Lucene search
K

58 matches found

Vulnrichment
Vulnrichment
added 2023/08/30 5:32 p.m.14 views

CVE-2023-36811 Archive spoofing vulnerability in borgbackup

borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an...

4.7CVSS6.6AI score0.00106EPSS
Exploits0References6
OSV
OSV
added 2023/08/30 5:32 p.m.13 views

CVE-2023-36811 Archive spoofing vulnerability in borgbackup

borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an...

4.7CVSS4.8AI score0.00106EPSS
Exploits0References8
Cvelist
Cvelist
added 2023/08/30 5:32 p.m.44 views

CVE-2023-36811 Archive spoofing vulnerability in borgbackup

borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an...

4.7CVSS5AI score0.00106EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2023/08/30 5:32 p.m.10 views

CVE-2023-36811

borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an...

4.7CVSS4.6AI score0.00106EPSS
Exploits0
FreeBSD
FreeBSD
added 2023/06/13 12:0 a.m.15 views

Borg (Backup) -- flaw in cryptographic authentication scheme in Borg allowed an attacker to fake archives and indirectly cause backup data loss.

Thomas Waldmann reports: A flaw in the cryptographic authentication scheme in Borg allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an attacker to be able to insert files with no additional headers into backups gain writ...

4.7CVSS7.1AI score0.00106EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/26 10:15 p.m.11 views

CVE-2022-31207

The Omron SYSMAC Cx product family PLCs CS series, CJ series, and CP series through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS 9600/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication...

9.8CVSS7.6AI score0.00767EPSS
Exploits0References3
OSV
OSV
added 2022/07/26 10:15 p.m.2 views

CVE-2022-31207

The Omron SYSMAC Cx product family PLCs CS series, CJ series, and CP series through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS 9600/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication...

9.8CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2022/07/26 10:15 p.m.14 views

CVE-2022-31207

The Omron SYSMAC Cx product family PLCs CS series, CJ series, and CP series through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS 9600/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication...

9.8CVSS0.00767EPSS
Exploits0References2
OSV
OSV
added 2022/07/26 10:15 p.m.5 views

CVE-2022-31206

The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...

9.8CVSS7.9AI score0.00858EPSS
Exploits0References2
NVD
NVD
added 2022/07/26 10:15 p.m.15 views

CVE-2022-31206

The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...

9.8CVSS0.00858EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/26 10:15 p.m.5 views

CVE-2022-31206

The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...

9.8CVSS8AI score0.00858EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/07/26 10:15 p.m.1 views

CVE-2022-29958

JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...

9.8CVSS7.5AI score0.00488EPSS
Exploits0References3
Prion
Prion
added 2022/07/26 10:15 p.m.20 views

Memory corruption

JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...

7.5CVSS9.7AI score0.00488EPSS
Exploits0References2
Prion
Prion
added 2022/07/26 10:15 p.m.17 views

Authentication flaw

The Omron SYSMAC Cx product family PLCs CS series, CJ series, and CP series through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS 9600/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication...

7.5CVSS9.9AI score0.00767EPSS
Exploits0References2Affected Software6
Prion
Prion
added 2022/07/26 10:15 p.m.20 views

Design/Logic Flaw

The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...

7.5CVSS9.8AI score0.00858EPSS
Exploits0References2Affected Software25
Cvelist
Cvelist
added 2022/07/26 9:28 p.m.20 views

CVE-2022-31207

The Omron SYSMAC Cx product family PLCs CS series, CJ series, and CP series through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS 9600/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication...

10AI score0.00767EPSS
Exploits0References2
CVE
CVE
added 2022/07/26 9:28 p.m.87 views

CVE-2022-31207

The CVE-2022-31207 issue affects Omron SYSMAC CS/CJ/CP Series and NJ/NX Series PLCs (through 2022-05-18). The root cause is lack of cryptographic authentication for the FINS (9600/TCP) engineering protocol, allowing an attacker to manipulate downloaded object code that the PLC runs either in ASIC...

9.8CVSS9.9AI score0.00767EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/26 9:28 p.m.21 views

CVE-2022-31206

The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...

10AI score0.00858EPSS
Exploits0References2
CVE
CVE
added 2022/07/26 9:28 p.m.93 views

CVE-2022-31206

CVE-2022-31206 affects Omron SYSMAC Nx product family PLCs (NJ/NY/NX/PMAC) prior to 2022-05-18. The issue is that the transferred PLC logic is not cryptographically authenticated, allowing an attacker to modify transmitted object code and execute arbitrary machine code on the PLC CPU module withi...

9.8CVSS9.7AI score0.00858EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.4 views

PT-2022-3093 · Omron · Omron Sysmac Cx

Name of the Vulnerable Software and Affected Versions: Omron SYSMAC Cx product family PLCs CS series, CJ series, and CP series through 2022-05-18 Description: The issue is related to a lack of cryptographic authentication in the Omron FINS 9600/TCP protocol used for engineering purposes, includin...

9.8CVSS9.6AI score0.00767EPSS
Exploits0References8
Rows per page
Query Builder