CVE-2022-2502

A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must ...

PT-2023-4235 · Hitachi Energy · Rtu500 Series

Name of the Vulnerable Software and Affected Versions: Hitachi Energy RTU500 series product affected versions not specified Description: The issue is related to a buffer overflow in the stack of the HCI interface, which functions according to the IEC 60870-5-104 standard. This can be exploited by...

Security Bulletin: IBM QRadar Network Security is affected by Information Exposure PenTest vulnerabilities.(ase id:462657, ase id:462667)

Summary IBM QRadar Network Security has addressed the following PenTest vulnerabilities. 1. X-Powered-By header reveals Servlet/3.0 is in use. 2. Stack trace visible through help docs. Vulnerability Details CVEID: CVE-2020-4159 DESCRIPTION: IBM QRadar Network Security discloses sensitive...

Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in openldap. (CVE-2020-25709, CVE-2020-25710)

Summary IBM QRadar Network Security has addressed vulnerabilities in openldap. The issue could lead to Denial of service. Vulnerability Details CVEID: CVE-2020-25709 DESCRIPTION: OpenLDAP is vulnerable to a denial of service, caused by an assertion failure in certificateListValidate function in...

Security Bulletin: IBM QRadar Network Security is affected by vulnerability in rpm. (CVE-2021-20271)

Summary IBM QRadar Network Security has addressed vulnerability in rpm library. the issue could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-20271 DESCRIPTION: RPM could allow a remote attacker to execute arbitrary code on the system, caus...

Security Bulletin: IBM Security SiteProtector System is affected by GSKit vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in GSKit. Vulnerability Details CVEID: CVE-2018-1428 DESCRIPTION: IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base Scor...

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server Vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmime. By sending a...

Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in bash (CVE-2016-9401, CVE-2016-7543, CVE-2016-0634)

Summary IBM QRadar Network Security has addressed vulnerabilities in bash. Vulnerability Details CVEID: CVE-2016-9401 DESCRIPTION: GNU Bash could allow a local attacker to bypass security restrictions, caused by a use-after-free error. An attacker could exploit this vulnerability using a speciall...

Security Bulletin: A vulnerability in OpenSSH affects IBM Security Network Protection (CVE-2015-8325)

Summary A security vulnerability has been discovered in OpenSSH, which is used by IBM Security Network Protection. Vulnerability Details CVEID: CVE-2015-8325 DESCRIPTION: OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by an error in the dosetupenv function...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server (IHS) affect IBM Security SiteProtector System (CVE-2015-1283, CVE-2015-3183 and CVE-2015-4947)

Summary There are multiple vulnerabilities in IBM HTTP Server IHS that is used by IBM Security SiteProtector System. Vulnerability Details CVEID: CVE-2015-1283 DESCRIPTION: Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89...

Security Bulletin: Vulnerability in OpenSSL affects IBM Security SiteProtector System (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM Security SiteProtector System uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an erro...