SUSE-SU-2022:2806-1 Security update for open-iscsi

This update for open-iscsi fixes the following issues: Fixed various vulnerabilities in the embedded TCP/IP stack bsc1179908: - CVE-2020-13987: Fixed an out of bounds memory access when calculating the checksums for IP packets. - CVE-2020-13988: Fixed an integer overflow when parsing TCP MSS...

ROS-20220413-01

Vulnerability in drivers/usb/gadget/composite.c driver of Linux kernel is related to an operation exceeding the memory buffer boundaries. operation outside of a buffer in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in the implementatio...

CVE-2022-25622

The PROFINET PNIO stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by...

CISA Adds Another 95 Flaws to its Actively Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA this week added 95 more security flaws to its Known Exploited Vulnerabilities Catalog, taking the total number of actively exploited vulnerabilities to 478. "These types of vulnerabilities are a frequent attack vector for malicious...

Treck TCP/IP stack Out-of-Bounds Read Vulnerability

The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability...

13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment

As many as 13 security vulnerabilities have been discovered in the Nucleus TCP/IP stack, a software library now maintained by Siemens and used in three billion operational technology and IoT devices that could allow for remote code execution, denial-of-service DoS, and information leak...

CISA Releases Security Advisory on Siemens Nucleus Real-Time Operating Systems

CISA has released an Industrial Control Systems ICS advisory detailing multiple vulnerabilities found in Siemens Nucleus Real-Time Operating Systems RTOS and supporting libraries. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages...

Siemens Nucleus RTOS TCP/IP Stack

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Nucleus Net, Nucleus ReadyStart, Capital VSTAR Vulnerabilities: Type Confusion, Improper Validation of Specified Quantity in Input, Out-of-bounds Read, Improper Restriction of...

Juniper Junos OS Vulnerability (JSA11226)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11226 advisory. - A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a...

Vulnerability of the Siemens LOGO! CMR family and SIMATIC RTU 3000 family security feature issues

The LOGO! CMR family is a communication system for monitoring and controlling distributed devices and systems via text messages or e-mail.Siemens SIMATIC RTU3000C is a compact RTU from Siemens, Germany is a low-power remote terminal unit RTU for energy self-sufficiency. A vulnerability in the...

Information disclosure

A vulnerability has been identified in LOGO! CMR2020 All versions V2.2, LOGO! CMR2040 All versions V2.2, SIMATIC RTU3010C All versions V4.0.9, SIMATIC RTU3030C All versions V4.0.9, SIMATIC RTU3031C All versions V4.0.9, SIMATIC RTU3041C All versions V4.0.9. The underlying TCP/IP stack does not...

CVE-2021-37186

Summary of CVE-2021-37186 : Siemens LOGO! CMR2020/CMR2040 and SIMATIC RTU3000 family implement an insufficiently random Initial Sequence Number (ISN) generator in their TCP/IP stack. This can allow an adjacent attacker with LAN access to interfere with traffic, spoof connections, and potentially ...

Siemens LOGO! CMR and SIMATIC RTU 3000 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Low attack complexity Vendor: Siemens Equipment: LOGO! CMR, SIMATIC RTU 3000 Vulnerability: Use of Insufficiently Random Values 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-257-13 Siemens LOGO! CMR...

CVE-2021-0284

A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service DoS. By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of...

CVE-2021-0284

A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service DoS. By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of...

Buffer overflow

A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service DoS. By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of...

CVE-2021-0284 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore)

A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service DoS. By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of...

Unspecified Vulnerability in HCC Embedded InterNiche (CNVD-2021-59227)

HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche. The vulnerability stems from the TCP/IP stack parsing HTTP POST request code and can be exploited by an attacker to cause a cache heap overflow...

Unspecified Vulnerability in Siemens Interniche IP Stack Low Voltage Devices

The SENTRON 3WA COM190 is an accessory module for 3WA circuit breakers providing connectivity via PROFINET IO and Modbus TCP.The SENTRON 3WL COM35 is an accessory module for 3WL circuit breakers providing connectivity via PROFINET IO and Modbus TCP.The SENTRON 7KM PAC The Switched Ethernet PROFIN...

Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices

Cybersecurity researchers on Wednesday disclosed 14 vulnerabilities affecting a commonly-used TCP/IP stack used in millions of Operational Technology OT devices manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, water treatment, and critical...