85 matches found
CVE-2024-47553
A vulnerability has been identified in SINEC Security Monitor All versions V4.9.0. The affected application does not properly validate user input to the ssmctl-client command. This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the...
PT-2024-8130 · Siemens · Siemens Sinec Security Monitor
Name of the Vulnerable Software and Affected Versions: Siemens SINEC Security Monitor versions prior to V4.9.0 Description: A vulnerability has been identified where the affected application does not properly validate that user input complies with a list of allowed values. This could allow an...
Siemens SINEC Security Monitor 参数注入漏洞
SINEC Security Monitor is a modular network security software for passive, non-intrusive, continuous network security monitoring during production processes at customer sites. Siemens SINEC Security Monitor suffers from a parameter injection vulnerability that stems from a failure to properly...
Siemens SINEC Security Monitor 安全漏洞
SINEC Security Monitor is a modular network security software for passive, non-intrusive, continuous network security monitoring during production processes at customer sites. A Permitted Input Permit List vulnerability exists in Siemens SINEC Security Monitor, which arises from failure to proper...
Siemens SINEC Security Monitor 安全漏洞
SINEC Security Monitor is a modular network security software for passive, non-intrusive, continuous network security monitoring during production processes at customer sites. Siemens SINEC Security Monitor suffers from a command injection vulnerability that originates from a failure to properly...
Siemens SINEC Security Monitor
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
PT-2024-7415 · Siemens · Siemens Sinec Security Monitor
Name of the Vulnerable Software and Affected Versions: Siemens SINEC Security Monitor versions prior to V4.9.0 Description: The issue is related to the incorrect processing of user input data in the ssmctl-client command, which could allow a remote attacker to execute arbitrary code with root...
Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton
By Claudio Bozzato and Lilith --;. Following our previous engagements see blog posts 1, 2, 3 and 4 with Microsoft's Azure Sphere IoT platform, we decided to take another look at the device, without all the rush and commotion that normally entails a hacking challenge. Today, we’re... This is only...
Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging 1BL firmware downgrade vulnerability
Summary A firmware downgrade vulnerability exists in the Security Monitor SMSyscallCommitImageStaging 1BL functionality of Microsoft Azure Sphere 21.01. A specially-crafted set of Secmon syscalls can lead to downgrading the version of the 1BL firmware. An attacker can use syscalls to trigger this...
Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests image validation signature check bypass vulnerability
Summary A signature check bypass vulnerability exists in the Security Monitor SMSyscallStageBaseManifests image validation functionality of Microsoft Azure Sphere 21.01. A specially crafted manifest can lead to a firmware downgrade. An attacker can use syscalls to trigger this vulnerability. Test...
Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests offset calculation out-of-bounds read vulnerability
Summary An out-of-bounds read vulnerability exists in the Security Monitor SMSyscallStageBaseManifests offset calculation of Microsoft Azure Sphere 21.01. A specially crafted manifest could lead to information disclosure. An attacker can use syscalls to trigger this vulnerability. Tested Versions...
Microsoft Azure Sphere Security Monitor SMSyscallPeripheralAcquire information disclosure vulnerability
Talos Vulnerability Report TALOS-2021-1309 Microsoft Azure Sphere Security Monitor SMSyscallPeripheralAcquire information disclosure vulnerability September 14, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the Security Monitor SMSyscallPeripheralAcquire...
Microsoft Azure Sphere Security Monitor SMSyscallWriteBlockToStageImage information disclosure vulnerability
Talos Vulnerability Report TALOS-2021-1310 Microsoft Azure Sphere Security Monitor SMSyscallWriteBlockToStageImage information disclosure vulnerability August 10, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the Security Monitor SMSyscallWriteBlockToStageImage...
Microsoft Azure Sphere Security Monitor SECTION_ABIDepends denial of service vulnerability
Talos Vulnerability Report TALOS-2021-1311 Microsoft Azure Sphere Security Monitor SECTIONABIDepends denial of service vulnerability August 10, 2021 CVE Number None SUMMARY A denial of service vulnerability exists in the Security Monitor SECTIONABIDepends functionality of Microsoft Azure Sphere...
The vulnerability of the security-monitor function in the Secure Boot protocol (part of the UEFI specification) is related to an error in the display of ssh for the root user. This vulnerability allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failure.
The vulnerability of the security-monitor function in the Secure Boot protocol a part of the UEFI specification is related to an error in the display of ssh for the root user, when this protocol is not enabled for the user. Exploiting this vulnerability can allow a remote attacker to access...
The vulnerability of the fly-admin-security-monitor component in the FLY operating system environment of the Astra Linux platform allows a perpetrator to compromise data integrity, gain unauthorized access to protected information, and cause service interruptions.
The vulnerability of the fly-admin-security-monitor component in the FLY operating environment of the Astra Linux system is related to the absence of blocking mechanisms for system commands, as well as the absence of a configuration status for the closed-programming-environment security system...
CVE-2019-12175
In Zeek Network Security Monitor formerly known as Bro before 2.6.2, a NULL pointer dereference in the Kerberos aka KRB protocol parser leads to DoS because a case-type index is mishandled...
CVE-2019-12175
In Zeek Network Security Monitor formerly known as Bro before 2.6.2, a NULL pointer dereference in the Kerberos aka KRB protocol parser leads to DoS because a case-type index is mishandled...
CVE-2019-12175
In Zeek Network Security Monitor formerly known as Bro before 2.6.2, a NULL pointer dereference in the Kerberos aka KRB protocol parser leads to DoS because a case-type index is mishandled...
Null pointer dereference
In Zeek Network Security Monitor formerly known as Bro before 2.6.2, a NULL pointer dereference in the Kerberos aka KRB protocol parser leads to DoS because a case-type index is mishandled...