#vulnerability

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Ocean Data Systems Equipment: Dream Report 2023 Vulnerabilities: Path Traversal, Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution or escalate their privileges and cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of Ocean Data Systems Dream Report, a report generating and delivery software, are affected: Dream Report 2023: Version 23.0.17795.1010 and prior AVEVA Reports for Operations 2023: Version 23.0.17795.1010 3.2 Vulnerability Overview 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: AADvance Standalone OPC-DA Server Vulnerabilities: Improper Input Validation, Use of Externally Controlled Format String 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code in the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation AADvance Standalone OPC-DA Server are affected: AADvance Standalone OPC-DA Server: Versions v2.01.510 and later 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 An arbitrary code execution vulnerability exists in the affected product. The log4net config file does not disable XML external entities. CVE-2018-1285 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.2 USE OF EXTERNALLY ...

The U.S. Federal Bureau of Investigation (FBI) on Monday announced the disruption of online infrastructure associated with a nascent ransomware group called Dispossessor (aka Radar). The effort saw the dismantling of three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain. Dispossessor is said to be led by

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?** The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.

**How could an attacker exploit this vulnerability?** Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing the attacker to perform remote code execution. * In an email attack scenario, an attacker could send the malicious file to the victim and convince them to open the file. * In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a malicious file designed to exploit the vulnerability. An attacker would have no way to force the victim to visit the website. Instead, an attacker would have to convince the victim to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the malicious file.

**Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?** The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?** An attacker who successfully exploited the vulnerability could view sensitive information (Confidentiality). While the attacker can not make changes to disclosed information (Integrity) and limit access to the resource (Availability).

**How could an attacker exploit this vulnerability?** An authenticated attacker with permissions to execute commands on the Azure CycleCloud instance could send a specially crafted request that returns the storage account credentials and runtime data. The attacker can then use the comprised credentials to access the underlying storage resources and upload malicious scripts which will be executed as Root, enabling remote code execution to be performed on any cluster in the CycleCloud instance.