Remote Code Execution Vulnerabilities in Secomea, Moxa, and HMS eWon VPNs

Security researchers at Claroty published details on multiple pre-auth remote code execution vulnerabilities affecting virtual private network VPN implementations primarily used to provide remote access to operational technology OT networks. The vulnerabilities could allow unauthenticated attacke...

CVE-2020-14512

GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords...

CVE-2020-14512

GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords...

CVE-2020-14512 USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916

GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords...

CVE-2020-14512

CVE-2020-14512 affects Secomea GateManager (versions prior to 9.2c) due to use of a weak password hash, potentially allowing an attacker to view user passwords. Affected firmware patches exist (GateManager 9.2c/9.2i); apply the latest update to mitigate. CISA ICS advisory confirms the vulnerabili...

Critical Bugs in Utilities VPNs Could Cause Physical Damage

Remote code-execution vulnerabilities in virtual private network VPN products could impact the physical functioning of critical infrastructure in the oil and gas, water and electric utilities space, according to researchers. Researchers at Claroty found that VPNs used to provide remote access to...