Design/Logic Flaw

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors...

CVE-2023-21405

CVE-2023-21405 affects Axis Network Door Controllers and Axis Network Intercoms via OSDP; the vulnerability is a crash in the OSDP message parser that crashes the pacsiod process, causing temporary unavailability of door-controlling functionality (doors cannot be opened or closed). The issue is d...

Axis Network Door Controllers 安全漏洞

AXIS Network Door Controllers is a network door controller from AXIS Sweden. A security vulnerability exists in Axis Network Door Controllers, Axis Network Intercoms, which stems from a crash of the OSDP message parser pacsiod process when communicating via OSDP intercom, resulting in a temporary...

PT-2023-7483 · Axis · Axis Network Intercoms +1

Name of the Vulnerable Software and Affected Versions: Axis Network Door Controllers and Axis Network Intercoms affected versions not specified Description: The issue is related to a flaw in the implementation of the Open Supervised Device Protocol OSDP in Axis Network Door Controllers and Axis...

SUSE CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

AZL-48166 CVE-2023-3347 affecting package samba 4.18.3-2

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

CVE-2023-3347 Samba: smb2 packet signing is not enforced when "server signing = required" is set

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

CVE-2023-3347 Samba: smb2 packet signing is not enforced when "server signing = required" is set

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on July 20, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-201-01 Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation...

UBUNTU-CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

SMB2 packet signing not enforced

Description SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. SMB2 packet signing is a mechanism that ensures the integrity and authenticity of data exchanged between a clien...

PT-2023-8786 · Samba +8 · Samba +8

Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domai...

Vulnerabilities fixed in Zyxel products

Zyxel has fixed vulnerabilities in the firmware of several USG, ATP and VPN products. An unauthenticated malicious person can exploit the vulnerabilities from the LAN side to exploit them to cause a denial-of-service, or to execute commands on the underlying operating system. As far as is known,...

MS KB5014754 - Audit events found for FAS

As Per the Microsoft KB linked below, we have found audit events on our domain controllers that indicate we will be impacted when this change is enforced. We need the remediation steps, so we can implement them before we're impacted...

The vulnerability of the microprogramming software used in STARDOM FCJ, FCN-100, FCN-RTU, and FCN-500 programmable logic controllers allows a intruder to execute arbitrary code.

The vulnerability of Yokogawa STARDOM FCJ, FCN-100, FCN-RTU, and FCN-500 controllers is related to the use of rigidly encoded account data. Exploiting this vulnerability allows a malicious actor, who has not undergone identity verification, to execute arbitrary commands...

The vulnerability of motion controllers and motion control systems like SIMOTION allows a intruder to disclose the protected information.

The vulnerability of SIMOTION motion controllers and motion control systems lies in the lack of protection for mission-critical data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2019-6852)

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...

The vulnerabilities of microprogrammed logic controllers such as Modicon M580, Modicon M340, Modicon MC80, Modicon Momentum Ethernet, Modicon Quantum, Modicon Premium, and the programming software for these controllers—EcoStruxure Control Expert and EcoStruxure Process Expert—allow attackers to induce malfunctions in the equipment.

The vulnerability of microprogrammed logic controllers such as Modicon M580, Modicon M340, Modicon MC80, Modicon Momentum Ethernet, Modicon Quantum, Modicon Premium, and the programming software for these controllers—EcoStruxure Control Expert and EcoStruxure Process Expert—is related to the...