CVE-2023-1514

Hitachi Energy RTU500 Scripting Interface has a TLS trust-management flaw: if a client does not validate certificate parameters, an attacker could forge the identity of an RTU500 device and intercept messages via the scripting interface. Affected component: RTU500 Scripting interface (Hitachi Ene...

CVE-2023-1514

A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority CA, allowing the client to validate th...

Hitachi Energy RTU500 信任管理问题漏洞

RTU500 is a series of industrial control components from Hitachi, Japan, mainly used for industrial control systems.RTU500 Scripting interface is part of Hitachi Energy RTU500 series of industrial control components, mainly used to provide scripting programming interface to realize specific...

PT-2023-7965 · Unknown · Rtu500 Scripting Interface

Name of the Vulnerable Software and Affected Versions: RTU500 Scripting interface affected versions not specified Description: A vulnerability exists in the RTU500 Scripting interface component. When a client connects to a server using TLS, the server presents a certificate that links a public ke...

Important: kernel-livepatch-6.1.55-75.123

Issue Overview: x86: KVM: SVM: always update the x2avic msr interception CVE-2023-5090 A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same...

Siemens SINEC INS Certificate Validation Improperity Vulnerability

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. Siemens SINEC INS suffers from a Certificate Validation Improperity...

CVE-2023-48427

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses,...

CVE-2023-48427

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses,...

Design/Logic Flaw

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses,...

CVE-2023-48427

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses,...

CVE-2023-48427

Siemens SINEC INS (all versions

Siemens SINEC INS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SINEC INS 信任管理问题漏洞

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. Siemens SINEC INS suffers from a Certificate Validation Improperity...

CVE-2023-50454

An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers...

Mageia: Security Advisory (MGASA-2023-0331)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated kernel-linus packages fix security vulnerabilities

This kernel update is based on upstream 6.5.11 and fixes or adds mitigations for at least the following security issues: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue ma...

Uptime Kuma Authenticated remote code execution via TailscalePing

Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on the server. Details When adding a new monitor on Uptime Kuma, we can select the "Tailscale Ping"...

Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users

Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data. "Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure user...

Rockwell Automation Stratix Cisco IOS and IOS XE Software DNS Forwarder Denial of Service (CVE-2016-6380)

A vulnerability in the DNS forwarder functionality of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, corrupt the information present in the device's local DNS cache, or read part of the process memory. The vulnerability is due to a fla...

nodejs: integrity checks according to policies can be circumvented

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...