#vulnerability

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: FOX61x, FOXCST, FOXMAN-UN Vulnerability: Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to intercept or falsify data exchanges between the client and the server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: FOX61x: Versions prior to R16B FOXCST: Versions prior to 16.2.1 FOXMAN-UN: R15A and prior FOXMAN-UN: R15B PC4 and prior FOXMAN-UN: R16A FOXMAN-UN: R16B PC2 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER VALIDATION OF CERTIFICATE WITH HOST MISMATCH CWE-297 Hitachi Energy is aware of a vulnerability that affects the FOXCST client application, which if exploited would allow attackers to intercept or falsify data exchanges between the client and the server. CVE-2024-2462 has been assigned to this vulnerability. A CVSS v...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.2 ATTENTION: Exploitable locally Vendor: Siemens Equipment: Siveillance Video Camera Drivers Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to read camera credentials stored in the Recording Server under specific conditions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siveillance Video Device Pack: Versions prior to V13.5 3.2 VULNERABILITY OVERVIEW 3.2.1 INSERTION OF SENSITIVE INFORMATION INTO LOG FILE CWE-532 Disclosure of sensitive information in HikVision camera driver...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix LDAP Vulnerability: LDAP Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to bypass username verification. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Mendix LDAP: All versions prior to 1.1.2 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN LDAP QUERY ('LDAP INJECTION') CWE-90 Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 2.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial Edge Management Vulnerability: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Industrial Edge Management OS (IEM-OS): All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE...

The Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) has become more critical. Just as I wrote that nothing had been heard about this vulnerability for a month since it was first published in Microsoft’s December Patch Tuesday, a public exploit for it appeared on January 15th. 🙂 It was developed by […]

Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new

Technology is changing the global economy, and fintech companies are at the backbone of this transformation. To keep…

Seven system recovery programs contained what amounted to a backdoor for injecting any untrusted file into the system startup process.

US president Joe Biden just issued a 40-page executive order that aims to bolster federal cybersecurity protections, directs government use of AI—and takes a swipe at Microsoft’s dominance.

Cybercriminals are exploiting the California wildfires by launching phishing scams. Learn how hackers are targeting victims with fake domains and deceptive tactics, and how to protect yourself from these cyber threats.