B&R Industrial Automation Security Vulnerabilities

CVE-2024-5659

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

PoC for the ThemeBleed CVE-2023-38146 exploit (Windows 11...

CVE-2020-36657

uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R...

Oracle Business Intelligence Publisher - XML External Entity Injection

Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI...

Exploit for CVE-2023-22515

CVE-2023-22515-Scan About This is simple scanner for...

Moxa Device Manager Tool MDM2_Gateway Response Remote Overflow

The remote Windows host has a version earlier than 2.3 of the Moxa Device Manager (MDM) Tool, used for managing embedded industrial control systems across the Internet. Such versions are affected by a buffer overflow vulnerability that can be triggered using a specially crafted MDM2_Gateway...

CVE-2022-41954

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of File.createTempFile(..) results in temporary files being created with the permissions -rw-r--r--. This means that any...

CVE-2023-43490

Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local...

F5 Networks BIG-IQ Detection

Nessus was able to obtain version information for an F5 Networks BIG-IQ device on the remote host via an SSH login or by examining HTTP services running on the device. BIG-IQ is a product for managing BIG-IP...

CVE-2023-43490

Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local...

CVE-2024-37368

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...

Exploit for CVE-2023-43208

CVE-2023-43208 - Mirth Connect Remote Code Execution (RCE)...

(RHSA-2021:4140) Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427) * kernel: Improper input validation in some Intel(R) Ethernet E810...

Siemens SIMATIC STEP 7 (TIA Portal) < 1300.100.2501.1 Multiple Vulnerabilities (SSA-315836)

The remote host is running a version of Siemens SIMATIC STEP 7 (TIA Portal) prior to version 13 Service Pack 1 Update 1. It is, therefore, affected by multiple vulnerabilities : An unspecified man-in-the-middle vulnerability allows remote attackers to intercept or modify Siemens ...

(RHSA-2024:3178) Important: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Automation.

Summary IBM Workload Automation has updated OpenSSL to address multiple vulnerabilities. (CVE-2023-2650, CVE-2023-0464, CVE-2023-0466, CVE-2023-0465). Vulnerability Details ** CVEID: CVE-2023-2650 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when using...

(RHSA-2021:4356) Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427) * kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502) * kernel: Insufficient...

Nmap NSE net: ftp-libopie

This VT has been deprecated and is therefore no longer ...

[SECURITY] [DLA 3808-1] intel-microcode security update

Debian LTS Advisory DLA-3808-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost May 04, 2024 https://wiki.debian.org/LTS Package : intel-microcode Version : 3.20240312.1~deb10u1 CVE...

CVE-2024-3331

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...

CVE-2024-3331

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...

CVE-2023-22945

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related...

CVE-2023-29383

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when.....

Moxa EDR Router Detection (HTTP)

HTTP based detection of Moxa EDR Router...

K000135795: Downfall Attacks CVE-2022-40982

Security Advisory Description Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-40982) Impact...

r-sky.co.jp Improper Access Control vulnerability OBB-3844078

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-38661

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007...

CVE-2024-3331 Spotfire: NTLM token leakage

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...

CVE-2022-31150

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

CVE-2024-30088 Bug: Bug is inside function...

CVE-2024-1657

A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of...

Amazon Linux 2023 : libRmath, libRmath-devel, libRmath-static (ALAS2023-2024-638)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-638 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data...

BIT-ruby-2020-5247

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. CR, LF or/r, /n) to end the header and inject malicious content, such as additional headers or an entirely new response body....

BIT-airflow-2024-29735

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3.Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-shell-poc A Proof-Of-Concept for the recently found...

CVE-2023-32042

OLE Automation Information Disclosure...

systemd security update

[239-82.0.1] - Fixed deletion issue for symlink when device is opened [Orabug: 36228608] - Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 35871376] - 1A) Add 'systemd-fstab-generator-reload-targets.service' file [Orabug: 35871376] - 1B) Add required.....

Exploit for Command Injection in Chamilo

CVE-2023-34960 Mass unauthenticated command injection...

Fedora: Security Advisory for qt6-qtserialbus (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtserialbus (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal Elementor Addons

🚀 WordPress Royal Elementor Addons and Templates Exploit...

CVE-2023-25822

ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...

CVE-2023-41897

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...

Exploit for Code Injection in Provectus Ui

CVE-2023-52251-POC There is a Remote Code Execution...

CVE-2024-6188

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...

Exploit for Path Traversal in Wso2 Api Manager

😭 WSOB...

CVE-2023-52488

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: convert from raw to noinc regmap functions for FIFO The SC16IS7XX IC supports a burst mode to access the FIFOs where the initial register address is sent ($00), followed by all the FIFO data without having to...

Security Bulletin: IBM Maximo Asset Management - There is a vulnerability in Java on z/OS used by IBM Maximo Asset Management application (CVE-2024-3933)

Summary There is a vulnerability in Java on z/OS used by IBM Maximo Asset Management application. Vulnerability Details ** CVEID: CVE-2024-3933 DESCRIPTION: **Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure to restrict access to a...

Exploit for Expression Language Injection in Vmware Spring Cloud Gateway

Spring Cloud Gateway Actuator API...

Security Updates for Microsoft SharePoint Server and Microsoft Project Server (May 2018)

The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a ...