Docker Patched the Most Severe Copy Vulnerability to Date With CVE-2019-14271
Executive Summary In the last few years, several vulnerabilities in the copy (cp) command were found in various container platforms, including Docker, Podman and Kubernetes. The most severe among those was only recently discovered and disclosed in July. Surprisingly, it gained almost no immediate attention,…
Injecting .NET Ransomware into Unmanaged Process
.Net is a modern, flexible, powerful and memory safe programming language with dozens of libraries and components, and exactly for this reason is the perfect choice to write any sort of malware threats, including ransomwares. The .Net Framework consists of two major components: The Common…
Flexera FlexNet Publisher
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Flexera Equipment: FlexNet Publisher Vulnerabilities: Improper Input Validation, Memory Corruption 2. RISK EVALUATION These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. The memory…
Philips IntelliBridge EC40/80
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: IntelliBridge EC40 and EC80 Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker unauthorized access to the IntelliBridge EC40/80 hub and may allow access to execute software,…
Siemens Mentor Nucleus Networking Module
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: Mentor Nucleus Networking Module Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to affect the integrity and availability of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED…
Siemens S7-1200 CPU
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: S7-1200 CPU Vulnerability: Exposed Dangerous Method or Function 2. RISK EVALUATION Successful exploitation of this vulnerability could expose additional diagnostic functionality to an attacker with physical access to the UART interface…
Siemens Desigo PX Devices
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Desigo PX Devices Vulnerability: External Control of Assumed-Immutable Web Parameter 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the device’s…
Omron CX-Supervisor
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Omron Equipment: CX-Supervisor Vulnerability: Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure, total compromise of the system, and system unavailability. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…
ABB Power Generation Information Manager (PGIM) and Plant Connect
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: Power Generation Information Manager (PGIM) and Plant Connect Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication…
Siemens PROFINET Devices (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-283-02 Siemens PROFINET Devices that was published October 10, 2019, on the ICS…
Stay connected