CVE-2021-33716

A vulnerability has been identified in SIMATIC CP 1543-1 incl. SIPLUS variants All versions V3.0, SIMATIC CP 1545-1 All versions V1.1. An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext...

CVE-2021-33716

A vulnerability has been identified in SIMATIC CP 1543-1 incl. SIPLUS variants All versions V3.0, SIMATIC CP 1545-1 All versions V1.1. An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext...

CVE-2021-33716

The CVE-2021-33716 issue affects Siemens SIMATIC CP 1543-1 (incl. SIPLUS variants) and CP 1545-1. Affected versions: CP 1543-1 before v3.0 and CP 1545-1 before v1.1. Root cause: cleartext storage of sensitive information that can be retrieved by an attacker with subnet access. Impact: exposure of...

PT-2021-20292 · Siemens · Simatic Cp 1545-1 +1

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 1543-1 incl. SIPLUS variants versions prior to V3.0 SIMATIC CP 1545-1 versions prior to V1.1 Description: A vulnerability has been identified that allows an attacker with access to the subnet of the affected device to retrieve...

Siemens SIMATIC CP (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CP 1543-1 incl. SIPLUS variants and SIMATIC CP 1545-1 Vulnerability: Cleartext Storage of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a follow-up to...

ISC BIND Winsock API Vulnerability (CVE-2013-6230) - Windows

ISC BIND is prone to a vulnerability in the Winsock API. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

BenQ EH600安全漏洞

The BenQ EH600 is an Android-based business smart projector from China's BenQ. A security vulnerability exists in the BenQ EH600 that stems from the BenQ smart wireless conference projector's management interface not properly controlling user privileges. An attacker can access any system director...

Dell OpenManage Enterprise docker实例预认证RCE认证绕过漏洞（CVE-2021-21596）

Details - Remote Auth Bypass with 2 pre-auth RCEs in docker instances There is a chain of pre-auth vulnerabilities allowing to: get a shell on the redis container, as redis get a shell on the postgres container, as postgres get a full access to the postgres database bypass authentication on the w...

EulerOS Virtualization for ARM 64 3.0.2.0 : dhcp (EulerOS-SA-2021-2077)

According to the versions of the dhcp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - DHCP Dynamic Host Configuration Protocol is a protocol which allows individual devices on an IP network to get their own...

AWS Pen-Testing Laboratory - Pentesting Lab With A Kali Linux Instance Accessible Via Ssh And Wireguard VPN And With Vulnerable Instances In A Private Subnet

PenTesting laboratory deployed as IaC with Terraform on AWS. It deploys a Kali Linux instance accessible via ssh & wireguard VPN. Vulnerable instances in a private subnet. NOTE: Ids only defined for region "eu-west-1" For other regions, kali ami id must be specified and metasploitable3 id after...

Important: dhcp security update

The Dynamic Host Configuration Protocol DHCP is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to...

SUSE: Security Advisory (SUSE-SU-2018:3965-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-26560

An impersonation attack vulnerability was found in the Linux kernel’s Bluetooth Mesh Profile implementation. The Mesh Provisioning procedure has a flaw that allows an attacker without knowledge of the AuthValue to spoof a provisioned device and use crafted responses that appear to possess the...

CVE-2021-21482

SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrative privileges...

CVE-2021-21482

SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrative privileges...

VulnCheck KEV: CVE-2019-5591

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol LDAP server...

Cisco Application Policy Infrastructure Controller and Cisco Nexus 9000 Series Fabric Switches Security Vulnerabilities

The Cisco Application Policy Infrastructure Controller APIC and the Cisco Nexus 9000 Series Fabric Switches are both products of Cisco Corporation.The Cisco Application Policy The Cisco Application Policy Infrastructure Controller is an automated infrastructure deployment and governance solution,...

Smart DNS for the New Network: Optimizing Content Delivery

This is the third in a series of blog posts that will discuss how smart DNS resolvers can enhance ongoing internet service provider ISP and mobile network operator MNO network transformation efforts, such as the transition to 5G, better integration of Wi-Fi, and new network designs that optimize...

The vulnerability of Moxa EDR-810 microcontroller software lies in the lack of protection for service data. This allows attackers to disclose sensitive information such as the LAN IP address, model name, MAC address, subnet mask, and server configuration settings.

The vulnerability of Moxa EDR-810 microcontroller-based software lies in the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information such as the LAN IP address, model name, MAC address, subnet mask, and...

The vulnerability of the JunOS operating system, related to the use of the subnet 128.0.0.0/2 for internal communication between RE and PFE, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the JunOS operating system lies in the use of the subnet 128.0.0.0/2 for internal communication between the RE and PFE. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...