18 matches found
CVE-2022-31807
A vulnerability has been identified in Building X - Security Manager Edge Controller ACC-AP All versions. Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In a second scenario, a...
CVE-2024-39352
A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before...
EUVD-2021-9422
Malicious code in bioql PyPI...
EUVD-2021-8124
Malicious code in bioql PyPI...
EUVD-2024-37915
Malicious code in bioql PyPI...
EUVD-2022-29029
Malicious code in bioql PyPI...
EUVD-2023-57923
Malicious code in bioql PyPI...
CVE-2022-31807
A vulnerability has been identified in Building X - Security Manager Edge Controller ACC-AP All versions. Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In a second scenario, a...
Siemens SiPass
SUMMARY SiPass integrated ACC Advanced Central Controller devices do not properly check the integrity of firmware updates. This could allow an attacker to upload a maliciously modified firmware onto the device. Siemens is preparing fix versions and recommends specific countermeasures for...
CVE-2022-24117
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6...
CVE-2021-20709
Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by...
CVE-2024-47573
An improper validation of integrity check value vulnerability CWE-354 in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted...
CVE-2025-1058
CVE-2025-1058 affects Schneider Electric ASCO 5310 and ASCO 5350 Remote Annunciator products. The issue is CWE-494: downloading code without integrity checks, which could render the device inoperable if malicious firmware is downloaded. Additional disclosures (CWE-770, CWE-319, CWE-434) appear in...
CVE-2024-39352
A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before...
CVE-2024-39352
Synology CVE-2024-39352 concerns an incorrect authorization flaw in the Synology Camera Firmware upgrade functionality. Affected models are BC500 and TC500 with firmware versions before 1.0.7-0298. The issue allows remote authenticated users with administrator privileges to bypass the firmware in...
MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web
The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security...
CVE-2022-24117
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6...
Unspecified Vulnerability in Schneider Electric Easergy T300 (CNVD-2021-21473)
The Schneider Electric Easergy T300 is a remote terminal unit for the power industry from Schneider Electric, France. A security vulnerability in the Schneider Electric Easergy T300 using firmware version 1.5.2 and earlier, which stems from the program not checking the integrity of the code when ...