32 matches found
Exploit for Use of Less Trusted Source in Meshtastic Meshtastic_Firmware
Stopping Meshtastic from-field spoof attacks — shape-detecti...
PT-2026-6599
Name of the Vulnerable Software and Affected Versions Moxa Arm-based industrial computers running Moxa Industrial Linux Secure affected versions not specified Description Moxa Arm-based industrial computers running Moxa Industrial Linux Secure utilize a device-unique bootloader password provided ...
Clevo UEFI firmware embedded BootGuard keys compromising Clevo's implementation of BootGuard
Overview Clevo’s UEFI firmware update packages included sensitive private keys used in their Intel Boot Guard implementation. This accidental exposure of the keys could be abused by an attacker to sign malicious firmware using Clevo’s Boot Guard trust chain, potentially compromising the pre-boot...
EUVD-2022-52224
Malicious code in bioql PyPI...
EUVD-2022-52222
Malicious code in bioql PyPI...
CVE-2025-34209
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 VA and SaaS deployments contain Docker images with the private GPG key and passphrase for the account no‑reply+virtual‑[email protected]. The key is stored in cleartext and the...
CVE-2025-34209
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 VA and SaaS deployments contain Docker images with the private GPG key and passphrase for the account no‑reply+virtual‑[email protected]. The key is stored in cleartext and the...
CVE-2025-34209 Vasion Print (formerly PrinterLogic) Hardcoded GPG Private Key
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 VA and SaaS deployments contain Docker images with the private GPG key and passphrase for the account no‑reply+virtual‑[email protected]. The key is stored in cleartext and the...
CVE-2022-30269
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images as PLX/DAT/APP/CRC files are uploaded via the...
Is secure boot on the main application processor enough?
TL;DR Secure boot ensures only authentic firmware can run on a device and should form part of a layered defence strategy. Sub-systems often lack secure boot capabilities, limiting protection for non-critical processors. Focus on secure boot for the main processor; it can provide adequate security...
Microsoft Is Adding New Cryptography Algorithms
Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsofts details are here. From a news article: The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum...
Emerson Ovation Insufficient Verification of Data Authenticity (CVE-2022-30267)
The affected product was found to have no authentication of firmware signing and relies on an insecure checksum for integrity. This could allow an attacker to push malicious firmware images, cause a denial-of-service condition, or achieve remote code execution. This plugin only works with...
Emerson Ovation
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Emerson Equipment : Ovation Vulnerabilities : Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity CISA is aware of a public report, known as...
CVE-2023-30559
The firmware update package for the wireless card is not properly signed and can be modified...
PT-2023-22786 · Unknown · Wireless Card Firmware
Name of the Vulnerable Software and Affected Versions: Wireless card firmware affected versions not specified Description: The issue concerns the firmware update package for the wireless card, which is not properly signed and can be modified. Additionally, the configuration from the PCU can be...
PT-2022-25018 · Samsung · Samsung Mtower
Name of the Vulnerable Software and Affected Versions: Samsung mTower versions 0.3.0 and earlier Description: The issue is related to a missing check on the return value of EC KEY set private key in the sign pFwInfo function, leading to a denial of service. Recommendations: For Samsung mTower...
CVE-2022-30262
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have n...
Design/Logic Flaw
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have n...
CVE-2022-30316
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...
CVE-2022-30272
The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kerne...