Lucene search
K

81 matches found

NVD
NVD
added 2024/04/30 1:15 p.m.21 views

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

7.2CVSS6.8AI score0.00666EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/04/30 1:15 p.m.2 views

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

7.2CVSS5.9AI score0.00666EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/04/30 12:57 p.m.70 views

CVE-2024-2617

CVE-2024-2617 affects Hitachi Energy RTU500 series (RTU500 web server component). The vulnerability lets authenticated users bypass secure update and install unsigned firmware on RTU500. Reported impact is high (CVSS3.1: 7.2) with network attack vector, low complexity, high privileges required, a...

7.2CVSS6.1AI score0.00666EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/30 12:57 p.m.10 views

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

7.2CVSS6.1AI score0.00666EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.4 views

PT-2024-21304

Name of the Vulnerable Software and Affected Versions RTU500 affected versions not specified Description A vulnerability exists in the RTU500 that allows authenticated and authorized users to bypass secure update. If a malicious actor successfully exploits this vulnerability, they could use it to...

7.2CVSS5.9AI score0.00666EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/25 9:16 a.m.5 views

BUFFALO LinkStation 200 series vulnerable to arbitrary code execution

Overview LinkStation 200 series provided by BUFFALO INC. is a network attached storage NAS. LinkStation 200 series contains an arbitrary code execution vulnerability CWE-354, CVE-2023-51073 due to insufficient verification of data authenticity during firmware update. BUFFALO INC. reported this...

8.1CVSS7.8AI score0.01312EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.19 views

Rocky Linux 8 : gnome-software and fwupd (RLSA-2020:4436)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:4436 advisory. - A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is...

6CVSS5.9AI score0.0049EPSS
Exploits1References8
Cvelist
Cvelist
added 2023/07/13 10:59 a.m.31 views

CVE-2023-25178 Controller design flaw - unsigned firmware

Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning...

9.8CVSS9.9AI score0.00433EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/13 10:59 a.m.12 views

CVE-2023-25178 Controller design flaw - unsigned firmware

Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning...

9.8CVSS7.9AI score0.00433EPSS
Exploits0References1
OSV
OSV
added 2023/05/22 8:15 p.m.6 views

CVE-2023-28386

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrar...

9.8CVSS7.6AI score0.00419EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/13 12:0 a.m.6 views

BlackVue DR750-2CH LTE 数据伪造问题漏洞

BlackVue DR750-2CH LTE is an in-vehicle full HD monitor from BlackVue. A security vulnerability exists in the BlackVue DR750-2CH LTE version v.1.0122022.10.26, which stems from not checking the authenticity of uploaded firmware. An attacker could exploit the vulnerability to upload a firmware tha...

9.8CVSS8.8AI score0.00735EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.2 views

SUSE CVE-2020-10759

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...

7.4CVSS6.5AI score0.0049EPSS
Exploits1References7
OSV
OSV
added 2023/02/06 2:15 p.m.3 views

CVE-2021-36226

Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files...

9.8CVSS5.8AI score0.00808EPSS
Exploits1References3
OSV
OSV
added 2022/12/26 5:15 a.m.6 views

CVE-2022-24117

Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6...

9.8CVSS5.8AI score0.00353EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/17 3:15 p.m.2 views

CVE-2022-30262

The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have n...

7.8CVSS7.1AI score0.00171EPSS
Exploits0References3
OSV
OSV
added 2022/08/05 11:4 a.m.4 views

OESA-2022-1801 fwupd security update

aims to make updating firmware on Linux automatic, safe and reliable. Security Fixes: A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because th...

6CVSS6.3AI score0.0049EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/07/28 4:15 p.m.6 views

CVE-2022-30316

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...

6.8CVSS7.3AI score0.00361EPSS
Exploits0References3
OSV
OSV
added 2022/07/13 9:15 p.m.4 views

CVE-2022-34762

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 an...

7.5CVSS5.8AI score0.00666EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/12 11:0 a.m.2 views

CVE-2022-34762

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 an...

7.5CVSS5.9AI score0.00666EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.6 views

Emerson DeltaV Distributed Control System 数据伪造问题漏洞

Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson. The system includes features such as network security management, alarm management, batch control, and change management. The Emerson DeltaV Distributed Control System is vulnerable to a data forger...

7.8CVSS7.4AI score0.00149EPSS
Exploits0References5
Rows per page
Query Builder