B&R Industrial Automation Security Vulnerabilities

K000139652: Intel CPU vulnerability CVE-2023-23583

Security Advisory Description Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. (CVE-2023-23583) Impact.....

CVE-2023-29141

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For...

CVE-2024-1889

Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected...

CVE-2024-1889 Cross-Site Request Forgery vulnerability in SMA Cluster Controller

Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected...

CVE-2024-1889

Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected...

CVE-2024-1889 Cross-Site Request Forgery vulnerability in SMA Cluster Controller

Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected...

CrushFTP < 11.1.0 - Directory Traversal

...

CrushFTP < 11.1.0 - Directory Traversal Exploit

...

CVE-2024-4563

The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit...

CVE-2023-27482

homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older....

Exploit for Deserialization of Untrusted Data in Apache Log4J

CVE-2021-44228 Remote Code Injection In Log4j...

Security Updates for Microsoft Sharepoint Server (June 2018)

The Microsoft Sharepoint Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request...

Exploit for Path Traversal in Vmware Cloud Foundation

![vckiller](https://socialify.git.ci/Schira4396/VcenterKiller/im......

CVE-2023-41895

Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the redirect_uri and client_id parameters. Although the redirect_uri validation typically ensures that it matches.....

CVE-2023-31211 Disabled automation users could still authenticate

Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked...

CVE-2021-20599

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a...

CVE-2021-20599

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a...

Fedora: Security Advisory for libcoap (FEDORA-2024-75863445ff)

The remote host is missing an update for...

Security Advisory 0098

Security Advisory 0098 _._CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-77 Improper...

Exploit for Code Injection in Apache Airflow

Apache Airflow &lt; 2.4.0 RCE (CVE-2022-40127) **PoC for...

CVE-2024-3626

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all versions up to, and including, 5.7.17....

Aquatronica Control System 5.1.6 Password Disclosure

...

CVE-2021-20599

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a...

Aquatronica Control System 5.1.6 - Information Disclosure

...

Exploit for CVE-2022-4060

UPGer | CVE-2022-4060 - User Post Gallery Automatic Mass Tool...

Fedora: Security Advisory for libcoap (FEDORA-2024-450b75e4a0)

The remote host is missing an update for...

Microsoft SharePoint Server Excel Services Multiple Remote Code Execution Vulnerabilities (3115112)

This host is missing an important security update according to Microsoft Bulletin...

Exploit for Cleartext Transmission of Sensitive Information in Keepass

KeePass 2.X Master Password Dumper...

CVE-2023-39368

Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network...

CVE-2023-43487

Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local...

Flowmon Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.1 addresses multiple existing security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.1 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-24680 DESCRIPTION: **Django is vulnerable to a denial of...

DotNetNuke Cookie Deserialization Remote Code Excecution

This module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC. Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML. The expected structure includes a "type" attribute to instruct the server which type of object to...

CVE-2023-6815

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

Aquatronica Control System 5.1.6 Passwords Leak Vulnerability

Title: Aquatronica Control System 5.1.6 Passwords Leak Vulnerability Advisory ID: ZSL-2024-5824 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data Risk: (5/5) Release Date:...

Important: microcode_ctl

Issue Overview: 2024-05-09: CVE-2021-33117 was added to this advisory. A flaw was found in microcode. Under complex microarchitectural conditions, an unexpected code breakpoint may cause a system hang. The hang was observed on a Skylake server processor, and subsequent analysis indicated...

Exploit for Deserialization of Untrusted Data in Apache Log4J

CVE-2021-44228(Apache Log4j Remote Code Execution） [all...

CVE-2022-39395

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade...

AVEVA InduSoft Web Studio / InTouch Edge HMI TCP/IP Server Detection

The remote host is running the TCP/IP server for AVEVA InduSoft Web Studio (IWS) or InTouch Edge HMI (formerly InTouch Machine Edition), a software application for managing and monitoring SCADA...

CVE-2022-33324

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...

CVE-2023-6815

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

CVE-2023-42793 - TeamCity Admin Account Creation lead to RCE ...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF031 and 23.0.2-IF003. Vulnerability Details ** CVEID: CVE-2023-44270 DESCRIPTION: **PostCSS could allow a remote attacker to bypass security...

CVE-2023-50715

Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant...

Ars0N-Framework - A Modern Framework For Bug Bounty Hunting

Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...

Exploit for CVE-2024-27697

FuguHub 8.4 Authenticated RCE Fuguhub is a Cloud Media...

CVE-2024-27287

ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves...

Exploit for Cross-site Scripting in Helpsystems Cobalt Strike

CVE-2022-39197-RCE First This project was modified from...

CVE-2023-32282

Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...