EUVD-2022-37713

Malicious code in bioql PyPI...

Security Bulletin: TSSC/IMC is vulnerable to a bypass security restrictions attack on curl

Summary TSSC/IMC is vulnerable to a bypass security restrictions attack on curl. A patch has been provided that updates the libssh library. CVE-2023-28322, CVE-2023-38546, CVE-2023-46218 Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass...

CVE-2024-6714

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege...

CVE-2024-23317

External Control of File Name or Path CWE-73 in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a distributed in 9.10.1268MR1, 9.00 prior to vCR9.00.240521a...

CVE-2024-23317

External Control of File Name or Path CWE-73 in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a distributed in 9.10.1268MR1, 9.00 prior to vCR9.00.240521a...

CVE-2024-23317

External Control of File Name or Path CWE-73 in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a distributed in 9.10.1268MR1, 9.00 prior to vCR9.00.240521a...

Voilà Local file inclusion

Impact Any deployment of voilà dashboard allow local file inclusion, that is to say any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how...

Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1951 Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-22178 SUMMARY A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open...

WWBN AVideo aVideoEncoderReceiveImage.json.php image upload information disclosure vulnerability

Talos Vulnerability Report TALOS-2023-1880 WWBN AVideo aVideoEncoderReceiveImage.json.php image upload information disclosure vulnerability January 10, 2024 CVE Number CVE-2023-49864,CVE-2023-49863,CVE-2023-49862 SUMMARY An information disclosure vulnerability exists in the...

WWBN AVideo image404Raw.php information disclosure vulnerability

Talos Vulnerability Report TALOS-2023-1881 WWBN AVideo image404Raw.php information disclosure vulnerability January 10, 2024 CVE Number CVE-2023-49738 SUMMARY An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A special...

WWBN AVideo aVideoEncoder.json.php chunkFile path information disclosure vulnerability

Talos Vulnerability Report TALOS-2023-1869 WWBN AVideo aVideoEncoder.json.php chunkFile path information disclosure vulnerability January 10, 2024 CVE Number CVE-2023-47171 SUMMARY An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN...

Mitsubishi Electric FA Engineering Software Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Mitsubishi Electric Equipment : FA Engineering Software Products Vulnerability : External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious...

Open Automation Software OAS Platform OAS Engine configuration file write vulnerability

Talos Vulnerability Report TALOS-2023-1771 Open Automation Software OAS Platform OAS Engine configuration file write vulnerability September 5, 2023 CVE Number CVE-2023-32615 SUMMARY A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS...

Siemens Automation License Manager

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

WWBN AVideo chunkFile information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1550 WWBN AVideo chunkFile information disclosure vulnerability August 16, 2022 CVE Number CVE-2022-28710 SUMMARY An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...

Schneider Electric Modicon Exposure of Resource to Wrong Sphere (CVE-2022-34765)

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user- controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication...

Design/Logic Flaw

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication...

CVE-2022-34765

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication...

CVE-2022-34765

CVE-2022-34765 is a CWE-73 vulnerability (External Control of File Name or Path) affecting Schneider Electric X80 advanced RTU Communication Module BMENOR2200H (V2.01 and later) and OPC UA Modicon Communication Module BMENUA0100 (V1.10 and prior). The issue arises when user-controlled data can in...

FortiClient - Privilege escalation in FortiClient installer

An external control of file name or path vulnerability CWE-73 in FortiClient Windows may allow an unprivileged attacker to delete or execute files with admin rights via the MSI installer...