CVE-2018-5446

CVE-2018-5446 affects Medtronic CareLink programmers (2090 CareLink Programmer and 29901 Encore Programmer). The flaw arises from passwords stored in a recoverable format, enabling credential exposure when physical access is present. ICS-CERT advisory and subsequent updates document a CVSS v3 bas...

CVE-2018-5448 Medtronic 2090 Carelink Programmer Relative Path Traversal

Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system...

Buffer overflow

A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file...

CVE-2018-7527

A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file...

CVE-2018-7527

A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file...

CVE-2018-7527

Summary: CVE-2018-7527 is a stack-based buffer overflow in Wecon LeviStudioU/PI Studio components that can be triggered by opening a specially crafted file. Concrete details across connected advisories show multiple vulnerable entry points, including LeviStudio HMI Editor (Version 1.10, part of L...

Denial of Service Vulnerability in MXProgrammer Software

MXProgrammer software is a windows desktop software of Weihai Mack Electric Technology Co., Ltd. which is used to communicate with its MX series PLC products and complete the functions of program writing and downloading. A denial of service vulnerability exists in the MXProgrammer software. When...

CVE-2018-7514

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and...

CVE-2018-8834

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and...

CVE-2018-8834

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and...

CVE-2018-7530

The CVE-2018-7530 issue is a Type Confusion in Omron CX-One and its integrated apps (e.g., CX-FLnet, CX-Protocol, CX-Programmer, CX-Server, Network Configurator, Switch Box Utility) triggered by parsing malformed project files. This can cause the pointer to call an incorrect object, leading to an...

CVE-2018-7514

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and...

Medtronic 2090 Carelink Programmer Information Disclosure Vulnerability

The Medtronic 2090 Carelink Programmer is used by trained personnel in hospitals and clinics to program and manage Medtronic cardiac devices. An information disclosure vulnerability exists in the Medtronic 2090 Carelink Programmer, where user names and passwords used by the affected product are...

Medtronic 2090 Carelink Programmer Directory Traversal Vulnerability

The Medtronic 2090 Carelink Programmer is used by trained personnel in hospitals and clinics to program and manage Medtronic cardiac devices. The software deployment network for the affected product contains a directory traversal vulnerability that could allow an attacker to read files on the...

Medtronic 2090 Carelink Programmer Vulnerabilities (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.1 Vendor: Medtronic Equipment: 2090 CareLink Programmer, 29901 Encore Programmer Vulnerabilities: Storing Passwords in a Recoverable Format, Relative Path Traversal, Improper Restriction of Communication Channel to Intended Endpoints 2. UPDATE INFORMATION This...

The vulnerability of the CX-Programmer and micro-programming software of PLC Omron CJ2M and Omron CJ2H lies in the reversibility of the password encoding method. This allows attackers to obtain access passwords to the controllers.

The vulnerability of the development environment “CX-Programmer,” which is part of the software suite “CX-One” designed for programming and configuring Omron PLCs, as well as Omron microcontrollers like CJ2M and CJ2H, is related to the reversibility of the password encoding method. Exploiting thi...

Z/OS (MVS) Command Shell, Bind TCP

Provide JCL which creates a bind shell This implementation does not include ebcdic character translation, so a client with translation capabilities is required. MSF handles this automatically. This module requires Metasploit: https://metasploit.com/download Current source:...

[SECURITY] Fedora 25 Update: log4j12-1.2.17-19.fc25

Log4j is a tool to help the programmer output log statements to a variety of output targets...

[SECURITY] Fedora 25 Update: log4j-2.5-5.fc25

Log4j is a tool to help the programmer output log statements to a variety of output targets...

Raptor Web Application Firewall

Raptor Web Application Firewall Raptor Web Application Firewall is a simple web application firewall made in C, using KISS principle , to make poll use select function, is not better than epoll or kqueue from BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path...