Aruba Networks ArubaOS Operating System Command Injection Vulnerability

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, Inc. The vulnerability stems from multiple vulnerabilities identified in Aruba products. The vulnerabilities could be exploited by an...

Aruba Operating System Command Injection Vulnerability (CNVD-2021-77607)

Aruba Operating System is the operating system for Aruba Controller-managed wireless LANs and Aruba Mobility Controllers from Aruba Networks, Inc. A command injection vulnerability exists in the Aruba Operating System that can be exploited by an attacker to trigger remote command execution via th...

Aruba Networks ArubaOS Command Injection Vulnerability (CNVD-2021-71260)

Aruba Networks ArubaOS, an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, is vulnerable to a command injection vulnerability. The vulnerability is caused by incorrect validation of certain NTFS metadata by the...

Aruba Networks ArubaOS Operating System Command Injection Vulnerability (CNVD-2021-71258)

Aruba Networks ArubaOS, an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobile Access Switches from Aruba Networks, is vulnerable to a command injection vulnerability. A remote arbitrary command execution vulnerability has been identified in Aruba SD-WAN...

Aruba Networks ArubaOS Operating System Command Injection Vulnerability (CNVD-2021-71261)

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, Inc. injection vulnerability, which is caused by incorrect validation of certain NTFS metadata by the application, which could lead to a...

Aruba Operating System Command Injection Vulnerability

Aruba Networks Aruba Operating System, the operating system for Aruba controller-managed wireless LANs and Aruba mobile controllers from Aruba Networks, is vulnerable to a command injection vulnerability. The vulnerability is caused by a failure to properly filter special characters, commands, et...

CVE-2021-22792

A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU par...

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium lies in insufficient testing for unusual or exceptional states. This allows a intruder to trigger malfunctions during maintenance.

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium lies in insufficient testing for unusual or exceptional states. Exploiting this vulnerability can allow an attacker operati...

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium lies in the absence of authentication for a critical function, allowing attackers to execute arbitrary commands.

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium lies in the absence of authentication for critical functions. Exploiting this vulnerability allows an attacker operating remotely to...

Moxa多款产品跨站脚本漏洞

The Moxa WAC-1001 is a series of railroad wireless controllers from Moxa in China. Moxa suffers from a cross-site scripting vulnerability that stems from a security flaw that is present in many Moxa devices...

Aruba Networks Aruba Operating System 命令注入漏洞

Aruba Networks Aruba Operating System, the operating system for Aruba controller-managed wireless LANs and Aruba mobile controllers from Aruba Networks, is vulnerable to a command injection vulnerability. The vulnerability is caused by a failure to properly filter special characters, commands, et...

Aruba Operating System 跨站请求伪造漏洞

Aruba Operating System is the operating system for Aruba controller-managed wireless LANs and Aruba mobile controllers from Aruba Networks, Inc. user interface to perform file deletion operations...

kernel: race condition for removal of the HCI controller

A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to...

kernel: race condition for removal of the HCI controller

A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to...

The vulnerability of the microprogrammed logic controllers from Schneider Electric, such as Modicon M221, M100, and M200, stems from insufficiently secure data encryption. This allows attackers to obtain the encryption key.

The vulnerability of the microprogrammed logic controllers from Schneider Electric, such as Modicon M221, M100, and M200, is related to insufficiently secure data encryption. Exploiting this vulnerability could allow a malicious actor to obtain the encryption key remotely...

FANUC Robot Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: FANUC Equipment: R-30iA and R-30iB series controllers Vulnerabilities: Integer Coercion Error, Out-of-bounds Write 2. UPDATE INFORMATION This advisory is a follow-up to the original advisory titled ICSA-21-243-02P FANUC...

The vulnerability of microprogrammed programmable logic controllers like Modicon and PacDrive lies in the lack of authentication for a critical function. This allows attackers to alter the device’s IP configuration.

The vulnerability of the microprogrammed logic controllers Modicon and PacDrive lies in the absence of authentication for the critical function. Exploiting this vulnerability allows an attacker to remotely alter the device’s IP configuration...

The vulnerability of the communication interface for Smartlink modular equipment, the microprogrammed wireless energy sensor PowerTag, and Wiser controllers, related to the use of insufficiently random values, allows intruders to gain increased privileges.

The vulnerability of the communication interface for Smartlink module equipment, the microprogrammed wireless energy sensor PowerTag, and Wiser controllers is related to the use of insufficiently random values. Exploiting this vulnerability could allow a remote attacker to exploit the system...

The vulnerability of microprogrammed software for Modicon M218, M218, M241, M251, and M258 logic controllers lies in insufficient data authenticity checking, allowing attackers to execute arbitrary codes.

The vulnerability of microprogrammed software in Modicon M218, M218, M241, M251, and M258 logic controllers is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker operating remotely to execute arbitrary codes...

Researchers Uncover FIN8's New Backdoor Targeting Financial Institutions

A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and st...