21 matches found
EUVD-2023-36962
Malicious code in bioql PyPI...
EUVD-2023-36960
Malicious code in bioql PyPI...
EUVD-2022-48060
Malicious code in bioql PyPI...
CVE-2023-32735
A vulnerability has been identified in SIMATIC STEP 7 Safety V16 All versions V16 Update 7, SIMATIC STEP 7 Safety V17 All versions V17 Update 7, SIMATIC STEP 7 Safety V18 All versions V18 Update 2, SIMATIC STEP 7 V16 All versions V16 Update 7, SIMATIC STEP 7 V17 All versions V17 Update 7, SIMATIC...
CVE-2023-32737
A vulnerability has been identified in SIMATIC STEP 7 Safety V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within...
CVE-2022-45147
A vulnerability has been identified in SIMATIC PCS neo V4.0 All versions, SIMATIC STEP 7 V16 All versions, SIMATIC STEP 7 V17 All versions, SIMATIC STEP 7 V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable...
Siemens SIMATIC STEP Deserialization Vulnerability
Siemens SIMATIC STEP is a comprehensive engineering tool for configuring and programming SIMATIC controllers from Siemens, Germany. A deserialization vulnerability exists in Siemens SIMATIC STEP, which arises from an affected application failing to properly restrict .NET BinaryFormatter when...
CVE-2023-32735
A vulnerability has been identified in SIMATIC STEP 7 Safety V16 All versions V16 Update 7, SIMATIC STEP 7 Safety V17 All versions V17 Update 7, SIMATIC STEP 7 Safety V18 All versions V18 Update 2, SIMATIC STEP 7 V16 All versions V16 Update 7, SIMATIC STEP 7 V17 All versions V17 Update 7, SIMATIC...
CVE-2023-32737
A vulnerability has been identified in SIMATIC STEP 7 Safety V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within...
CVE-2022-45147
A vulnerability has been identified in SIMATIC PCS neo V4.0 All versions, SIMATIC STEP 7 V16 All versions, SIMATIC STEP 7 V17 All versions, SIMATIC STEP 7 V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable...
CVE-2023-32737
CVE-2023-32737 affects SIMATIC STEP 7 Safety V18 (all versions
CVE-2023-32735
A vulnerability has been identified in SIMATIC STEP 7 Safety V16 All versions V16 Update 7, SIMATIC STEP 7 Safety V17 All versions V17 Update 7, SIMATIC STEP 7 Safety V18 All versions V18 Update 2, SIMATIC STEP 7 V16 All versions V16 Update 7, SIMATIC STEP 7 V17 All versions V17 Update 7, SIMATIC...
CVE-2023-32735
CVE-2023-32735 describes a deserialization vulnerability in Siemens SIMATIC/WinCC/STEP 7 and related components where the Configuration Handler does not properly restrict the .NET BinaryFormatter when deserializing hardware configuration profiles. This can lead to type confusion and arbitrary cod...
CVE-2023-32735
A vulnerability has been identified in SIMATIC STEP 7 Safety V16 All versions V16 Update 7, SIMATIC STEP 7 Safety V17 All versions V17 Update 7, SIMATIC STEP 7 Safety V18 All versions V18 Update 2, SIMATIC STEP 7 V16 All versions V16 Update 7, SIMATIC STEP 7 V17 All versions V17 Update 7, SIMATIC...
CVE-2022-45147
Siemens reports CVE-2022-45147 affects SIMATIC PCS neo v4.0 and SIMATIC STEP 7 (TIA Portal) v16–18, where deserialization of user-controlled input via the .NET BinaryFormatter can cause type confusion and allow arbitrary code execution. Affected products: PCS neo v4.0 (all versions); STEP 7 v16, ...
CVE-2022-45147
A vulnerability has been identified in SIMATIC PCS neo V4.0 All versions, SIMATIC STEP 7 V16 All versions, SIMATIC STEP 7 V17 All versions, SIMATIC STEP 7 V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable...
CVE-2022-45147
A vulnerability has been identified in SIMATIC PCS neo V4.0 All versions, SIMATIC STEP 7 V16 All versions, SIMATIC STEP 7 V17 All versions, SIMATIC STEP 7 V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable...
Siemens SIMATIC STEP 7 (TIA Portal)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Insecure deserialization in Wire
Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any...
Information disclosure
Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any...