Malicious code in bernie-plugin-controllers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 07de356e3393fbed6ef69233ceb23559daf6d36318e11f5355ae0dcbeac5f929 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7938 Malicious code in bernie-plugin-controllers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 07de356e3393fbed6ef69233ceb23559daf6d36318e11f5355ae0dcbeac5f929 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the Trusted Slot function in Rockwell Automation’s microprogrammed logic controllers models 1756-EN4TR, 1756-EN2T Series A/B/C, 1756-EN2F Series A/B, 1756-EN2TR Series A/B, 1756-EN3TR Series B, 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, 1756-EN2TP Series A. This vulnerability allows a attacker to modify user projects and/or device configurations.

The vulnerability of the Trusted Slot function in Rockwell Automation’s microprogrammed logic controllers models 1756-EN4TR, 1756-EN2T Series A/B/C, 1756-EN2F Series A/B, 1756-EN2TR Series A/B, 1756-EN3TR Series B, 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B,...

PT-2024-5335

Name of the Vulnerable Software and Affected Versions Rockwell Automation 1756-EN4TR, 1756-EN2T Series A/B/C, 1756-EN2F Series A/B, 1756-EN2TR Series A/B, 1756-EN3TR Series B, 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, 1756-EN2TP Series A Description A...

The vulnerability of the SMM callout component in Supermicro BMC controllers allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the SMM callout component in Supermicro BMC controllers involves the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the nvmet module when destroying controllers, if during qp creation, there may be a small window that...

UBUNTU-CVE-2024-42087

In the Linux kernel, the following vulnerability has been resolved: drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep The ilitek-ili9881c controls the reset GPIO using the non-sleeping gpiodsetvalue function. This complains loudly when the GPIO controller needs to sleep. As...

CVE-2024-42087 drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep

In the Linux kernel, the following vulnerability has been resolved: drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep The ilitek-ili9881c controls the reset GPIO using the non-sleeping gpiodsetvalue function. This complains loudly when the GPIO controller needs to sleep. As...

The vulnerability of microprogrammed software in Modicon Controllers allows a hacker to perform a cross-site scripting attack.

The vulnerability of Microprogrammed Software on Modicon Controllers is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform a cross-site scripting attack remotely...

New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems ICS-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January. Industrial cybersecurity firm Dragos has dubbed the...

The vulnerability of microprogrammed software in programmable logic controllers such as ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, CompactLogix 5480, CompactGuardLogix 5380, and 1756-EN4TR lies in insufficient validation of input data. This allows a malicious actor to trigger malfunctions during maintenance operations.

The vulnerability of microprogrammed software in programmable logic controllers such as ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, CompactLogix 5480, Compact GuardLogix 5380, and 1756-EN4TR is related to insufficient validation of input data. Exploiting this vulnerability can allow an...

Schneider Electric Modicon Controllers Improper Neutralization of Input During Web Page Generation (CVE-2024-6528)

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim's browser run arbitrary JavaScript when they visit a page containing the...

Virtual Desktop Agent Registration with Controllers in XenDesktop

Virtual Desktop Agent Registration with Controllers in XenDesktop. Event ID: 1022 Event ID: 1001 For successful installation, re-install Virtual Desktop 5.5. After the installation is successful, the following message is displayed: “Unable to initialize new components. The machine will register a...

CVE-2024-40927

In the Linux kernel, the following vulnerability has been resolved: xhci: Handle TD clearing for multiple streams case When multiple streams are in use, multiple TDs might be in flight when an endpoint is stopped. We need to issue a Set TR Dequeue Pointer for each, to ensure everything is reset...

PT-2024-19805 · Unknown · Controller 6000 +1

Name of the Vulnerable Software and Affected Versions: Controller 6000 and Controller 7000 versions 8.60 and prior Controller 6000 and Controller 7000 versions 8.70 prior to vCR8.70.240520a Controller 6000 and Controller 7000 versions 8.80 prior to vCR8.80.240520a Controller 6000 and Controller...

PT-2024-5156 · Schneider Electric · Modicon Controllers

Name of the Vulnerable Software and Affected Versions: Modicon Controllers affected versions not specified Description: A cross-site scripting condition exists due to improper neutralization of input during web page generation. This could allow an attacker to have a victim's browser run arbitrary...

CVE-2024-32754 Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information...

CVE-2024-32754 Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information...

CVE-2024-24791 vulnerabilities

Vulnerabilities for packages: vt-cli, crossplane-provider-azure, kube-bench, php-fpmexporter, haproxy-ingress, kwok, cadvisor, addon-resizer, kargo, litestream, terragrunt, scorecard, nri-prometheus, kube-rbac-proxy, velero-plugin-for-csi, atlantis, mods, pulumi, ghaudit, prometheus-pushgateway,...

Johnson Controls Kantech Door Controllers

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION : Exploitable via adjacent network Vendor : Johnson Controls, Inc. Equipment : Kantech KT1, KT2, KT400 Door Controllers Vulnerability : Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of...