40 matches found
CVE-2024-52564
Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or...
JVN#46615026: Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX
UD-LT1 and UD-LT1/EX provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-45841 OS Command Injection CWE-78...
Multiple vulnerabilities in NEC Aterm series
Overview Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 - CVE-2024-28006 Incorrect Permission...
JVN#82074338: Multiple vulnerabilities in NEC Aterm series
Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control...
CVE-2024-2103
Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably: SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5...
CVE-2024-2103 Inclusion of Undocumented Features
Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably: SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5...
CVE-2024-2103
CVE-2024-2103 covers an “inclusion of undocumented features” vulnerability affecting SEL relays: SEL-700BT, SEL-700G, SEL-710-5, SEL-751, SEL-787-2/ -3/ -4, and SEL-787Z. The issue arises when an attacker with privileged access can trigger undocumented features, causing the relay to behave unpred...
CVE-2024-2103 Inclusion of Undocumented Features
Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably: SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5...
Schweitzer Engineering Laboratories SEL 700 series relays
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schweitzer Engineering Laboratories Equipment : SEL 700 series relays Vulnerability : Inclusion of Undocumented Features 2. RISK EVALUATION Successful exploitation of this vulnerability...
PT-2024-18825 · Schweitzer Engineering Laboratories · Sel-751 +5
Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories SEL-700BT Motor Bus Transfer Relay affected versions not specified Schweitzer Engineering Laboratories SEL-700G Generator Protection Relay affected versions not specified Schweitzer Engineering Laboratories...
PYSEC-2023-79
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...
PT-2023-23572 · Vyper · Vyper
Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.8 Description: The issue concerns internal calls with default arguments in Vyper, a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, these calls are compiled incorrectly,...
Advisory ROSA-SA-2021-1954
Software: postfix 2.10.1 OS: Cobalt 7.9 CVE-ID: CVE-2017-10140 CVE-Crit: HIGH CVE-DESC: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 may allow local users to gain privileges using undocumented features in Berkeley DB 2. x and later related to reading...
Open-xchange OX App Suite 跨站脚本漏洞
Open-xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange Open-xchange USA. The environment allows users to manage email, tasks, files, etc. in a more intuitive way. A cross-site scripting vulnerability exists in OX App Suite version 7.10.4 and prior versions th...
Smart Doorbell Disaster: Many Brands Vulnerable to Attack
Smart doorbells, designed to allow homeowners to keep an eye on unwanted and wanted visitors, can often cause more security harm than good compared to their analog door bolt alternatives. Consumer-grade digital doorbells are riddled with potential cybersecurity vulnerabilities ranging from...
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Hidden Features
Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit
Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...
Ladder logic
The devices tested by the Basecamp Project included the D20 PLC by GE, The Modicon Quantum by Schneider Electric, Rockwell and Koyo Electronics. Each device was tested using a number of additional attack vectors. Researchers attempted to upload custom firmware or so-called “ladder logic” for the...
Multiple SAP Internet Graphics Service security vulnerabilities
File removal, insecure undocumented features, buffer overflow, crossite scripting...
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Undocumented Features
The following pre-advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-SecurityPre-AdvisorySAPIGSUndocumentedFeatures.pdf CYBSEC S.A. www.cybsec.com Pre-Advisory Name: SAP Internet Graphics Service IGS Undocumented Features ================== Vulnerability...