Lucene search
K

85 matches found

Cvelist
Cvelist
added 2024/10/08 8:40 a.m.27 views

CVE-2024-47553

A vulnerability has been identified in SINEC Security Monitor All versions V4.9.0. The affected application does not properly validate user input to the ssmctl-client command. This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the...

9.9CVSS0.0083EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.4 views

PT-2024-8130 · Siemens · Siemens Sinec Security Monitor

Name of the Vulnerable Software and Affected Versions: Siemens SINEC Security Monitor versions prior to V4.9.0 Description: A vulnerability has been identified where the affected application does not properly validate that user input complies with a list of allowed values. This could allow an...

5.3CVSS7.1AI score0.00373EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.8 views

Siemens SINEC Security Monitor 参数注入漏洞

SINEC Security Monitor is a modular network security software for passive, non-intrusive, continuous network security monitoring during production processes at customer sites. Siemens SINEC Security Monitor suffers from a parameter injection vulnerability that stems from a failure to properly...

9.9CVSS8.1AI score0.0083EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.7 views

Siemens SINEC Security Monitor 安全漏洞

SINEC Security Monitor is a modular network security software for passive, non-intrusive, continuous network security monitoring during production processes at customer sites. A Permitted Input Permit List vulnerability exists in Siemens SINEC Security Monitor, which arises from failure to proper...

5.3CVSS6.8AI score0.00373EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.7 views

Siemens SINEC Security Monitor 安全漏洞

SINEC Security Monitor is a modular network security software for passive, non-intrusive, continuous network security monitoring during production processes at customer sites. Siemens SINEC Security Monitor suffers from a command injection vulnerability that originates from a failure to properly...

9.3CVSS7.5AI score0.00269EPSS
Exploits0References2
ICS
ICS
added 2024/10/08 12:0 a.m.34 views

Siemens SINEC Security Monitor

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.9CVSS8.2AI score0.0083EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/08/10 12:0 a.m.5 views

PT-2024-7415 · Siemens · Siemens Sinec Security Monitor

Name of the Vulnerable Software and Affected Versions: Siemens SINEC Security Monitor versions prior to V4.9.0 Description: The issue is related to the incorrect processing of user input data in the ssmctl-client command, which could allow a remote attacker to execute arbitrary code with root...

9.9CVSS8.3AI score0.0083EPSS
Exploits0References11
Talos Blog
Talos Blog
added 2021/11/10 12:55 a.m.23 views

Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton

By Claudio Bozzato and Lilith --;. Following our previous engagements see blog posts 1, 2, 3 and 4 with Microsoft's Azure Sphere IoT platform, we decided to take another look at the device, without all the rush and commotion that normally entails a hacking challenge. Today, we’re... This is only...

6.9AI score
Exploits0
Talos
Talos
added 2021/11/09 12:0 a.m.19 views

Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging 1BL firmware downgrade vulnerability

Summary A firmware downgrade vulnerability exists in the Security Monitor SMSyscallCommitImageStaging 1BL functionality of Microsoft Azure Sphere 21.01. A specially-crafted set of Secmon syscalls can lead to downgrading the version of the 1BL firmware. An attacker can use syscalls to trigger this...

7AI score
Exploits0
Talos
Talos
added 2021/11/09 12:0 a.m.31 views

Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests image validation signature check bypass vulnerability

Summary A signature check bypass vulnerability exists in the Security Monitor SMSyscallStageBaseManifests image validation functionality of Microsoft Azure Sphere 21.01. A specially crafted manifest can lead to a firmware downgrade. An attacker can use syscalls to trigger this vulnerability. Test...

6.7CVSS6.2AI score0.00547EPSS
Exploits0
Talos
Talos
added 2021/11/09 12:0 a.m.21 views

Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests offset calculation out-of-bounds read vulnerability

Summary An out-of-bounds read vulnerability exists in the Security Monitor SMSyscallStageBaseManifests offset calculation of Microsoft Azure Sphere 21.01. A specially crafted manifest could lead to information disclosure. An attacker can use syscalls to trigger this vulnerability. Tested Versions...

4.4CVSS4.1AI score0.00728EPSS
Exploits0
Talos
Talos
added 2021/09/14 12:0 a.m.25 views

Microsoft Azure Sphere Security Monitor SMSyscallPeripheralAcquire information disclosure vulnerability

Talos Vulnerability Report TALOS-2021-1309 Microsoft Azure Sphere Security Monitor SMSyscallPeripheralAcquire information disclosure vulnerability September 14, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the Security Monitor SMSyscallPeripheralAcquire...

7.7AI score
Exploits0
Talos
Talos
added 2021/08/10 12:0 a.m.24 views

Microsoft Azure Sphere Security Monitor SMSyscallWriteBlockToStageImage information disclosure vulnerability

Talos Vulnerability Report TALOS-2021-1310 Microsoft Azure Sphere Security Monitor SMSyscallWriteBlockToStageImage information disclosure vulnerability August 10, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the Security Monitor SMSyscallWriteBlockToStageImage...

6.4AI score
Exploits0
Talos
Talos
added 2021/08/10 12:0 a.m.93 views

Microsoft Azure Sphere Security Monitor SECTION_ABIDepends denial of service vulnerability

Talos Vulnerability Report TALOS-2021-1311 Microsoft Azure Sphere Security Monitor SECTIONABIDepends denial of service vulnerability August 10, 2021 CVE Number None SUMMARY A denial of service vulnerability exists in the Security Monitor SECTIONABIDepends functionality of Microsoft Azure Sphere...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/05/08 12:0 a.m.20 views

The vulnerability of the security-monitor function in the Secure Boot protocol (part of the UEFI specification) is related to an error in the display of ssh for the root user. This vulnerability allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failure.

The vulnerability of the security-monitor function in the Secure Boot protocol a part of the UEFI specification is related to an error in the display of ssh for the root user, when this protocol is not enabled for the user. Exploiting this vulnerability can allow a remote attacker to access...

5.1CVSS5.5AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/10/01 12:0 a.m.10 views

The vulnerability of the fly-admin-security-monitor component in the FLY operating system environment of the Astra Linux platform allows a perpetrator to compromise data integrity, gain unauthorized access to protected information, and cause service interruptions.

The vulnerability of the fly-admin-security-monitor component in the FLY operating environment of the Astra Linux system is related to the absence of blocking mechanisms for system commands, as well as the absence of a configuration status for the closed-programming-environment security system...

6CVSS5.5AI score
Exploits0References1
NVD
NVD
added 2019/07/17 5:15 p.m.29 views

CVE-2019-12175

In Zeek Network Security Monitor formerly known as Bro before 2.6.2, a NULL pointer dereference in the Kerberos aka KRB protocol parser leads to DoS because a case-type index is mishandled...

7.5CVSS7.4AI score0.01411EPSS
Exploits0References1
OSV
OSV
added 2019/07/17 5:15 p.m.22 views

CVE-2019-12175

In Zeek Network Security Monitor formerly known as Bro before 2.6.2, a NULL pointer dereference in the Kerberos aka KRB protocol parser leads to DoS because a case-type index is mishandled...

7.5CVSS6.6AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/07/17 5:15 p.m.33 views

CVE-2019-12175

In Zeek Network Security Monitor formerly known as Bro before 2.6.2, a NULL pointer dereference in the Kerberos aka KRB protocol parser leads to DoS because a case-type index is mishandled...

7.5CVSS7.1AI score0.01411EPSS
Exploits0References1
Prion
Prion
added 2019/07/17 5:15 p.m.20 views

Null pointer dereference

In Zeek Network Security Monitor formerly known as Bro before 2.6.2, a NULL pointer dereference in the Kerberos aka KRB protocol parser leads to DoS because a case-type index is mishandled...

5CVSS7.4AI score0.01411EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder