143 matches found
CVE-2022-0878
Electric Vehicle EV commonly utilises the Combined Charging System CCS for DC rapid charging. To exchange important messages such as the State of Charge SoC with the Electric Vehicle Supply Equipment EVSE CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY HPGP power-line...
Design/Logic Flaw
Electric Vehicle EV commonly utilises the Combined Charging System CCS for DC rapid charging. To exchange important messages such as the State of Charge SoC with the Electric Vehicle Supply Equipment EVSE CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY HPGP power-line...
CVE-2022-0878 Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service
Electric Vehicle EV commonly utilises the Combined Charging System CCS for DC rapid charging. To exchange important messages such as the State of Charge SoC with the Electric Vehicle Supply Equipment EVSE CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY HPGP power-line...
CVE-2022-0878
The CVE-2022-0878 issue describes a denial-of-service style disruption in CCS-based DC fast charging communications, where an attacker can use electromagnetic interference to wirelessly interrupt the high-bandwidth IP link over HomePlug Green PHY (HPGP) PLC. Exploitation can be performed from a d...
Combined Charging System 访问控制错误漏洞
Combined Charging System CCS is a combined charging system. The Combined Charging System CCS for DC suffers from a security vulnerability where an attack could use electromagnetic interference to wirelessly interrupt the necessary control communications between the vehicle and the charger from a...
CVE-2022-26131 ICSA-22-063-01 Improper Protection against Electromagnetic Fault Injection in Trailer Power Line Communications (PLC) J2497
Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals...
Trailer Power Line Communications (PLC) J2497
1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low attack complexity Equipment: Power Line Communications PLC: J2497 a.k.a. PLC4TRUCKS Vulnerabilities: Missing Authentication for Critical Function, Improper Protection against Electromagnetic Fault Injection 2. RISK EVALUATION...
Detecting Evasive Malware on IoT Devices Using Electromagnetic Emanations
Cybersecurity researchers have proposed a novel approach that harnesses electromagnetic field emanations from the Internet of Things IoT devices as a side-channel to glean precise knowledge about the different kinds of malware targeting the embedded systems, even in scenarios where obfuscation...
Amazon Linux AMI : nspr, nss-softokn, nss-util (ALAS-2021-1522)
The version of nspr installed on the remote host is prior to 4.25.0-2.45. The version of nss-softokn installed on the remote host is prior to 3.53.1-6.46. The version of nss-util installed on the remote host is prior to 3.53.1-1.58. It is, therefore, affected by multiple vulnerabilities as...
Advisory ROSA-SA-2021-1870
Software: libgcrypt 1.5.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-5270 CVE-Crit: CRITICAL CVE-DESC: Libgcrypt before 1.5.4, used in GnuPG and other products, incorrectly performs ciphertext normalization and ciphertext randomization, making it easier for physically proximate attackers to conduct key...
Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2021-1931)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : nss (EulerOS-SA-2021-1952)
According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly...
EulerOS 2.0 SP9 : nss (EulerOS-SA-2021-1931)
According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly...
EulerOS Virtualization 2.9.0 : nss (EulerOS-SA-2021-1744)
According to the versions of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed...
EulerOS Virtualization 2.9.1 : nss (EulerOS-SA-2021-1717)
According to the versions of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed...
Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2021-1717)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization for ARM 64 3.0.6.0 : nss-softokn (EulerOS-SA-2021-1536)
According to the versions of the nss-softokn packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could...
Cloning Google Titan 2FA keys
This is a clever side-channel attack: The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which acts as a secure element that stores the cryptographic secrets. Next, an attacker connects the chip to hardware and software that take...
New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys
Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication 2FA device can clone it...
New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys
Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication 2FA device can clone it...