#perl

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: RTU500 series CMU Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi Energy products are affected: RTU500 series CMU Firmware: Versions 12.0.1 through 12.0.14 RTU500 series CMU Firmware: Versions 12.2.1 through 12.2.11 RTU500 series CMU Firmware: Versions 12.4.1 through 12.4.11 RTU500 series CMU Firmware: Versions 12.6.1 through 12.6.9 RTU500 series CMU Firmware: Versions 12.7.1 through 12.7.6 RTU500 series CMU Firmware: Versions 13.2.1 through 13.2.6 RTU500 series CMU Firmware: Versions 13.4.1 through 13.4.3 RTU500 series CMU Firmware: Version 13.5.1 3.2 Vulnerability Overview 3.2.1 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless. Users who visit the

Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to extract arbitrary application files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: COMOS V10.4.0: All versions COMOS V10.4.1: All versions COMOS V10.4.2: All versions COMOS V10.4.3: Versions prior to V10.4.3.0.47 COMOS V10.4.4: Versions prior to V10.4.4.2 COMOS V10.4.4.1: Versions prior to V10.4.4.1.21 COMOS V10.3: Versions prior to V10.3.3.5.8 3.2 Vulnerabili...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Siemens Engineering Platforms Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following engineering platforms are affected: SIMATIC STEP 7 Safety V17: All versions SIMATIC STEP 7 Safety V18: All versions SIMATIC S7-PLCSIM V17: All versions SIMATIC WinCC V19: All versions SIMATIC WinCC Unified V16: All versions SIMOTION SCOUT TIA V5.4 SP3: All ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Siemens Engineering Platforms Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIMATIC STEP 7 Safety V18: All versions Siemens SIMATIC STEP 7 Safety V19: All versions Siemens SIMATIC S7-PLCSIM V18: All versions Siemens SIMOCODE ES V18: All versions Siemens SIMATIC WinCC Unified V17: All versions Siemens SINAMICS Startdrive V18: All versions Siemens SIMATIC STEP 7 V1...

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

The ABB BMS/BAS controller suffers from an authenticated reflected cross-site scripting vulnerability. Input passed to the GET parameter 'port' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

### Summary When setting `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` to "public", an unauthenticated user is able to do any of the supported operations (CRUD, subscriptions) with full admin privileges. ### Details Accountability for unauthenticated WebSocket requests is set to null, which used to be "public permissions" until the Permissions Policy update which now defaults that to system/admin level access. So instead of null we need to make use of `createDefaultAccountability()` to ensure public permissions are used for unauthenticated users. ### PoC 1. Start directus with ```bash WEBSOCKETS_ENABLED=true WEBSOCKETS_GRAPHQL_AUTH=public WEBSOCKETS_REST_AUTH=public ``` 2. Subscribe using GQL or REST or do any CRUD operation on a user created collection (system tables are not reachable with crud) ```gql subscription { directus_users_mutated { key event data { id email first_name last_name p...

The ABB BMS/BAS controller suffers from an unauthenticated reflected cross-site scripting vulnerability. Input passed to the GET parameter 'redirect' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.