145 matches found
Security Bulletin: This Power System update is being released to address CVE-2023-1017 and CVE-2023-1018
Summary An attacker with access to the host could send malformed commands to the TPM which would result in a TPM DoS. A complete power cycle of the system is required to recover. Vulnerability Details CVEID:CVE-2023-1017 DESCRIPTION: Trusted Computing Group Trusted Platform Module could allow a...
Security Bulletin: This Power System update is being released to address CVE-2024-31916
Summary This affects the BMC's HTTPS-based Redfish interface. Note the BMC's web-based ASMI interface uses the Redfish interface. Vulnerability Details CVEID:CVE-2024-31916 DESCRIPTION: IBM OpenBMC's BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that...
Security Bulletin: This Power System update is being released to address CVE-2023-48795
Summary This affects the BMC's secure shell SSH interfaces which provides service access to the BMC's command shell, access to the host console, and service access to the hypervisor console. The BMC does not have SSH extensions, so a successful attack will not downgrade client connection security...
Security Bulletin: This Power System update is being released to address CVE-2023-45857
Summary This affects the BMC's ASMi web application. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKEN header using the secret XSRF-TOKEN cookie value in al...
Security Bulletin: This Power System update is being released to address CVE-2022-4304
Summary The OpenSSL RSA Decryption timing-based side channel attack affects BMC's HTTPS and SSH connections. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...
Security Bulletin: This Power System update is being released to address CVE 2020-10735
Summary BMC firmware version OP910 uses Python to help serve HTTPS requests but Python is not used to process the request body, so this access vector is not vulnerable the Python long integer vulnerability. A BMC administrator who uses Python from the BMC's command line is subject to this...
Security Bulletin: This Power System update is being released to address CVE-2021-3505
Summary A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with 1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate, which is called before the prime number check...
Security Bulletin: This Power System update is being released to address CVE-2023-46183
Summary A vulnerability was identifed where sensitive partition data controlled by PowerVM may be accessible to a system administrator. Vulnerability Details CVEID:CVE-2023-46183 DESCRIPTION: IBM PowerVM Hypervisor could allow a system administrator to obtain sensitive partition information. CVSS...
Security Bulletin: This Power System update is being released to address CVE-2023-33851
Summary A vulnerability was identifed where sensitive partition data may be accessible to a system administrator. Vulnerability Details CVEID:CVE-2023-33851 DESCRIPTION: IBM PowerVM Hypervisor could reveal sensitive partition data to a system administrator. CVSS Base score: 5.3 CVSS Temporal Scor...
IBM PowerSC 加密问题漏洞
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from an encryption issue vulnerability that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decry...
Security Bulletin: This Power System update is being released to address CVE-2022-4304 CVE-2022-4450 CVE-2023-0215, and CVE-2023-0286
Summary The OpenSSL library is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, and CVE-2023-0286, b...
Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder 路径遍历漏洞
Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder is a software tool for power system monitoring and control from Schweitzer Engineering Laboratories, USA. A security vulnerability exists in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder that...
Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet 安全漏洞
Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software is a Schweitzer Engineering Laboratories, Inc. tool for configuring, commissioning and managing power system protection, control, metering and monitoring equipment. monitoring equipment of the power system. A security...
Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet 安全漏洞
Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software is a Schweitzer Engineering Laboratories, Inc. tool for configuring, commissioning and managing power system protection, control, metering and monitoring equipment. monitoring equipment of the power system. A security...
Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet 安全漏洞
Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software is a Schweitzer Engineering Laboratories, Inc. tool for configuring, commissioning and managing power system protection, control, metering and monitoring equipment. monitoring equipment of the power system. A security...
ZEROgrid: A Dependable, Cost-Effective, Low-Emission Power System
...
Security Bulletin: This Power System update is being released to address CVE-2023-1017 and CVE-2023-1018
Summary TCG Trusted Platform Module code is used by PowerVM to support virtual TPM. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2023-1017 and CVE-2023-1018, by upgrading PowerVM and thus addressing the exposure to the TCG TPM vulnerability. Vulnerability Details...
Security Bulletin: This Power System update is being released to address CVE 2023-30440
Summary A vulnerability was identified internally by IBM related to SRIOV virtual function support in PowerVM. An attacker with privileged user access to a logical partition that has an assigned SRIOV virtual function VF may be able to create a Denial of Service of the VF assigned to other logica...
Altenergy Power System Control Software 数据伪造问题漏洞
Altenergy Power System Control Software is microinverter control software from Altenergy Power System. A security vulnerability exists in Altenergy Power System Control Software version C1.2.5, which was discovered to contain a Remote Code Execution RCE vulnerability via component...
Altenergy Power System Control Software 操作系统命令注入漏洞
Altenergy Power System Control Software is microinverter control software from Altenergy Power System. A security vulnerability exists in AlAltenergy Power System Control Software version C1.2.5, which originates from an operating system command injection vulnerability...