SUSE CVE-2018-8792

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function csspreadtsrequest that results in a Denial of Service segfault...

ALPINE-CVE-2018-8793

rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function csspreadtsrequest that results in a memory corruption and probably even a remote code execution...

CVE-2018-8792

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function csspreadtsrequest that results in a Denial of Service segfault...

ALPINE-CVE-2018-8792

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function csspreadtsrequest that results in a Denial of Service segfault...

7-Technologies IGSS Denial of Service (Update A)

Overview ICS-CERT has become aware of multiple denial-of-service DoS vulnerabilities in the 7-Technologies 7T Interactive Graphical SCADA System IGSS supervisory control and data acquisition SCADA human-machine interface HMI application. All vulnerabilities are remotely exploitable. 7T has...

Invensys Wonderware HMI Reports XSS and Write Access Violation Vulnerabilities

Overview Independent security researchers Billy Rios and Terry McCorkle have identified cross-site scripting XSS and write access violation vulnerabilities in the Invensys Wonderware HMI reports product. ICS-CERT has coordinated these two vulnerabilities with Invensys, which has produced a new...

Microsoft Remote Desktop Protocol Memory Corruption Vulnerability

Overview ICS-CERT is aware of a public report of a Remote Desktop Protocol RDP vulnerability with proof-of-concept PoC exploit code affecting multiple Microsoft Windows operating systems. RDP is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to...

MICROSYS PROMOTIC Vulnerabilities

Overview This advisory is a follow-up to ICS-ALERT-11-286-01 - MICROSYS PROMOTIC Vulnerabilities, released to the ICS-CERT Web page on October 12, 2011. Independent researcher Luigi Auriemma has identified and released three vulnerabilities in MICROSYS, spol. s r.o. PROMOTIC application without...

Cogent DataHub XSS and CRLF

Overview ICS-CERT is aware of a public report of multiple vulnerabilities in Cogent’s DataHub application. These vulnerabilities include cross-site scripting and an HTTP header injection vulnerability, also known as a carriage return line feed. According to the report, Cogent Real-Times Systems...

Measuresoft ScadaPro DLL Hijack

Overview Independent researcher Carlos Mario Penagos Hollmann identified a remotely exploitable, uncontrolled search path element vulnerability, commonly referred to as a DLL hijack, in Measuresoft’s ScadaPro application. Measuresoft has produced an upgrade to address this vulnerability. Mr...

Sielco Sistemi Winlog Buffer Overflow

Overview ICS-CERT originally released Advisory ICSA-11-298-01P on the US-CERT secure portal on October 25, 2011. This web page release was delayed to allow users time to download and install the update. Independent researcher Paul Davis has identified a buffer overflow vulnerability in Sielco...

Rockwell RSLogix Overflow Vulnerability

Overview This updated advisory is a follow-up to the Alert titled “ICS-ALERT-11-256-05A—Rockwell RSLogix Overflow Vulnerability” that was published September 13, 2011, on the Industrial Control Systems Cyber Emergency Response Team ICS-CERT web page. ICS-CERT is aware of a public report of an...