27 matches found
EUVD-2015-0951
Malware in sbrugna...
EUVD-2018-2684
Malware in sbrugna...
EUVD-2004-1703
Malware in sbrugna...
Important: Red Hat Security Advisory: qt5-qtbase security update
An update for qt5-qtbase is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
CVE-2024-0220 B&R products use insufficient communication encryption
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data...
CVE-2024-0220 B&R products use insufficient communication encryption
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data...
Siemens LOGO! 8 BM Use of Hard-Coded Cryptographic Key (CVE-2020-25233)
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device. This plugin only works with Tenable.ot. Please visit...
Cisco Nexus 1000V VSM/VEM Communication Encryption Bypass (CVE-2013-1209)
The encryption functionality in the Virtual Supervisor Module VSM to Virtual Ethernet Module VEM communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via...
Mitsubishi Electric FA Products Authentication Bypass By Capture-Replay (CVE-2022-25159)
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replay attack. This plugin only works with...
Design/Logic Flaw
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on...
Command injection
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any...
Design/Logic Flaw
This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device...
CVE-2019-19101 Incomplete communication encryption and validation in B&R Automation Studio upgrade service
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server...
Code injection
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials...
CVE-2018-10612
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials...
CVE-2018-10612
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials...
CVE-2018-10612
CVE-2018-10612 affects 3S-Smart Software Solutions GmbH CODESYS Control V3 products containing CmpSecureChannel or CmpUserMgr prior to version 3.5.14.0. Root cause: user access management and online communication encryption are not enabled by default, creating Improper Access Control and allowing...
Chrome, Firefox, Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020
All major web browsers, including Google Chrome, Apple Safari, Microsoft Edge, Internet Explorer, and Mozilla Firefox, altogether today announced to soon remove support for TLS 1.0 20-year-old and TLS 1.1 12-year-old communication encryption protocols. Developed initially as Secure Sockets Layer...
JVN#37288228: +Message App fails to verify SSL server certificates
+Message App fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the developer. Products Affected SoftBank...
Design/Logic Flaw
In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted...