Linux Distros Unpatched Vulnerability : CVE-2023-4154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only...

The vulnerability of the web server of the microprogramming software for programmable logic controllers SIMATIC S7-1200 allows attackers to perform spoofing attacks.

The vulnerability of the web server of microprogrammed software-controlled logical controllers SIMATIC S7-1200 is related to errors in authenticating certificates. Exploiting this vulnerability allows an attacker to perform spoofing attacks remotely...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on February 27, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-058-01 Schneider Electric Communication Modules for Modicon M580 and Quantum...

USN-7289-2 linux-azure-5.15, linux-azure-fde-5.15, linux-oracle-5.15 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - GPU drivers; - HID subsystem; -...

The vulnerability of the implementation of the Factory Interface Network Service (FINS) protocol in the microcomputer-based software for programmable logic controllers SYSMAC allows a intruder to gain unauthorized access to protected information and execute arbitrary commands.

The vulnerability of the Factory Interface Network Service FINS protocol implemented in SYSMAC programmable logic controllers is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to sensitive informati...

The vulnerability of Broadcom P225p NetXtreme-E dual-port 10Gb/25Gb Ethernet PCIe adapters and Broadcom NetXtreme-E family Ethernet controllers is related to buffer overflow in the stack. This allows attackers to trigger a service failure.

The vulnerability of Broadcom P225p NetXtreme-E dual-port 10Gb/25Gb Ethernet PCIe adapters and Broadcom NetXtreme-E family Ethernet controllers is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter and Broadcom NetXtreme-E family Ethernet controllers is related to access control bugs, allowing attackers to gain access to protected information.

The vulnerability of the Broadcom P225p NetXtreme-E dual-port 10Gb/25Gb Ethernet PCIe adapter and Broadcom NetXtreme-E family Ethernet controllers is related to access control bugs. Exploiting this vulnerability can allow attackers to gain access to protected information...

ABB Cylon FLXeon 9.3.4 Default Credentials Vulnerability

ABB Cylon FLXeon version 9.3.4 uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system. ABB Cylon FLXeon 9.3.4 Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon...

ABB Cylon FLXeon 9.3.4 Session Persistence Vulnerability

ABB Cylon FLXeon version 9.3.4 has an issue where user sessions on controllers remain active for up to seven days, even after a client-side logout. ABB Cylon FLXeon 9.3.4 Session Persistence Vulnerability Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FB...

ABB Cylon FLXeon 9.3.4 cert.js System Logs Information Disclosure Vulnerability

ABB Cylon FLXeon version 9.3.4 has an issue where an authenticated attacker can access sensitive information via the system logs page of ABB Cylon FLXeon controllers. The logs expose critical data, including the OpenSSL password for stored certificates. This information can be leveraged for furth...

ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack

ABB Cylon FLXeon version 9.3.4 has a timing attack vulnerability in the authentication process due to an improper comparison of password hashes in login.js and uukl.js. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack Vendor: ABB Ltd. Product web page: https://www.global.a...

ABB Cylon FLXeon 9.3.4 Default Credentials

ABB Cylon FLXeon version 9.3.4 uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system. ABB Cylon FLXeon 9.3.4 Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon...

ABB Cylon FLXeon 9.3.4 Session Persistence

ABB Cylon FLXeon version 9.3.4 has an issue where user sessions on controllers remain active for up to seven days, even after a client-side logout. ABB Cylon FLXeon 9.3.4 Session Persistence Vulnerability Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FB...

ABB Cylon FLXeon 9.3.4 (app.js) Insecure CORS Configuration

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/panel: ilitek-ili9881c: Fixed a warning related to GPIO controllers that need to sleep. The ilitek-ili9881c uses the non-sleeping gpiodsetvalue function to control the reset GPIO. This issue occurs when the GPIO controller...

ABB Cylon FLXeon 9.3.4 serialConfig.js Denial of Service Exploit

ABB Cylon FLXeon version 9.3.4 is vulnerable to an authenticated JSON flooding attack, leading to uncontrolled resource consumption and a denial-of-service DoS condition. The /api/serialConfig endpoint allows an authenticated attacker to abuse an unrestricted loop to create a large number of JSON...

PT-2025-6314 · Microsoft · Digest Authentication +1

Name of the Vulnerable Software and Affected Versions: Microsoft Digest Authentication affected versions not specified Description: The issue allows remote attackers to execute arbitrary code and affect the system. It is noted that any authenticated attacker could trigger this issue on domain...

The vulnerability of microprogrammed software for programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi lies in the lack of origin verification in WebSockets. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of microprogrammed programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi is related to the lack of origin verification in WebSockets. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected...

The vulnerability of microprogrammed software in programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi lies in the ability to disclose information through registration files in the log files. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of microprogrammed logic controllers such as ABB FBXi, FBVi, FBTi, and CBXi relates to the disclosure of information through registration files in the log files. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access t...

The vulnerability of the ABB ASPECT-Enterprise system for managing technological processes, as well as the micro-program software used for controllers of the ABB MATRIX and NEXUS series, stems from the use of rigidly encrypted account data. This vulnerability allows a perpetrator to execute arbitrary codes.

The vulnerability of the ABB ASPECT-Enterprise system for managing technological processes, as well as the microsoftware used for controllers of the ABB MATRIX and NEXUS series, stems from the use of rigidly encoded account data. Exploiting this vulnerability could allow a malicious actor to...