Tag
#perl
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE M-800 family (incl. S615, MUM-800 and RM1224), SCALANCE SC-600 family Vulnerability: Partial String Comparison 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain partial invalid usernames accepted by the server. A remote attacker would need access to a valid certificate in order to perform a successful attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SCALANCE SC-600 family: All versions Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2): All versions prio...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE LPE9403 Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Check for Dropped Privileges 2. RISK EVALUATION Successful exploitation of these vulnerabilities allow a remote attacker to execute arbitrary code, read and write arbitrary files, escalate privileges, or execute a limited set of binaries that are present on the filesystem 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following pr...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SiPass integrated AC5102 (ACC-G2), SiPass integrated ACC-AP Vulnerabilities: Missing Authentication for Critical Function, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute commands on the device with root privileges and access sensitive data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SiPass integrated AC5102 (ACC-G2): All versions prior to V6.4.8 (CVE-2024-52285) Siemens SiPass integrated AC5102 (ACC-G2): All versions...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Client Vulnerabilities: Integer Overflow or Wraparound, Unprotected Alternate Channel, Improper Restriction of Communication Channel to Intended Endpoints, Stack-based Buffer Overflow, Unrestricted Upload of File with Dangerous Type, Missing Release of Resource after Effective Lifetime 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to overflow memory buffers, impersonate a legitimate user, maintain longer session times, gain elevated privileges, and execute code remotely. 3. TECHNICAL DETAILS 3.1...
Cary, North Carolina, 13th March 2025, CyberNewsWire
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.
# Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A vulnerability exists in ASP.NET Core applications calling RefreshSignInAsync with an improperly authenticated user parameter that could allow an attacker to sign into another user's account, resulting in Elevation of Privilege. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/348 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any ASP.NET Core 9.0 application running on AS...
Elon Musk said a “massive cyberattack” disrupted X on Monday and pointed to “IP addresses originating in the Ukraine area” as the source of the attack. Security experts say that's not how it works.
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.