PT-2024-2702 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation versions prior to V2201.0012 Tecnomatix Plant Simulation versions prior to V2302.0006 Description: A stack overflow vulnerability has been identified in the affected applications while parsing specially crafted WRL...

PT-2024-2695 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation versions prior to V2201.0012 Tecnomatix Plant Simulation versions prior to V2302.0006 Description: A vulnerability has been identified in the affected applications, which contain an out of bounds read past the end ...

The vulnerability of the analysis component of the DOE-file software for simulation and automation of discrete events in Arena Simulation allows a perpetrator to execute arbitrary code.

The vulnerability of the DOE-file analysis component of the Arena Simulation software for modeling and automating discrete events involves the ability to read beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

CentOS 7 : open-vm-tools (RHSA-2023:7279)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7279 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges...

Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Input validation

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service DoS condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the...

Input validation

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service DoS condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the...

CVE-2023-5275

The CVE-2023-5275 entry describes an Improper Input Validation vulnerability in Mitsubishi Electric GX Works2’s simulation function that can cause a DoS when processing specially crafted packets. Affected product: GX Works2 (all versions). Root cause: input validation flaw (CWE-20) in the simulat...

CVE-2023-5275

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service DoS condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the...

CVE-2023-5274

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service DoS condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the...

PT-2023-31995 · Mitsubishi · Gx Works2

Name of the Vulnerable Software and Affected Versions: GX Works2 affected versions not specified Description: The issue is related to an Improper Input Validation vulnerability in the simulation function of GX Works2, which allows an attacker to cause a denial-of-service DoS condition by sending...

WP All Export (Free < 1.4.1, Pro < 1.8.6) - Author+ PHAR Deserialization via CSRF

Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution. 1. Ensure your WordPress...

open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper

A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper

A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper

A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper

A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

RHEL 8 : open-vm-tools (RHSA-2023:7261)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7261 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...

Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

Siemens Tecnomatix Plant Simulation WRL File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...