176 matches found
Connected IO Parameter Injection Vulnerability
Connected IO is a leading hardware, software and cloud-based IoT and machine-to-machine solution from US-based Connected IO, Inc. A security vulnerability exists in Connected IO ER2000 v2.1.0 and earlier versions, which stems from a parameter injection vulnerability in the AT command in the...
CVE-2023-33377
Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices...
CVE-2023-33375
Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices...
CVE-2023-33376
CVE-2023-33376 affects Connected IO ER2000 edge routers (v2.1.0 and prior). Root cause: argument injection in the iptables command message within the device’s communication protocol. Impact: attackers can remotely execute arbitrary OS commands on affected devices. CVSSv3.1 base score 9.8 (CRITICA...
CVE-2023-33375
CVE-2023-33375 affects Connected IO ER2000 edge routers (v2.1.0 and earlier). The vulnerability is a stack-based buffer overflow in the device’s communication protocol that enables an attacker to take control of the device. Documented impact is high (CVE score 9.8; Confidentiality/Integrity/Avail...
Security Bulletin: A vulnerability has been identified in IBM Storage Scale System which could allow unauthorized access to user data or injection of arbitrary data in the communication protocol (CVE-2020-4927)
Summary A security vulnerability has been identified in all levels of IBM Storage Scale System which could allow unauthorized access to user data or injection of arbitrary data in the communication protocol . This vulnerability only affects Storage Scale clusters that host file systems. Clusters...
The vulnerability of .NET components in the communication protocol library for connecting components of ASU TP Triangle MicroWorks DNP3 Source Code Library, a control platform for managing public distribution and transmission networks of Schneider Electric Saitel DR RTU, allows a intruder to cause a service failure.
The vulnerability of .NET components in the communication protocol library used for connecting components of ASU systems like Triangle MicroWorks DNP3 Source Code Library in Schneider Electric Saitel DR RTU control platforms lies in the fact that the operation results are stored outside of the...
Velociraptor Version 0.6.8 Available Now
A New Client-Server Communication Protocol, VFS GUI, and More Performance Upgrades Make This The Fastest and Most Scalable Velociraptor Yet Rapid7 is excited to announce the release of version 0.6.8 of Velociraptor—an advanced, open-source digital forensics and incident response DFIR tool that...
CVE-2020-4927
A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695...
CVE-2020-4927
A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695...
Code injection
A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695...
CVE-2020-4927 IBM Spectrum Scale information disclosure
A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695...
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale which could allow unauthorized access to user data or injection of arbitrary data in the communication protocol (CVE-2020-4927)
Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale which could allow unauthorized access to user data or injection of arbitrary data in the communication protocol . This vulnerability only affects Spectrum Scale clusters that host file systems. Clusters that...
CVE-2022-3929 Communication between the client and server partially using CORBA over TCP/IP
Communication between the client and the server application of the affected products is partially done using CORBA Common Object Request Broker Architecture over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects FOXMAN-UN product: FOXMAN-UN R15B,...
CVE-2022-3929
CVE-2022-3929 affects Hitachi Energy products FOXMAN-UN and UNEM (R9C–R15B). The issue arises from client–server communication partially using CORBA over TCP/IP, which is not encrypted and can allow tracing of internal messages. Public advisories indicate remediation is to upgrade to newer releas...
CVE-2022-32537
A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced...
Design/Logic Flaw
A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced...
Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks Vulnerability
Zhuhai Suny Technology ESL Tag suffers from replay attacks and a forgery attack allowing for the displaying of arbitrary contents. ======================================================================= title: Replay attacks & Displaying arbitrary contents product: Zhuhai Suny Technology ESL Tag ...
CVE-2022-32537
The CVE-2022-32537 vulnerability affects Medtronic NGP 600 Series insulin pumps (MiniMed 620G/630G/640G/670G and linked components). Root cause: a protection mechanism failure (CWE-693) that could enable an unauthorized user nearby to learn aspects of the communication protocol during pairing bet...
Medtronic's MiniMed 600 series insulin pumps potentially at risk of compromise, says FDA
The US FDA Food and Drug Administration has warned users of Medtronic's MiniMed 600 Series Insulin Pump System--specifically, models for MiniMed 630G and MiniMed 670G--that their medical devices have a cybersecurity issue with its communication protocol. If compromised, attackers could gain...