Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Industrial PCs, SINUMERIK Panel Control Unit PCU, SIMOTION P320 Vulnerability: Permissions, Privileges, and Access Controls AFFECTED PRODUCTS Siemens reports that the vulnerability affects...

ICSA-17-180-01A_Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320 (Update A)

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Industrial PCs, SINUMERIK Panel Control Unit PCU, SIMOTION P320 Vulnerability: Permissions, Privileges, and Access Controls UPDATED INFORMATION This updated advisory is a follow-up to the...

The vulnerability of the driver for the microprogramming software of the Cisco TelePresence Multipoint Control Unit allows a intruder to trigger a service failure or execute arbitrary code.

The vulnerability of the driver for the Microprogramming Software of the Cisco TelePresence Multipoint Control Unit is related to improper checking of packet sizes during the assembly of IPv4 and IPv6 fragments. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or...

Cisco Warns of Critical Flaw in Teleconferencing Gear

Cisco Systems is warning customers of a critical vulnerability affecting three of its TelePresence MCU platform models. The flaw could give attackers the ability to remotely execute code on impacted systems or create conditions favorable to a denial-of-service DoS attack. According to an advisory...

Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit MCU Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. SPDX-FileCopyrightText: 2017 Greenbone AG Some text...

Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit MCU Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. The vulnerability is due to improper size validation when...

Tesla Motors Gateway ECU Command Injection Vulnerability

The Tesla Motors Gateway ECU is a set of firmware used to manage the car and provide driving functions. A security vulnerability in the Tesla Motors Gateway ECU firmware handling updates allows remote attackers to exploit the vulnerability to submit malicious updates that inject arbitrary command...

CVE-2016-5234

Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a...

CVE-2016-5234

Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a...

CVE-2016-5234

CVE-2016-5234 describes a buffer overflow in Huawei VP9660/VP9650/VP9630 MCUs and RSE6500 videoconference devices. A crafted packet enables remote code execution when an unspecified service is enabled, with devices running software before V500R002C00SPC200 (MCUs) or before V500R002C00SPC100 (RSE6...

USN-3000-1: Linux kernel (Utopic HWE) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-3000-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3000-1 advisory. Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use th...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-2970-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2970-1 advisory. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. A...

Ubuntu 16.04 LTS : Linux kernel (Raspberry Pi 2) vulnerabilities (USN-2965-3)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2965-3 advisory. Jann Horn discovered that the extended Berkeley Packet Filter eBPF implementation in the Linux kernel did not properly reference count file descriptors,...

Ubuntu 16.04 LTS : Linux kernel (Qualcomm Snapdragon) vulnerability (USN-2965-4)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2965-4 advisory. Jann Horn discovered that the extended Berkeley Packet Filter eBPF implementation in the Linux kernel did not properly reference count file descriptors,...

USN-2965-4: Linux kernel (Qualcomm Snapdragon) vulnerability

Jann Horn discovered that the extended Berkeley Packet Filter eBPF implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the...

Pacom RTU/1000 CCU/EMCS Encryption Weak Password Vulnerability

The Pacom 1000 CCU and RTU are both products of the Swedish company Pacom. The former is a set of network security panels for controlling, monitoring and maintaining remote sites and the latter is a set of security panels for controlling access control alarm systems. A security vulnerability exis...

Huawei VP9660 Multi-Point Control Unit Multiple Vulnerabilities (huawei-sa-20151111-01-vp9660)

Huawei VP9660 Multi-Point Control Unit is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Huawei VP9660 Multi-Point Control Unit Detection (SNMP)

SNMP based detection of Huawei VP9660 Multi-Point Control Unit MCU. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted message...