Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device.

2023-07-05 10:00 (CEST) VDE-2023-011  

**Frauscher: Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability**  
Share: Email | Twitter  

**Published**

2023-07-05 10:00 (CEST)

**Last update**

2023-07-03 07:53 (CEST)

**Vendor(s)**

Frauscher Sensortechnik GmbH  

**Product(s)**

Article No°

Product Name

Affected Version(s)

Diagnostic System FDS101 for FAdC/FAdCi

<= 1.3.3

**Summary**

Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication.

**CVE ID**

**Last Update:**

July 3, 2023, 7:48 a.m.

**Severity**

**Weakness**

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')  (CWE-22) 

**Summary**

Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device.

**Details**

**Impact**

The attacker can read all files on the filesystem of the FDS001 device. Note: Orphaned SSH keys exist on the file system, but they cannot be used to log in to the machine.

**Solution**

**Mitigation**

Security-related application conditions SecRAC  
The railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS001.  
The recommendation is to connect the Frauscher Diagnostic System FDS001 to a network of category 2. If the Frauscher Diagnostic System FDS001 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.

**Remediation**

For the Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 no more firmware updates will be provided.

**Reported by**

Frauscher Sensortechnik coordinated with CERT@VDE

CVE-2023-2880: VDE-2023-011 | CERT@VDE

TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.



As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

**Please sign in**

**SUMMARY**

**TN-5900 Series User Enumeration Vulnerability**

*   Security Advisory ID: MPSA-230401
*   Version: V1.0
*   Release Date: Jul 03, 2023
*   Reference:
    *   CVE-2023-3336

A user enumeration vulnerability exists in the TN-5900 Series. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.

The identified vulnerability types and potential impacts are shown below:

Item

Vulnerability Type

Impact

1

CWE-204: Observable Response Discrepancy

An attacker located remotely can obtain sensitive information.

**AFFECTED PRODUCTS AND SOLUTIONS**

**Affected Products:**

The affected products and firmware versions are shown below.

Product Series

Affected Versions

TN-5900 Series

Firmware version 3.3 and earlier

**Solutions:**

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

**Products Confirmed Not Vulnerable:**

Only products listed in the Affected Products section of this advisory are known to be affected by this vulnerability. Moxa has confirmed that this vulnerability does not affect the following products:

*   TN-4900 Series
*   EDR-810 Series
*   EDR-G9010 Series
*   EDR-G902 Series
*   EDR-G903 Series
*   NAT-102 Series
*   Moxa Remote Connect Suite MRC-1002 Series
*   OnCell 3120-LTE-1 Series
*   OnCell 5104-HSPA Series

**Revision History:**

VERSION

DESCRIPTION

RELEASE DATE

1.0

First Release

July 3, 2023

**Relevant Products**

TN-5900 Series ·

*     Print this page
    
*   You can manage and share your saved list in My Moxa
    

**Related Advisories**

*   Multiple Routers Improper Input Validation Vulnerabilities
*   TN-5916 Series Privilege Escalation Vulnerability
*   Secure Router EDR and TN Series Improper Input Validation Vulnerabilities
*   TN-5900 Series Secure Routers Vulnerabilities
*   TN-5900 Series Secure Routers Vulnerability

**Let’s get that fixed**

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability

You have some items waiting in your bag; click here to finish your quote!

You are currently on the Global / English site.  
Would you like to go to the site for your region?

Feedback

CVE-2023-3336: TN-5900 Series User Enumeration Vulnerability

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.

Sorry, I can't find "_1813299?cve=title_". It does not seem like bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2023-37206: Invalid Bug ID

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115.

**Mozilla Foundation Security Advisory 2023-22**

Announced

July 4, 2023

Impact

high

Products

Firefox

Fixed in

*   Firefox 115

**#CVE-2023-3482: Block all cookies bypass for localstorage**

Reporter

Martin Hostettler

Impact

moderate

**Description**

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission.

**References**

*   Bug 1839464

**#CVE-2023-37201: Use-after-free in WebRTC certificate generation**

Reporter

Irvan Kurniawan

Impact

high

**Description**

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.

**References**

*   Bug 1826002

**#CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey**

Reporter

zx

Impact

high

**Description**

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.

**References**

*   Bug 1834711

**#CVE-2023-37203: Drag and Drop API may provide access to local system files**

Reporter

Paul Nickerson

Impact

moderate

**Description**

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code.

**References**

*   Bug 291640

**#CVE-2023-37204: Fullscreen notification obscured via option element**

Reporter

Irvan Kurniawan

Impact

moderate

**Description**

A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks.

**References**

*   Bug 1832195

**#CVE-2023-37205: URL spoofing in address bar using RTL characters**

Reporter

Rohan Sharma

Impact

moderate

**Description**

The use of RTL Arabic characters in the address bar may have allowed for URL spoofing.

**References**

*   Bug 1704420

**#CVE-2023-37206: Insufficient validation of symlinks in the FileSystem API**

Reporter

Ameen Basha M K

Impact

moderate

**Description**

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website.

**References**

*   Bug 1813299

**#CVE-2023-37207: Fullscreen notification obscured**

Reporter

Shaheen Fazim

Impact

moderate

**Description**

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.

**References**

*   Bug 1816287

**#CVE-2023-37208: Lack of warning when opening Diagcab files**

Reporter

Puf

Impact

moderate

**Description**

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.

**References**

*   Bug 1837675

**#CVE-2023-37209: Use-after-free in \`NotifyOnHistoryReload\`**

Reporter

Simon Descarpentries

Impact

moderate

**Description**

A use-after-free condition existed in NotifyOnHistoryReload where a LoadingSessionHistoryEntry object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused.

**References**

*   Bug 1837993

**#CVE-2023-37210: Full-screen mode exit prevention**

Reporter

Hafiizh

Impact

low

**Description**

A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks.

**References**

*   Bug 1821886

**#CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13**

Reporter

Andrew McCreight, Matthew Gaudet, Tom Ritter, and the Mozilla Fuzzing Team,

Impact

high

**Description**

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

**#CVE-2023-37212: Memory safety bugs fixed in Firefox 115**

Reporter

Andrew McCreight, and the Mozilla Fuzzing Team

Impact

high

**Description**

Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 115

CVE-2023-3482: Security Vulnerabilities fixed in Firefox 115

A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained.  This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115.

Sorry, I can't find "_1837993?cve=title_". It does not seem like bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2023-37209: Invalid Bug ID

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

**Mozilla Foundation Security Advisory 2023-23**

Announced

July 4, 2023

Impact

high

Products

Firefox ESR

Fixed in

*   Firefox ESR 102.13

**#CVE-2023-37201: Use-after-free in WebRTC certificate generation**

Reporter

Irvan Kurniawan

Impact

high

**Description**

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.

**References**

*   Bug 1826002

**#CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey**

Reporter

zx

Impact

high

**Description**

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.

**References**

*   Bug 1834711

**#CVE-2023-37207: Fullscreen notification obscured**

Reporter

Shaheen Fazim

Impact

moderate

**Description**

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.

**References**

*   Bug 1816287

**#CVE-2023-37208: Lack of warning when opening Diagcab files**

Reporter

Puf

Impact

moderate

**Description**

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.

**References**

*   Bug 1837675

**#CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13**

Reporter

Andrew McCreight, Matthew Gaudet, Tom Ritter, and the Mozilla Fuzzing Team,

Impact

high

**Description**

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

CVE-2023-37208: Security Vulnerabilities fixed in Firefox ESR 102.13

** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.

**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2023-34150

Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.

**XXE vulnerability - ManageEngine ADManager Plus**

**Vulnerability Details**

**Severity**

Low

**CVE ID**

CVE- 2023-35786

**Affected software versions**

Build 7182 and older

**Fixed version**

Build 7183

**Fixed on**

March 15, 2023

**Details**

ADManager Plus builds 7182 and older were reported to have an authenticated XML external entity injection vulnerability. This has been fixed in the build 7183; its release notes can be found here.

**Impact**

Authenticated administrators were able to perform XXE attacks and view files in servers running the affected product versions.

**Steps to update**

Update your ADManager Plus instance to its latest build by installing the service pack.

**Acknowledgement**

This issue was reported by r00t4dm via Zoho's Bug Bounty program.

Select a language to translate the contents of this web page:

CVE-2023-35786: Mitigate XXE Vulnerability in ADManager Plus | CVE

Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.

CVE-2022-42175

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.

Expand Up

@@ -375,6 +375,59 @@ public Collection engineGetCRLs(CRLSelector selector)

  

return crlSet;

}

private static String\[\] FILTER\_ESCAPE\_TABLE = new String\['\\\\' + 1\];

  

  

static {

  

// Filter encoding table -------------------------------------

  

// fill with char itself

for (char c = 0; c < FILTER\_ESCAPE\_TABLE.length; c++) {

FILTER\_ESCAPE\_TABLE\[c\] = String.valueOf(c);

}

  

// escapes (RFC2254)

FILTER\_ESCAPE\_TABLE\['\*'\] = "\\\\2a";

FILTER\_ESCAPE\_TABLE\['('\] = "\\\\28";

FILTER\_ESCAPE\_TABLE\[')'\] = "\\\\29";

FILTER\_ESCAPE\_TABLE\['\\\\'\] = "\\\\5c";

FILTER\_ESCAPE\_TABLE\[0\] = "\\\\00";

  

}

  

/\*\*

\* Escape a value for use in a filter.

\* @param value the value to escape.

\* @return a properly escaped representation of the supplied value.

\*/

private String filterEncode(String value)

{

if (value == null)

{

return null;

}

  

// make buffer roomy

StringBuilder encodedValue = new StringBuilder(value.length() \* 2);

  

int length = value.length();

  

for (int i = 0; i < length; i++) {

  

char c = value.charAt(i);

  

if (c < FILTER\_ESCAPE\_TABLE.length) {

encodedValue.append(FILTER\_ESCAPE\_TABLE\[c\]);

}

else {

// default: add the char

encodedValue.append(c);

}

}

  

return encodedValue.toString();

}

  

/\*\*

\* Returns a Set of byte arrays with the certificate or CRL encodings.

Expand All

@@ -388,7 +441,8 @@ public Collection engineGetCRLs(CRLSelector selector)

private Set search(String attributeName, String attributeValue,

String\[\] attrs) throws CertStoreException

{

String filter = attributeName + "=" + attributeValue;

String filter = attributeName + "=" + filterEncode(attributeValue);

System.out.println(filter);

if (attributeName == null)

{

filter = null;

Expand Down

Source

CVE