#dos

Ubuntu Security Notice 6635-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

Red Hat Security Advisory 2024-0827-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-0820-03 - Red Hat Advanced Cluster Management for Kubernetes 2.8.5 General Availability release images, which provide security updates and fix bugs. Issues addressed include denial of service and traversal vulnerabilities.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: SIMATIC, OpenPCS Vulnerabilities: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a persistent denial-of-service condition in the RPC Server of these products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: OpenPCS 7 V9.1: All versions SIMATIC BATCH V9.1: All versions SIMATIC PCS 7 V9.1: All versions SIMATIC Route Control V9.1: All versions SIMATIC WinCC Runtime Professional V18: All versions SIMATIC WinCC Runtime Profes...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS Vulnerabilities: Out-of-bounds Read, Inadequate Encryption Strength, Double Free, Use After Free, NULL Pointer Dereference, Improper Input Validation, Missing Encryption of Sensitive Data, Allocation of Resources Without Limits or Throttling, Improper Authentication, Inefficient Regular Expression Complexity, Excessive Iteration, HTTP Request/Response Smuggling, Injection, Path Traversal, Race Condition, Improper Certificate Validation, Off-by-one Error, Missing Authorization, Use of Insufficiently Random Values, Buffer Underflow, Incorrect Per...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Parasolid Vulnerabilities: Out-of-bounds Read, NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to leverage the vulnerability to perform remote code execution in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens are affected: Parasolid V35.0: all versions prior to V35.0.263 Parasolid V35.0: all versions prior to V35.0.251 Parasolid V35.1: all versions prior to V35.1.252 Parasolid V35.1: all versions prior to V35.1.170 Parasolid V36.0: all version...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE SC-600 Family Vulnerabilities: Acceptance of Extraneous Untrusted Data With Trusted Data, Use of Weak Hash, Forced Browsing, Uncontrolled Resource Consumption, Unchecked Return Value, Injection, OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges, execute arbitrary code, or spawn a system root shell on the affected system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (CVE-2023-44317, C...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CP 343-1, SIMATIC CP 343-1Lean, SIPLUS NET CP 343-1, SIPLUS NET CP 343-1 Lean Vulnerability: Improper Verification of Source of a Communication Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to create a denial-of-service condition by injecting spoofed TCP RST packets. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: SIMATIC CP 343-1 (6GK7343-1EX30-0XE0): All versions SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0): All versions SIPLUS NET CP...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Tecnomatix Plant Simulation Vulnerabilities: Out-of-bounds Write, Heap-based Buffer Overflow, Stack-based Buffer Overflow, NULL Pointer Dereference, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the application or execute arbitrary code if a user is tricked into opening a malicious file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: Tecnomatix Plant Simulation V2201: Versions prior to V2201.0012 (CVE-2024-23795, CVE-2024-23796, Tecnomatix Plant Simulation V2201: A...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIDIS Prime Vulnerabilities: Use of Insufficiently Random Values, NULL Pointer Dereference, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker with access to the network where SIDIS Prime is installed to reuse OPC UA client credentials, create a denial-of-service condition of the SIDIS Prime OPC UA client, or create a denial-of-service condition of the SIDIS Prime TLS service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: SIDIS Prime: All vers...