CVE-2022-38980

CVE-2022-38980 describes a heap overflow in the Huawei HarmonyOS HwAirlink module when processing data packets of its proprietary protocol. The vulnerability could allow an attacker to obtain process control permissions, as indicated by the provided descriptions. The available connected documents...

CVE-2022-38980

The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions...

CVE-2022-38980

The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions...

PT-2022-24636 · Hwairlink · Hwairlink

Name of the Vulnerable Software and Affected Versions: HwAirlink module affected versions not specified Description: The issue is related to a heap overflow vulnerability in the HwAirlink module when processing data packets of a proprietary protocol. This vulnerability may allow attackers to obta...

Huawei HarmonyOS HwAirlink Module Buffer Overflow Vulnerability

Huawei HarmonyOS is an operating system from Huawei China Inc. Huawei HarmonyOS version 2.0, 2.1 is vulnerable to a buffer overflow vulnerability that stems from a boundary error in the handling of untrusted input by the HwAirlink module. An attacker could exploit the vulnerability to gain proces...

Hitachi Energy AFS660/AFS665

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS660/AFS665 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to overflow an internal buffer...

Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the system node and its information...

Hitachi Energy MSM Product

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MSM Product Vulnerability: Reliance on Uncontrolled Component 2. RISK EVALUATION Successful exploitation of this vulnerability could disrupt the functionality of the MSM web...

Hitachi Energy RTU500 series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause an internal buffer overflow, which can...

Siemens SIMATIC eaSie Input Validation Error Vulnerability

SIMATIC eaSie, the digital assistant for automation and process control technology in the Siemens Automation Concept "Total Integrated Automation", is vulnerable to an input validation error that could be exploited by remote attackers to trigger a denial of service on the affected system...

Siemens SIMATIC eaSie Authentication Error Vulnerability

SIMATIC eaSie, the digital assistant for automation and process control technology in the Siemens Automation Concept "Total Integrated Automation", is vulnerable to an authentication error that could be exploited by a remote, unauthenticated attacker to send arbitrary messages to the service,...

Jenkins Plugin xUnit 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins Plugin xUnit 3.0.8 and earlier versions, which can be exploited by an attacker...

Siemens SIMATIC WinCC Kiosk Mode Incorrect Initialization Vulnerability

SIMATIC PCS 7 is a process control system.SIMATIC WinCC is an automated data acquisition and monitoring SCADA system.SIMATIC WinCC Runtime Professional is a visual runtime platform for operators to control and monitor machines and equipment. A security vulnerability exists in Siemens SIMATIC WinC...

YottaDB has an unspecified vulnerability (CNVD-2022-31932)

YottaDB is a real-time database from YottaDB, Inc. A security vulnerability exists in YottaDB r1.32 and earlier versions, which can be exploited to gain control of the execution process by manipulating the value of the function pointer used by opwrite in srport/opwrite.c using carefully crafted...

CVE-2020-8107

A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions pri...

CVE-2020-8107 Process Control vulnerability in Bitdefender Antivirus Plus

A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions pri...

PT-2022-4092 · Siemens · Simatic Pcs 7 +1

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions V8.2 through V9.1 SIMATIC PCS 7 version V9.1 prior to V9.1 SP1 SIMATIC WinCC versions V7.4 through V7.4 prior to V7.4 SP1 Update 19 SIMATIC WinCC versions V7.5 through V7.5 prior to V7.5 SP2 Update 6 SIMATIC WinCC...

ABB Relion 650 and 670 Series Improper Input Validation (CVE-2019-18247)

An attacker may use a specially crafted message to force Relion 650 series versions 1.3.0.5 and prior or Relion 670 series versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior to reboot, which could cause a denial of service. This plugin only works with Tenable.ot. Please visit...

SIMATIC eaSie PCS 7 Skill Package (6DL5424- 0BX00-0AV8) Arbitrary File Download Vulnerability

SIMATIC eaSie is the digital assistant automation concept for Siemens Automation and Process Control Technology, "Totally Integrated Automation". SIMATIC eaSie PCS 7 Skill Package 6DL5424- 0BX00-0AV8 arbitrary file download vulnerability can be exploited by an attacker to read arbitrary files...

Hitachi Energy XMC20 and FOX61x

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: XMC20 and FOX61x Vulnerabilities: Weak Password Requirements, Missing Handler 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...