CVE-2024-45823 FactoryTalk® Batch View™ Authentication Bypass Vulnerability via shared secrets

CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during...

CVE-2024-45823 FactoryTalk® Batch View™ Authentication Bypass Vulnerability via shared secrets

CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during...

Rockwell Automation FactoryTalk Batch View

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Batch View Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker bypassing authentication...

K000141047: Multiple Node.js vulnerabilities

Security Advisory Description CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API...

PT-2024-6220 · Rockwell Automation · Factorytalk Batch View

Name of the Vulnerable Software and Affected Versions: FactoryTalk Batch View affected versions not specified Description: The issue is related to an authentication bypass vulnerability. This vulnerability exists due to shared secrets across accounts, which could allow a threat actor to impersona...

Rockwell Automation FactoryTalk Batch View 安全漏洞

Rockwell Automation FactoryTalk Batch View is a batch view application from Rockwell Automation USA. A security vulnerability exists in Rockwell Automation FactoryTalk Batch View that stems from the inclusion of an authentication bypass vulnerability...

CVE-2024-35783

A vulnerability has been identified in SIMATIC BATCH V9.1 All versions, SIMATIC Information Server 2020 All versions V2020 SP2 Update 5, SIMATIC Information Server 2022 All versions V2022 SP1 Update 2, SIMATIC PCS 7 V9.1 All versions V9.1 SP2 UC06, SIMATIC Process Historian 2020 All versions V202...

CVE-2024-35783

CVE-2024-35783 affects Siemens SIMATIC SCADA/PCS7 family (e.g., SIMATIC BATCH, Information Server, PCS 7, Process Historian, WinCC variants). The root cause is privilege-management errors allowing the database server to run with elevated privileges, enabling an authenticated attacker to execute a...

BIT-NODE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

SUSE CVE-2024-44945

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink: Initialise extack before use in ACKs Add missing extack initialisation when ACKing BATCHBEGIN and BATCHEND...

Exploit for Command Injection in Telesquare Tlr-2005Ksh_Firmware

🚀 CVE-2024-29269 Exploit This repository contains an exploit...

ALPINE-CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

UBUNTU-CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

CVE-2024-36138

CVE-2024-36138 is a chain-vulnerability tied to Node.js: it bypasses the incomplete fix for CVE-2024-27980, exploiting improper handling of batch files on Windows via child_process.spawn/spawnSync. This can allow a malicious command line argument to inject commands and achieve code execution even...

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 22.x, 20.x, and 18.x that stems from improper handling of batch files with all possible extensions, which can lead to arbitrary command injection as well as code execution...

SUSE CVE-2024-43402

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

The vulnerability of the `std::process::Command` function in the `File Extension` component of the Rust programming language operating system for Windows, allowing a malicious actor to execute arbitrary code.

The vulnerability of the std::process::Command function in the File Extension component of the Rust programming language operating system for Windows is related to the implementation or modification of arguments. Exploiting this vulnerability could allow an attacker to execute arbitrary code by...

SUSE CVE-2024-44991

In the Linux kernel, the following vulnerability has been resolved: tcp: prevent concurrent execution of tcpskexitbatch Its possible that two threads call tcpskexitbatch concurrently, once from the cleanupnet workqueue, once from a task that failed to clone a new netns. In the latter case, error...