4 matches found
CVE-2020-28368
A flaw was found in Xen where access to power/energy monitoring interfaces was not properly restricted to privileged software. This flaw allows an unprivileged guest administrator to create covert channels and infer the operations or data used by other contexts within the system, such as AES keys...
CVE-2020-28368
Xen through 4.14.x allows guest OS administrators to obtain sensitive information such as AES keys from outside the guest via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for...
CVE-2020-28368
Xen through 4.14.x allows guest OS administrators to obtain sensitive information such as AES keys from outside the guest via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for...
Powerlogic / Schneider Electric IONXXXX CSRF / Missing Access Controls
Powerlogic/Schneider Electric IONXXXX series Smart Meters - Multiple security issues Impacted devices: ION7300 and potentially all IONXXXX models based off of Powerlogic For example, Power Measurement Ltd. Meter ION 7330V283 ETH ETH7330V274...