22 matches found
EUVD-2022-34889
Malicious code in bioql PyPI...
EUVD-2022-34888
Malicious code in bioql PyPI...
EUVD-2022-34887
Malicious code in bioql PyPI...
CVE-2022-2640
The CVE-2022-2640 issue affects Horner Automation RCC 972 firmware 15.40, where configuration files are encrypted with weak XOR encryption vulnerable to reverse engineering. This can allow an attacker to obtain credentials to run services such as FTP and HTTP. Supported details from multiple sour...
CVE-2022-2642
In Horner Automation RCC 972, firmware 15.40 contains global variables that could allow an attacker to read sensitive values and variable keys from the device. The issue is documented under CVE-2022-2642 and is supported by ICSA-22-335-02, which lists the affected product/version and recommends u...
CVE-2022-2640
The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol FTP and Hypertext Transfer Protocol HTTP...
CVE-2022-2642
Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device...
CVE-2022-2642
Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device...
CVE-2022-2641
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...
CVE-2022-2641
CVE-2022-2641 affects Horner Automation RCC 972 firmware 15.40, due to a static encryption key on the device. This enables remote changes, potential remote code execution, or DoS. Mitigation: update to RCC 972 firmware 15.60 or later; apply network isolation and standard ICS defenses per CISA ICS...
CVE-2022-2642
Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device...
CVE-2022-2642
Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device...
CVE-2022-2641
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...
CVE-2022-2641
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...
CVE-2022-2640
The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol FTP and Hypertext Transfer Protocol HTTP...
CVE-2022-2640
The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol FTP and Hypertext Transfer Protocol HTTP...
Race condition
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...
Design/Logic Flaw
Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device...
CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs
The U.S. Cybersecurity and Infrastructure Security Agency CISA this week released an Industrial Control Systems ICS advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users ...
PT-2022-17832 · Horner Automation · Rcc 972
Name of the Vulnerable Software and Affected Versions: Horner Automation’s RCC 972 firmware version 15.40 Description: The issue concerns the presence of global variables in the firmware, which could allow an attacker to read out sensitive values and variable keys from the device. Recommendations...