B&R Industrial Automation Security Vulnerabilities

Rockwell Automation ThinManager ThinServer SD1677 Multiple Vulnerabilites

The version of Rockwell Automation ThinManager ThinServer installed on the remote host is 11.1.x prior to 11.1.8, 11.2.x prior to 11.2.9, 12.0.x prior to 12.0.7, 12.1.x prior to 12.1.8, 13.0.x prior to 13.0.5, 13.1.x prior to 13.1.3 or 13.2.x prior to 13.2.2. It is therefore, affected by mutliple.....

CVE-2023-39003

OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory...

CVE-2023-39001

A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration...

CVE-2023-38998

An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted...

Mitsubishi Electric Automation MC-WorX Suite Detection

Mitsubishi Electric Automation MC-WorX, a suite of software modules for data visualization and SCADA applications, is installed on the remote Windows...

Honeywell PM43 Printers - Command Injection

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g....

Rockwell Automation ControlLogix Communications Modules Multiple Vulnerabilities

Rockwell Automation ControlLogix Communications Modules are affected by multiple vulnerabilities, as follows: A remote code execution vulnerability via crafted CIP messages. (CVE-2023-3595) A denial of service vulnerability via crafted CIP messages. (CVE-2023-3596) Note that Nessus has not...

VISAM Automation Base (VBASE) Web-Remote Detection

The VISAM Automation Base (VBASE) Web-Remote service, a web-based remote interface to VBASE, is running on the remote...

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado

Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC Install Tornado. Start a simple Tornado server that echoes each...

Exploit for CVE-2024-30078

CVE-2024-30078 Detection and Command Execution Script This...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-24795, CVE-2023-38709)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server (since 8.5.6), and User Management Service (since 18.0.0.1) in IBM Business...

Exploit for CVE-2024-0044

Android Autorooter This is just a mental note more than...

Milesight Routers - Information Disclosure

A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router...

CVE-2023-44275

OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby...

CVE-2023-39004

Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege...

CVE-2023-39006

The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input...

CVE-2023-39007

/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in...

CVE-2023-39008

A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system...

CVE-2023-39002

A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted...

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability.

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager ( CVE-2024-22354 ) Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for March 2023.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF003. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a...

Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce < 5.7.18 - Missing Authorization

Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all versions up to, and including,....

Exploit for CVE-2022-44666

Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Authorization Bypass Vulnerability

A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-22329)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s).....

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Inactive-to-Active ACL Bypass Vulnerability

A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected...

CVE-2023-2765

A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit.....

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2023-34055 DESCRIPTION: **VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC...

Rockwell Automation RSLinx Classic <= 4.00.01 Multiple Vulnerabilities

The remote host has a version of RSLinx Classic installed that is v4.00.01 or prior. It is, therefore, affected by multiple...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability

A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of...

Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2023-51775) Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4jHorizon Exploiting CVE-2021-44228 in VMWare Horizon for...

Exploit for PHP External Variable Modification in Juniper Junos

Automation for Juniper CVE:2023-36845 by Asbawy -&gt; Modified...

CVE-2023-2766

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The...

Exploit for Insertion of Sensitive Information into Log File in Milesight Ur5X Firmware

CVE-2023-43261 - PoC Critical Vulnerability Exposes...

Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm

CVE-2023-30253...

CVE-2023-31207

Transmission of credentials within query parameters in Checkmk &lt;= 2.1.0p26, &lt;= 2.0.0p35, and &lt;= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access...

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

Follina (PATCHED) ### Remote Access...

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado

Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC Install Tornado. Start a simple Tornado server that echoes each...

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

Follina (PATCHED) ### Remote Access...

Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm

CVE-2023-30253 Exploit Dolibarr...

Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm

CVE-2023-30253 Exploit Dolibarr...

Inductive Automation Ignition 8.x < 8.0.10 Multiple Vulnerabilities

The version of Inductive Automation Ignition running on the remote host is affected by multiple vulnerabilities : A denial of service (DoS) vulnerability exists due to an unprotected logging route when the Perspective Module is running. An unauthenticated, remote attacker can exploit...

Rockwell Automation RSLinx Classic < 4.11.00 Local Privilege Escalation

The remote host has a version of RSLinx Classic installed that is prior to 4.11.00. It is, therefore, affected by a local privilege escalation vulnerability where an authenticated attacker could modify a registry key, thiw could lead to the execution of malicious code usying system privileges when....

Rockwell Automation RSLinx Classic < 4.00.01 Local Privilege Escalation

The remote host has a version of RSLinx Classic installed that is prior to 4.00.01. It is, therefore, affected by a local privilege escalation vulnerability due to an unquoted path for a Windows service. A local attacker can gain elevated privileges by inserting an executable file in the path of...

CVE-2023-28746

Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local...

CVE-2023-28746

Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local...

Exploit for CVE-2024-31848

Exploiting CData within Jetty servers -...

Exploit for Injection in Gitlab

CVE-2022-2992 Authenticated Remote Command Execution in...

[ADT-3 R] RVC - CTS: StagefrightTest#testStagefright_bug_65483665 failure

In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...