#auth

Google has released an urgent update for the Chrome browser to patch a vulnerability which has already been exploited.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FESTO Equipment: Hardware Controller, Hardware Servo Press Kit Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute unauthorized system commands with root privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS FESTO reports the following products are affected: Festo Firmware installed on Festo Hardware Controller CECC-X-M1: Version 4.0.14 Festo Firmware installed on Festo Hardware Controller CECC-X-M1: Versions 3.8.14 and prior Festo Firmware installed on Festo Hardware Controller CECC-X-M1-MV: Versions 3.8.14 and prior Festo Firmware installed on Festo Hardware Controller CECC-X-M1-MV: Version 4.0.14 Festo Firmware installed on Festo Hardware Controller CECC-X-M1-MV-S1: Version 4.0.14 Festo Firmware installed on Festo Hardware...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FESTO Equipment: CODESYS Vulnerabilities: Partial String Comparison, Uncontrolled Resource Consumption, Memory Allocation with Excessive Size Value 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to block legitimate user connections, crash the application, or authenticate without proper credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS FESTO reports that the following products are affected: FESTO CODESYS Gateway Server V2: All versions FESTO CODESYS Gateway Server V2: prior to V2.3.9.38 3.2 VULNERABILITY OVERVIEW 3.2.1 PARTIAL STRING COMPARISON CWE-187 In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only part of the specified password is being compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Voltronic Power, PowerShield Equipment: Viewpower, NetGuard Vulnerabilities: Exposed Dangerous Method or Function, Forced Browsing 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker remotely to make configuration changes, resulting in shutting down UPS connected devices or execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Voltronic Power and PowerShield UPS monitoring software is affected, as well as other derivative products: Voltronic Power Viewpower: Version 1.04-24215 and prior Voltronic Power ViewPower Pro: Version 2.2165 and prior Powershield NetGuard: Version 1.04-22119 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSED DANGEROUS METHOD OR FUNCTION CWE-749 The UPS management software normally allows a properly authenticated and authorized user using a web interface to configure the s...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FESTO, FESTO Didactic Equipment: CIROS Studio / Education, Automation Suite, FluidDraw, FluidSIM, MES-PC Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full control of the host system, including remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS FESTO, FESTO Didactic reports that the following products are affected: FESTO Didactic CIROS Studio / Education: 6.0.0 - 6.4.6 FESTO Didactic CIROS Studio / Education: 7.0.0 - 7.1.7 FESTO Festo Automation Suite: <= 2.6.0.481 FESTO FluidDraw: P6 <= 6.2k FESTO FluidDraw: 365 <= 7.0a FESTO Didactic FluidSIM: 5 all versions FESTO Didactic FluidSIM: 6 <= 6.1c FESTO Didactic MES-PC: shipped before December 2023 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network servi...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Modular Switchgear Monitoring (MSM) Vulnerability: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to execute untrusted code, potentially leading to unauthorized actions or system compromise. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports the following products are affected: Hitachi Energy MSM: Version 2.2.9 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e., .html(), .append(), and others) may result in the execution of untrusted code. CVE-2020-11022 has b...

Scammers are exploiting Microsoft 365 Direct Send to spoof internal emails targeting US firms bypassing security filters with…

Facebook's pursuit of your personal data continues, and now it has a new target: photos on your phone that you haven't shared with it yet.

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. The changes, the company said, are part of its efforts to streamline autofill in the two-factor authentication (2FA) app. "Starting July 2025, the autofill feature in Authenticator will stop working, and from August 2025, passwords will no longer be accessible in Authenticator," Microsoft