Schneider Electric Modicon Controllers and Software (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect x70, SCADAPack x70 RTUs, and Modicon M580 and M340 control products Vulnerabilities :...

Automation Direct CLICK PLC CPU Modules

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Automation Direct Equipment: CLICK PLC CPU modules Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Cleartext Transmission of Sensitive Information, Unprotected Storage of...

Delta Electronics CNCSoft ScreenEditor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: CNCSoft ScreenEditor Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device, and an out-of-bounds write...

Delta Electronics CNCSoft ScreenEditor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Industrial Automation Equipment: CNCSoft ScreenEditor Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability may allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1...

Siemens Nucleus DNS (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Nucleus Vulnerability: Use of Insufficiently Random Values 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-103-14 Siemens Nucleus...

Mitsubishi Electric MELFA (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELFA FR Series, MELFA CR Series, MELFA ASSISTA Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

Kubernetes: Code Injection via Insecure Yaml.load

Report Submission Form Summary: The Kubernetes repo and tool, test-infra, uses the insecure yaml.load function to set or update the Gubernator configuration with a yaml file which allows for code injection. Vulnerable Line of Code:...

Mitsubishi Electric MELSEC iQ-R Series (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a...

Vulnerability Descriptions in the New Version of the Security Update Guide

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System CVSS. This is a precise method that describes the vulnerability with attributes such as t...

Mitsubishi Electric Multiple Products (Update G)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : Multiple products Vulnerability : Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could be used...

Low: php72, php73

Issue Overview: The flaw is in pharparsezipfile of ext/phar/zip.c. When processing a PHP archive file phar, if a persistent entry is used as defined in php.ini, then memory pointed to by the actualalias pointer is freed. Directly after the free, the actualalias pointer is passed to...

Mitsubishi Electric Factory Automation Products Path Traversal (Update C)

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation products Vulnerability: Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

CVE-2019-11745

A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...

Chrome Cookie Extraction

Extract cookies from Chrome using Chrome’s Remote Debugging Protocol Recent assessments: 0xEmma at March 15, 2020 7:03pm UTC reported: Although this can lead to cookie leaks, the typical session cookie expires. And the complexity of this attack requires local access to a system, which, generally...

GE Healthcare Ultrasound products (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION : low attack complexity Vendor : GE Healthcare Equipment : Ultrasound Products Vulnerability : Protection Mechanism Failure, Incorrect User Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker...

Siemens PROFINET-IO Stack (Update H)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2019-19126

A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the software is 32-bit...

ICSA-19-253-03_Siemens Industrial Products (Update P)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2. UPDATE INFORMATION...

Security Bulletin: Dirty COW Vulnerability (CVE-2016-5195)

Question Security Bulletin: Dirty COW Vulnerability CVE-2016-5195 Answer Summary A vulnerability has been found in the Linux kernel. An attacker could exploit the vulnerability to increase their privileges on the system. Vulnerability Details CVEID: CVE-2016-5195 DESCRIPTION: A race condition was...