Siemens ALM 0-Day Vulnerabilities Posed Full Remote Takeover Risk

By Waqas Tel Aviv-based firm OTORIO's cybersecurity research team identified and reported these vulnerabilities. This is a post from HackRead.com Read the original post: Siemens ALM 0-Day Vulnerabilities Posed Full Remote Takeover Risk...

CVE-2023-21406 Heap-based buffer overflow in Axis A1001 Network Door Controller's OSDP communication

Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which is handling the OSDP communication allowing to write outside of the allocated buffer. By appending invalid data to an OSDP...

CVE-2023-21406

The CVE-2023-21406 issue affects Axis A1001 door controllers when using OSDP. A heap-based buffer overflow in the pacsiod process handling OSDP communication allows writing outside the allocated heap buffer by appending invalid data to an OSDP message, potentially enabling arbitrary code executio...

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs

Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers PLCs that could allow for authentication bypass and remote code execution. The flaws, tracked as CVE-2022-45788 CVSS score: 7.5 and CVE-2022-45789 CVSS score: 8.1, are...