troll their classmates and...

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) - Remote Code Execution Vulnerability

...

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) - Remote Code Execution

...

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in delsnap.pl Perl/CGI script....

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root

...

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit

Title: Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit Advisory ID: ZSL-2022-5710 Type: Local/Remote Impact: System Access, DoS Risk: (4/5) Release Date: 20.07.2022 Summary SpaceLogic C-Bus Home Automation System Lighting control and automation solutions for...

Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor Vulnerability

Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software...

SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting Vulnerability

SIEMENS-SINEMA Remote Connect versions 3.0.1.0-01.01.00.02 and below suffer from a cross site scripting...

SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting

...

Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor

...