Tag
#git
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC PCS neo and TIA Administrator Vulnerability: Insufficient Session Expiration 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIMOCODE ES V19: Versions prior to V19 Update 1 TIA Administrator: Versions 3.0.4 and prior SIMATIC PCS neo V4.1: Versions prior to V4.1 Update 2 SIMATIC P...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerability: URL Redirection to Untrusted Site ('Open Redirect') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to redirect the legitimate user to an attacker-controlled URL to steal valid session data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Teamcenter: All versions prior to V14.3.0.0 3.2 VULNERABILITY OVERVIEW 3.2.1 URL REDIRECTION TO UNTRUSTED SITE ('OPEN REDIRECT') CWE-601 The SSO login service of affected applications accepts us...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W700 Vulnerabilities: Double Free, Improper Restriction of Communication Channel to Intended Endpoints, Improper Resource Shutdown or Release, Inadequate Encryption Strength, Race Condition, Integer Overflow or Wraparound, Out-of-bounds Write, NULL Pointer Dereference, Externally Controlled Reference to a Resource in Another Sphere, Use After Free, Type Confusion, Improper Certificate Validation, Missing Release of Memory after Effective Lifetime, Uncontrolled Resource Consumption, Out-of-bounds Read, Inefficient Regular Expression Complexity, In...
Romance scams cost victims hundreds of millions of dollars a year. As people grow increasingly isolated, and generative AI helps scammers scale their crimes, the problem could get worse.
### Impact Chains using affected versions of Packet Forward Middleware in their IBC Transfer stack are vulnerable to an attack in which there is a potential denial of service. This affects IBC transfers for any asset which is being transferred between another chain and its native chain. We recommend upgrading as soon as possible. __THIS IS A STATE BREAKING CHANGE__ ### Patches Versions [7.2.1](https://github.com/cosmos/ibc-apps/releases/tag/middleware%2Fpacket-forward-middleware%2Fv7.2.1) and [8.1.1](https://github.com/cosmos/ibc-apps/releases/tag/middleware%2Fpacket-forward-middleware%2Fv8.1.1) are patched. ### Workarounds N/A ### References N/A
The open technology, which tackles disinformation, has gained steam in the past year, surpassing 500 corporate members and continuing to evolve.
Sponsored by accessiBe
### Summary Private key can be extracted from ECDSA signature upon signing a malformed input (e.g. a string or a number), which could e.g. come from JSON network input Note that `elliptic` by design accepts hex strings as one of the possible input types ### Details In this code: https://github.com/indutny/elliptic/blob/3e46a48fdd2ef2f89593e5e058d85530578c9761/lib/elliptic/ec/index.js#L100-L107 `msg` is a BN instance after conversion, but `nonce` is an array, and different BN instances could generate equivalent arrays after conversion. Meaning that a same `nonce` could be generated for different messages used in signing process, leading to `k` reuse, leading to private key extraction from a pair of signatures Such a message can be constructed for any already known message/signature pair, meaning that the attack needs only a single malicious message being signed for a full key extraction While signing unverified attacker-controlled messages would be problematic itself (and exploi...
### Summary This report finds 2 availability issues due to the regex used in the `parse-duration` npm package: 1. An event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to ~50ms per one operation, with a varying size from 0.01 MB and up to 4.3 MB respectively. 2. An out of memory that would crash a running Node.js application due to a string size of roughly 10 MB that utilizes unicode characters. ### PoC Refer to the following proof of concept code that provides a test case and makes use of the regular expression in the library as its test case to match against strings: ```js // Vulnerable regex to use from the library: import parse from './index.js' function generateStressTestString(length, decimalProbability) { let result = ""; for (let i = 0; i < length; i++) { if (Math.random() < decimalProbability) { result += "....".repeat(99); } result += Math.floor(Math.random() * 10); } return result; } function ...
US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang.