Check Point response to CVE-2022-0778

Symptoms Dell published CVE-2022-0778 for: iDRAC8 versions before 2.83.83.83 iDRAC9 versions before 5.10.30.00 Cause Refer to DSA-2022-154: Dell iDRAC8 and Dell iDRAC9 Security Update for an OpenSSL Vulnerability. Solution Important Note: If you have not enabled iDRAC as described in sk122914, th...

Check Point Response to CVE-2022-24422 - Dell iDRAC9 Security Update for an Improper Authentication Vulnerability

Cause Refer to Dell's DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability. Symptoms - Dell published CVE-2022-24422 for iDRAC9 versions 5.00.00.00 and higher but lower than 5.10.10.00. These versions contain an improper authentication vulnerability. A remote...

Check Point Response to CVE-2021-36347, CVE-2021-36348, CVE-2021-36346, CVE-2021-3712 - Dell iDRAC8 / iDRAC9 vulnerabilities

Cause See Dell's DSA-2021-259: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities. CVE-2021-36347 CVE-2021-36348 CVE-2021-36346 CVE-2021-3712 Symptoms - Dell published CVE-2021-36347 for iDRAC8 versions before 2.82.82.82 and iDRAC9 versions before 5.00.20.00 - Dell published...

Check Point Response to CVE-2021-36299, CVE-2021-36300, CVE-2021-36301, CVE-2021-20235 - Dell iDRAC9 Vulnerabilities

Cause CVE-2021-36299 - An SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application. CVE-2021-36300 -...

Check Point Response to CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 - TCP SACK PANIC Linux Kernel vulnerabilities

Cause CVE-2019-11477: The Linux kernel is vulnerable to an integer overflow in the 16-bit width of TCPSKBCBskb- tcpgsosegs. A remote attacker could exploit this to crash the system and create a Denial Of Service. CVE-2019-11478: The Linux kernel is vulnerable to a flaw that allows attackers to se...

Design/Logic Flaw

cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 -- AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary ...

CVE-2017-17888

The CVE-2017-17888 entry concerns Anti-Web (up to version 3.8.7) used in multiple industrial/OT devices (NetBiter/HMS, Ouman EH-net, Alliance WS100 → AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, ASCON DY WebServer). Vulnerability: remote authe...

CVE-2017-17888

cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 -- AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary ...

Apps industrial OT over Server: Anti-Web Remote Command Execution(CVE-2017-17888)

Exploit Title: Apps industrial OT over Server: "Anti-Web 3.x.x 3.8.x" vuln: Remote Command Execution Date: 15/05/2017 Exploit Author: Fernandez Ezequiel @capitanalfa && Bertin Jose @bertinjoseb Vendor: Multiples vendors Category: Industrial OT webapps + DESCRIPTION: vulnerability: RCE REMOTE...