Mitsubishi Electric MELFA SD/SQ series and F-series Robot Controllers

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELFA SD/SQ series and F-series Robot Controllers Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

Jenkins Plugin Semantic Versioning 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A code issue vulnerabilit...

Phoenix Contact Classic Line Industrial Controllers Missing Authentication For Critical Function (CVE-2019-9201)

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. This plugin only works with Tenable.ot. Please visit...

Phoenix Contact Classic Line Controllers Insufficient Verification of Data Authenticity (CVE-2022-31800)

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Siemens Desigo PX Devices External Control of Assumed-Immutable Web Parameter (CVE-2019-13927)

A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 All firmware versions V6.00.320, Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules...

The vulnerability of the tcp-protocol implementation in Totalflow’s microprogramming software for ABB RMC-100, RMC-100-LITE, XIO, XFCG5, XRCG5, uFLOG5, and UDC controllers allows a hacker to execute arbitrary code.

The vulnerability of the tcp-protocol implementation in Totalflow’s micro-programmed software for ABB RMC-100, RMC-100-LITE, XIO, XFCG5, XRCG5, uFLOG5, and UDC controllers is related to the possibility of bypassing the path. Exploiting this vulnerability allows a remote attacker to execute...

PT-2023-2420 · Omron · Omron Cs Series

Name of the Vulnerable Software and Affected Versions: Omron CJ-series and CS-series PLCs, all versions Description: The issue is related to the lack of authentication for a critical function in Omron CS/CJ controllers. An attacker with network access to the affected PLC may use a network protoco...

GSD-2023-1000217 Bluetooth: Fix crash when replugging CSR fake controllers

Bluetooth: Fix crash when replugging CSR fake controllers This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.159 by commit...

PT-2023-33220 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.83 Description: A potential issue in the Linux Kernel may cause a crash when replugging CSR fake Bluetooth controllers. The actual impact and attack plausibility have not yet been proven. Recommendations:...

PT-2023-33294 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 5.10.159 Description: A potential issue in the Linux Kernel may cause a crash when replugging CSR fake Bluetooth controllers. The actual impact and attack plausibility have not yet been proven. Recommendations:...

PT-2023-33120 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.13 Description: A potential issue exists where replugging CSR fake controllers could cause a crash. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

Unspecified Vulnerability in Siemens S7-1500 CPU devices

SIMATIC drive controllers are designed for the automation of production machines, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.The SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global...

Microsoft Windows Netlogon 安全漏洞

Microsoft Windows Netlogon is an important component of Windows from Microsoft Corporation USA, whose main functions are authentication of users and machines on intra-domain networks and replication of databases for domain-controlled backups, as well as maintenance of domain member-to-domain,...

Siemens SIMATIC S7-1500 安全漏洞

SIMATIC drive controllers are designed for the automation of production machines, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.The SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global...

EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2023-1223)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to...

DBRisinajumi d2files SQL Injection vulnerability

A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Upgrading to version 1.0.0 can address this...

OESA-2023-1016 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DC...

OESA-2023-1018 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DC...

Rockwell Automation Logix controllers Improper Input Validation (CVE-2022-3752)

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user wou...

The vulnerability in the implementation of the Simple Network Management Protocol (SNMP) on Cisco IOS XE Catalyst access points and Cisco Catalyst 9000 wireless network controllers, related to errors in request processing, allows a perpetrator to disclose protected information.

The vulnerability of the Simple Network Management Protocol SNMP implementation on Cisco IOS XE Catalyst access points and Cisco Catalyst 9000 wireless network controllers is related to errors in handling requests. Exploiting this vulnerability can allow a malicious actor to disclose protected...