The vulnerability of the programming and debugging tool for PLC applications, MULTIPROG, integrated with the operating system ProConOS/ProConOS eCLR, arises from the loading of code without checking its integrity. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the MULTIPROG programming and debugging tool for PLC applications, integrated with the ProConOS/ProConOS eCLR operating system, lies in the loading of code without checking its integrity. Exploiting this vulnerability allows an attacker to compromise the integrity of the...

Exploit for Incorrect Permission Assignment for Critical Resource in Microsoft

CVE-2024-21305 This repo contains the report and PoC of CVE-...

PHOENIX CONTACT PLCnext Engineer and PLCnext Control Devices Security Vulnerability

PHOENIX CONTACT PLCnext Engineer and PHOENIX CONTACT PLCnext Control Devices are both products of PHOENIX CONTACT, Germany. PHOENIX CONTACT PLCnext Engineer is an engineering software platform for automation controllers and PHOENIX CONTACT PLCnext Control Devices are programmable logic controller...

PT-2023-7875 · Phoenix Contact · Fc 350 Pci Eth +4

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT classic line PLCs affected versions not specified AXC 1050 AXC 1050 XC AXC 3050 FC 350 PCI ETH Description: The issue allows an unauthenticated remote attacker to modify some or all applications on a PLC due to a lack of code...

Buildroot BR_NO_CHECK_HASH_FOR data integrity vulnerability

Talos Vulnerability Report TALOS-2023-1845 Buildroot BRNOCHECKHASHFOR data integrity vulnerability December 5, 2023 CVE Number CVE-2023-43608 SUMMARY A data integrity vulnerability exists in the BRNOCHECKHASHFOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted...

CVE-2023-5984

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device...

Mobile Application Security

Our progression into the digital age has notably changed the way we function. Everything from financial management, online purchases, virtual education, to entertainment—has been compacted into the easily-navigatable universe of apps on our handheld devices. This amplified reliance on mobile...

PT-2023-25839 · Synel · Synel Terminals

Name of the Vulnerable Software and Affected Versions: Synel Terminals affected versions not specified Description: The issue is related to the download of code without an integrity check, which is classified as CWE-494. This problem can potentially allow malicious code to be executed on the...

Genians Genian NAC Security Vulnerability

Genians Genian NAC is a network security and access control software from Genians Korea. It helps organizations identify IP-enabled devices, manage vulnerabilities, and check device configurations to protect network access environments. A security vulnerability exists in Genians Genian NAC and...

PT-2023-27349 · Genians · Genian Nac Suite +2

Name of the Vulnerable Software and Affected Versions: Genians Genian NAC versions 4.0.0 through 4.0.155 Genians Genian NAC versions 5.0.0 through 5.0.42 Genians Genian NAC Suite versions 5.0.0 through 5.0.54 Genians Genian ZTNA versions 6.0.0 through 6.0.15 Description: The issue is related to a...

Memory Integrity System Readiness Scan Tool Defense in Depth Update

The Memory Integrity System Readiness Scan Tool hvciscanamd64.exe and hvciscanarm64.exe is used to check for compatibility issues with memory integrity, also known as hypervisor-protected code integrity HVCI. The original version was published without a RSRC section, which contains resource...

Guidance on Microsoft Signed Drivers Being Used Maliciously

Executive Summary: Microsoft was recently informed that drivers certified by Microsoft’s Windows Hardware Developer Program MWHDP were being used maliciously in post-exploitation activity. In these attacks, the attacker gained administrative privileges on compromised systems before using the...

Blank Windows Display when Open Citrix Workspace APP

When opening Citrix Workspace App, it displays blank. User cannot input store's URL or username&password to login. However, the ICA session can be launched through browser. It shows msedgewebview2.exe crashed because tsafedoc64.dll does not meet the Microsoft signing level requirement in Event...

Exploit for Download of Code Without Integrity Check in Dlink Dnr-322L_Firmware

CVE-2022-40799 Title: D-Link DNR-322L - Authenticated Remote...

The vulnerability of the microprogrammed software of the D–Link DNR-322L network video recorder camera lies in the fact that the code can be loaded without checking its integrity. This allows a intruder to execute any arbitrary code.

The vulnerability of the microprogrammed software of the D-Link DNR-322L network video recorder relates to the loading of code without checking its integrity. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

July 21, 2022—KB5015880 (OS Build 17763.3232) Preview

July 21, 2022—KB5015880 OS Build 17763.3232 Preview 7/12/22 After September 20, 2022, there will no longer be optional, non-security releases known as "C" or preview releases for the 2019 LTSC editions and Windows Server 2019. Only cumulative monthly security updates known as the "B" or Update...

July 19, 2022—KB5015879 (OS Build 20348.859) Preview

July 19, 2022—KB5015879 OS Build 20348.859 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out...

CVE-2022-28944

CVE-2022-28944 affects multiple EMCO Software products (e.g., MSI Package Builder for Windows 9.1.4; Remote Installer 6.0.13; Ping Monitor 8.0.18; Remote Shutdown 7.2.2; WakeOnLan 2.0.8; Network Inventory 5.8.22; Network Software Scanner 2.0.8; UnLock IT 6.1.1) via the Updater component. The flaw...

Fortinet FortiOS Arbitrary File Download

Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files...

Trojan Source CVE-2021-42572: No Panic Necessary

What is this thing? Researchers at the University of Cambridge and the University of Edinburgh recently published a paper on an attack technique they call “Trojan Source.” The attack targets a weakness in text-encoding standard Unicode—which allows computers to handle text across many different...