CVE-2022-26080 Easily guessable session ID's in NE843 Pulsar Plus Controller

Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C2 G4612 – comcode 150047415...

CVE-2022-26080

CVE-2022-26080: Insufficiently random session IDs in ABB Pulsar Plus Controller NE843_S and Infinity DC Power Plant. Affected: Pulsar Plus System Controller NE843_S (comcode 150042936) and Infinity DC Power Plant (comcodes 150047415). Root cause: session IDs too short/incrementing and visible in ...

Authorities Shut Down ChipMixer Platform Tied to Crypto Laundering Scheme

A coalition of law enforcement agencies across Europe and the U.S. announced the takedown of ChipMixer, an unlicensed cryptocurrency mixer that began its operations in August 2017. "The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking t...

PT-2023-2102 · Abb · Abb Infinity Dc Power Plant +1

Name of the Vulnerable Software and Affected Versions: ABB Pulsar Plus System Controller NE843 S ABB Infinity DC Power Plant H5692448 G104 ABB Infinity DC Power Plant H5692448 G842 ABB Infinity DC Power Plant H5692448 G224L ABB Infinity DC Power Plant H5692448 G630-4 ABB Infinity DC Power Plant...

Pulsar Plus System Controller 安全特征问题漏洞

Pulsar Plus System Controller is a Pulsar Plus series controller. A security vulnerability exists in the ABB Pulsar Plus System Controller NE843S, ABB Infinity DC Power Plant, which stems from the presence of an Insufficient Use of Random Values vulnerability. The following products and versions...

CVE-2022-1607

Cross-Site Request Forgery CSRF vulnerability in ABB Pulsar Plus System Controller NE843S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C2 G46...

CVE-2022-1607

Cross-Site Request Forgery CSRF vulnerability in ABB Pulsar Plus System Controller NE843S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C2 G46...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in ABB Pulsar Plus System Controller NE843S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C2 G46...

CVE-2022-1607 Cross Site Scripting vulnerability in NE843 Pulsar Plus Controller

Cross-Site Request Forgery CSRF vulnerability in ABB Pulsar Plus System Controller NE843S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C2 G46...

CVE-2022-1607 Cross Site Scripting vulnerability in NE843 Pulsar Plus Controller

Cross-Site Request Forgery CSRF vulnerability in ABB Pulsar Plus System Controller NE843S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C2 G46...

CVE-2022-1607

ABB Pulsar Plus System Controller NE843_S and ABB Infinity DC Power Plant (H5692448 variants) are affected by CSRF (CVE-2022-1607). The issue arises from vulnerable web interfaces allowing unauthorized state-changing actions via forged requests. Affected versions include NE843_S comcode 150042936...

PT-2023-3375 · Abb · Abb Infinity Dc Power Plant +1

Name of the Vulnerable Software and Affected Versions: ABB Pulsar Plus System Controller NE843 S version comcode 150042936 ABB Infinity DC Power Plant versions H5692448 G104, H5692448 G842, H5692448 G224L, H5692448 G630-4, H5692448 G451C2, H5692448 G4612 – comcode 150047415 Description: The issue...

Pulsar Plus System Controller 跨站请求伪造漏洞

The Pulsar Plus System Controller is the Pulsar Plus family of controllers. A security vulnerability exists in ABB Pulsar Plus System Controller version NE843S, which originates from ABB Infinity DC Power Plant allowing cross-site request forgery, affecting the following products and versions:...

Norway Seizes $5.84 Million in Cryptocurrency Stolen by Lazarus Hackers

Norwegian police agency Økokrim has announced the seizure of 60 million NOK about $5.84 million worth of cryptocurrency stolen by the Lazarus Group in March 2022 following the Axie Infinity Ronin Bridge hack. "This case shows that we also have a great capacity to follow the money on the blockchai...

SUSE CVE-2017-7781

An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINTATINFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an...

SUSE CVE-2017-14245

An out of bounds read in the function d2alawarray in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values...

SUSE CVE-2017-14246

An out of bounds read in the function d2ulawarray in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values...

SUSE CVE-2020-26890

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into th...

SUSE CVE-2021-29510

Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either 'infinity', 'inf' or float'inf' or their negatives to datetime or date fields causes validation to run forever with 100% CPU usage on one CPU. Pydantic has been patched with fixes...

SUSE-SU-2022:3598-1 Security update for exiv2

This update for exiv2 fixes the following issues: - CVE-2021-37621: Fixed denial of service due to infinite loop in Image:printIFDStructure bsc1189333. - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read bsc1189332. - CVE-2021-37619: Fixed out-of-bounds read in...