SUSE: Security Advisory (SUSE-SU-2022:2083-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-32230

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death BSOD crash of the Windows kernel. For most...

CVE-2022-32230

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death BSOD crash of the Windows kernel. For most...

Null pointer dereference

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death BSOD crash of the Windows kernel. For most...

CVE-2022-32230 SMBv3 FileNormalizedNameInformation NULL Pointer Dereference

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death BSOD crash of the Windows kernel. For most...

June 14, 2022—KB5014699 (OS Builds 19042.1766, 19043.1766, and 19044.1766)

June 14, 2022—KB5014699 OS Builds 19042.1766, 19043.1766, and 19044.1766 EXPIRATION NOTICEIMPORTAN T As of 9/12/2023, this KB is only available from Windows Update. It is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to...

PT-2022-2950 · Spacelogic +1 · Spacelogic C-Bus Application Controller +3

Name of the Vulnerable Software and Affected Versions: C-Bus Network Automation Controller - LSS5500NAC versions prior to V1.10.0 Wiser for C-Bus Automation Controller - LSS5500SHAC versions prior to V1.10.0 Clipsal C-Bus Network Automation Controller - 5500NAC versions prior to V1.10.0 Clipsal...

Rockwell Automation Logix Controllers Uncontrolled Resource Consumption (CVE-2022-1797)

The remote OT product is vulnerable as specified in advisory ICSA-22-144-01. - A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of- service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the targe...

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the copying of buffers without checking the size of the input data. This allows a malicious actor to cause malfunctions in the system.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure through a specially crafted HT...

The vulnerability affects the implementation of the Control Point Access Point Wireless Provisioning Protocol (CAPWAP) on Cisco IOS XE operating systems, as well as Control Points and Cisco Catalyst 9800 and 9800-CL for Cloud wireless network controllers. This allows a malicious actor to cause service interruptions.

The vulnerability of the CAPWAP protocol implementation in Cisco IOS XE operating systems, as well as in Catalyst access points and Cisco Catalyst 9800 and 9800-CL for Cloud wireless network controllers, is related to an unvalidated return value that causes the zero pointer to be swapped...

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software arises from the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary shell commands.

The vulnerability of HID Mercury programmable logic controllers exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary shell commands by sending a special...

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the fact that copying buffers occurs without checking the size of the input data. This allows an attacker to execute arbitrary code.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created update file...

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, related to insufficient validation of input data, allows attackers to exploit this to increase their privileges.

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, relates to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to enhance their privileges through a...

The vulnerability of Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, arises from insufficient limit on authentication attempts. This allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, relates to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow a malicious actor to gain unauthorized...

The vulnerability of Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, arises from improper resource allocation between different areas. This allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, relates to improper movement of resources between different areas. Exploiting this vulnerability can allow an attacker operating remotely to gain...

CVE-2022-31482

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29...

CVE-2022-31485

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...

CVE-2022-31486

An authenticated attacker can send a specially crafted route to the “editroute.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303...

CVE-2022-31481

An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP seri...

CVE-2022-31484

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of...