CVE-2025-7773

The CVE-2025-7773 entry relates to Rockwell Automation ArmorBlock 5000 I/O – Web Server, specifically the 5032 16pt Digital Configurable module. The root cause is a predictable session identifier: the web server’s session number increments at an interval correlated to the last two consecutive sig...

Rockwell Automation ArmorBlock 5000 I/O - Webserver

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to predict session numbers or perform privileged actions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

The vulnerability of the ISN Handler TCP connection processing component in Siemens’ software and hardware products allows attackers to intercept existing sessions.

The vulnerability of the ISN Handler TCP connection processing component in Siemens’ software and hardware products is related to the predictability of random session numbers. Exploiting this vulnerability allows a malicious actor to intercept existing sessions remotely...

CVE-2021-26098

An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs...

Fortinet FortiSandbox 安全特征问题漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A security signature issue vulnerability exists in the Fortinet FortiSandbox R...

DEBIAN-CVE-2020-1773

An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects OTRS Community Edition:...

GHSA-54MG-VGRP-MWX9 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack

Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start time and obtain a session ID value, they can theoretically determine the sequence of session IDs...

Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities

Louhi Networks Oy -= Security Advisory =- Advisory: Rittal CMC-TC Processing Unit II multiple vulnerabilities Release Date: 2009-03-23 Last Modified: 2009-03-22 Authors: Henri Lindberg, CISA henri d0t lindberg at louhi d0t fi Application: Rittal CMC-TC PU II Web management Devices: CMC-TC PU II D...

Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities

Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities Louhi Networks Oy -= Security Advisory =- Advisory: Rittal CMC-TC Processing Unit II multiple vulnerabilities Release Date: 2009-03-23 Last Modified: 2009-03-22 Authors: Henri Lindberg, CISA henri d0t lindberg at louhi d0t fi Application...