ICSA-21-040-06_Siemens JT2Go and Teamcenter Visualization (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: JT2Go and Teamcenter Visualization Vulnerabilities: Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer, Stack-based Buffer overflow, Out-of-Bounds Write, Type...

CVE-2021-27413

Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code...

Siemens Tecnomatix Plant Simulation SPP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

CVE-2021-27398

Tecnomatix Plant Simulation (all versions

Omron CX-One

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Omron Equipment: CX-One Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The...

Siemens SIMATIC UltraVNC HMI WinCC Products

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC HMIs/WinCC Products Vulnerabilities: Improper Initialization, Out-of-bounds Read, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Access of Memory Location After End...

CVE-2021-22673

The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firmware updates from the CDN server, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK...

Stack overflow

The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firmware updates from the CDN server, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK...

CVE-2021-22673

The CVE-2021-22673 entry concerns Texas Instruments SimpleLink wireless MCUs. A stack-based buffer overflow bug occurs while processing over-the-air firmware updates from the CDN server, potentially allowing remote code execution on affected devices. Affected SDKs include MSP432E4 SDK v4.20.00.12...

Siemens JT2Go < 13.1.0.1 Multiple Vulnerabilities (SSA-663999)

The version of Siemens JT2Go installed on the remote Windows hosts is prior to 13.1.0.1. It is, therefore, affected by multiple vulnerabilities, including the following: - A vulnerability has been identified in JT2Go. Affected applications lack proper validation of user-supplied data when parsing...

CVE-2021-20515

CVE-2021-20515 affects IBM Informix Dynamic Server 14.10 and describes a stack-based buffer overflow caused by improper bounds checking. A locally privileged user could overflow a buffer and execute arbitrary code or cause a denial of service. IBM’s Security Bulletin lists 14.10.xC5 as the fix ve...

CVE-2021-31438

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and Version 8 used by Rational Directory Server Tivoli and Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in February 2021. Upgrade the JRE in order to resolve...

Texas Instruments SimpleLink

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Texas Instruments Equipment: SimpleLink Wi-Fi, MSP432, CC13XX, CC26XX, CC32XX, CC3100 Vulnerabilities: Stack-based Buffer Overflow, Integer Overflow or Wraparound 2. RISK EVALUATION Successful...

CVE-2021-27480

Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code...

CVE-2021-27480

Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code...

Stack overflow

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934...

CVE-2021-20546

CVE-2021-20546 affects IBM Spectrum Protect Client versions 8.1.0.0 through 8.1.11.0, where a stack-based buffer overflow can be triggered by improper bounds checking when processing locale/current language environment settings. This local vulnerability can cause the client to crash and may allow...

Foxit Studio Photo PSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

CVE-2021-27382

CVE-2021-27382 affects Siemens Solid Edge (SE2020 before MP13, SE2020 before MP14, SE2021 before MP4). The issue is a stack-based buffer overflow in PAR file parsing due to inadequate validation of user-supplied data, enabling code execution in the context of the current process. Public advisorie...