55 matches found
Siemens SCALANCE
SUMMARY SCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly...
Siemens SIMATIC and SCALANCE Devices NULL Pointer Dereference (CVE-2023-42754)
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before calling ipoptionscompile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAPNETADMIN privileges t...
Siemens SIMATIC and SCALANCE Devices Divide By Zero (CVE-2023-31085)
An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in dodivsz,mtd-erasesize, used indirectly by ctrlcdevioctl, when mtd-erasesize is 0. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Siemens SIMATIC and SCALANCE Devices Out-of-bounds Read (CVE-2023-39192)
A flaw was found in the Netfilter subsystem in the Linux kernel. The xtu32 module did not validate the fields in the xtu32 structure. This flaw allows a local privileged attacker to trigger an out-of- bounds read by setting the size fields with a value beyond the array boundaries, leading to a...
Siemens SCALANCE W700 Out-of-bounds Write (CVE-2022-47069)
p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCdbool at CPP/7zip/Archive/Zip/ZipIn.cpp. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVE...
Siemens SIMATIC and SCALANCE Devices Use After Free (CVE-2023-4921)
A use-after-free vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfqdequeue due to the incorrect .peek handler of...
Siemens SCALANCE W700 Double Free (CVE-2023-26545)
In the Linux kernel before 6.1.13, there is a double free in net/mpls/afmpls.c upon an allocation failure for registering the sysctl table under a new location during the renaming of a device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mor...
Siemens SIMATIC and SCALANCE Devices Uncontrolled Resource Consumption (CVE-2023-1206)
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6...
Siemens SIMATIC and SCALANCE Devices Out-of-bounds Write (CVE-2023-3611)
An out-of-bounds write vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local privilege escalation. The qfqchangeagg function in net/sched/schqfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. Thi...
Siemens SCALANCE W700 Integer Overflow or Wraparound (CVE-2023-45853)
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. This plugin only works with Tenable.ot. Please visit...
Siemens SCALANCE W700 Out-of-bounds Write (CVE-2023-1073)
A memory corruption flaw was found in the Linux kernel's human interface device HID subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. This plugin only works with Tenable.ot. Please visit...
Siemens SIMATIC and SCALANCE Devices Missing Critical Step in Authentication (CVE-2023-51384)
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS11-hosted private keys, these constraints are only applied to the first key, even if a PKCS11 token returns multiple keys. This plugin...
Siemens SCALANCE W700 Missing Release of Memory after Effective Lifetime (CVE-2023-1074)
A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service. This plugin only...
Siemens SIMATIC and SCALANCE Devices NULL Pointer Dereference (CVE-2022-47929)
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service system crash via a crafted traffic control configuration that is set up with tc qdisc and tc class commands. This affects qdiscgraft in...
Siemens SCALANCE W700 Double Free (CVE-2023-29469)
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...
Siemens SIMATIC and SCALANCE Devices Type Confusion (CVE-2023-23454)
cbqclassify in net/sched/schcbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service slab-out-of-bounds read because of type confusion non-negative numbers can sometimes indicate a TCACTSHOT condition rather than valid classification results. This plugin only works wi...
Siemens SIMATIC and SCALANCE Devices Improper Restriction of Communication Channel to Intended Endpoints (CVE-2022-2663)
An issue was found in the Linux kernel in nfconntrackirc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nfconntrackirc configured. This plugin only works with Tenable.ot. Please visit...
Siemens SCALANCE W700 Use After Free (CVE-2023-1118)
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. This plugin only works with Tenable.ot. Please visi...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Double Free (CVE-2022-2588)
Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. This...
Siemens SIMATIC and SCALANCE Devices Out-of-bounds Write (CVE-2024-9143)
Use of the low-level GF2m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the...