55 matches found
Siemens SCALANCE
SUMMARY SCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly...
Siemens SIMATIC and SCALANCE Devices Out-of-bounds Write (CVE-2022-43750)
drivers/usb/mon/monbin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 8090...
Siemens SCALANCE W700 Externally Controlled Reference to a Resource in Another Sphere (CVE-2023-0045)
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ibprctlset function updates the Thread Information Flags TIFs for the task and updates the SPECCTRL MSR on the function speculationctrlupdate, but the IBPB is only issued on the next schedul...
Siemens SCALANCE W700 Uncontrolled Resource Consumption (CVE-2024-23814)
The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re- assembly. This could allow an unauthenticated remote attacker to cause a temporary denial of service...
Siemens SCALANCE W700 Double Free (CVE-2023-26545)
In the Linux kernel before 6.1.13, there is a double free in net/mpls/afmpls.c upon an allocation failure for registering the sysctl table under a new location during the renaming of a device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mor...
Siemens SIMATIC and SCALANCE Devices Uncontrolled Resource Consumption (CVE-2023-1206)
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6...
Siemens SCALANCE W700 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2024-33016)
memory corruption when an invalid firehose patch command is invoked. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid502913; scriptversion"1.3";...
Siemens SIMATIC and SCALANCE Devices Type Confusion (CVE-2023-23454)
cbqclassify in net/sched/schcbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service slab-out-of-bounds read because of type confusion non-negative numbers can sometimes indicate a TCACTSHOT condition rather than valid classification results. This plugin only works wi...
Siemens SCALANCE W700 Double Free (CVE-2022-40304)
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. This plugin only works with Tenable.ot. Please visit...
Siemens SCALANCE W700 NULL Pointer Dereference (CVE-2023-43522)
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid502871;...
Siemens SIMATIC and SCALANCE Devices Out-of-bounds Write (CVE-2023-45863)
An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fillkobjpath out-of-bounds write. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Siemens SIMATIC and SCALANCE Devices Race Condition (CVE-2022-39188)
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition unmapmappingrange versus munmap, a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VMPFNMAP VMAs. This plugin only works with...
Siemens SIMATIC and SCALANCE Devices Out-of-bounds Write (CVE-2023-3611)
An out-of-bounds write vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local privilege escalation. The qfqchangeagg function in net/sched/schqfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. Thi...
Siemens SIMATIC and SCALANCE Devices Use After Free (CVE-2023-4921)
A use-after-free vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfqdequeue due to the incorrect .peek handler of...
Siemens SIMATIC and SCALANCE Devices NULL Pointer Dereference (CVE-2023-42754)
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before calling ipoptionscompile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAPNETADMIN privileges t...
Siemens SIMATIC and SCALANCE Devices Divide By Zero (CVE-2023-31085)
An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in dodivsz,mtd-erasesize, used indirectly by ctrlcdevioctl, when mtd-erasesize is 0. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Siemens SCALANCE W700 Out-of-bounds Write (CVE-2022-47069)
p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCdbool at CPP/7zip/Archive/Zip/ZipIn.cpp. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVE...
Siemens SIMATIC and SCALANCE Devices Out-of-bounds Read (CVE-2023-39192)
A flaw was found in the Netfilter subsystem in the Linux kernel. The xtu32 module did not validate the fields in the xtu32 structure. This flaw allows a local privileged attacker to trigger an out-of- bounds read by setting the size fields with a value beyond the array boundaries, leading to a...
Siemens SCALANCE W700 Use After Free (CVE-2023-1670)
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA PC- card Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. This plugin only works with Tenable.ot. Please visit...
Siemens SCALANCE Devices Out-of-bounds Write (CVE-2023-6129)
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...