VARIoT IoT vulnerabilities database

A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol. BMX-NOR-0200H Firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Schneider Electric BMX-NOR-0200H is a remote terminal unit (RTU) module from Schneider Electric, France. This vulnerability stems from a lack of effective trust management mechanisms in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates. Wait for the affected component to attack

Wuxi Xinjie Electric Co., Ltd. is a well-known domestic company specializing in the development and application of industrial automation products. Xinjie OP20 screen setting tool dp2 project file has a memory corruption vulnerability. An attacker can use this vulnerability to execute malicious code on the user's system

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state

A CWE-255 Credentials Management vulnerability exists in Modicon Quantum with firmware versions prior to V2.40. which could cause a Denial Of Service when using a Telnet connection. Modicon Quantum Vulnerabilities related to certificate and password management exist in the firmware.Service operation interruption (DoS) There is a possibility of being put into a state

Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The attack requires network connectivity to the device and exploits the webserver interface, typically through a browser. Kalki Kalkitech SYNC3000 Substation DCU Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kalkitech SYNC3000 Substation DCU GPC is a substation data concentrator and communication device. A security vulnerability exists in the Kalkitech SYNC3000 Substation DCU GPC. An attacker could exploit this vulnerability to execute injected client commands or scripts. The following products and versions are affected: Kalkitech SYNC3000 Substation DCU GPC Version 2.22.6, Version 2.23.0, Version 2.24.0, Version 3.0.0, Version 3.1.0, Version 3.1.16, Version 3.2.3, Version 3.2.6 Version, version 3.5.0, version 3.6.0, version 3.6.1

A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause remote launch of SoMachine Basic when sending crafted ethernet message. SoMachine Basic and Modicon M221 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 are both products of Schneider Electric. Schneider Electric SoMachine Basic is a software for logic controller programming. Schneider Electric Modicon M221 is a programmable logic controller. The vulnerability stems from network systems or products that did not properly validate the input data

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller. plural Modicon The product contains a vulnerability related to authentication bypass through spoofing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Multiple Schneider Electric products have vulnerabilities in permissions and access control issues. An attacker could exploit this vulnerability through brute force to elevate privileges. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)

An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated. SoMachine Basic and Modicon M221 Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 are products of French Schneider Electric (Schneider Electric). Schneider Electric SoMachine Basic is a suite of software for programming logic controllers. Schneider Electric Modicon M221 is a programmable logic controller. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2. plural Schneider Electric The product is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M100 and others are products of Schneider Electric, France. The Schneider Electric Modicon M100 is a programmable logic controller. The Schneider Electric Modicon LMC078 is a motion controller. The Schneider Electric ATV IMC drive controller is a drive controller. An access control error vulnerability exists in several Schneider Electric products. The following products and versions are affected: Schneider Electric Modicon M100 (all versions); Modicon M200 (all versions); Modicon M221 (all versions); ATV IMC drive controller (all versions); Modicon M241 (all versions); Modicon M258 (all versions); Modicon LMC058 (all versions); Modicon LMC078 (all versions); PacDrive Eco (all versions); PacDrive Pro (all versions); PacDrive Pro2 (all versions)

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus. plural Modicon The product contains an exceptional state check vulnerability.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. A security vulnerability exists in several Schneider Electric products. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus. plural Modicon The product contains an exceptional state handling vulnerability.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Security vulnerabilities exist in several Schneider Electric products. An attacker could exploit the vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)

An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files. Schneider Electric Modbus Serial Driver Contains a resource exhaustion vulnerability.Information may be tampered with. An attacker could exploit this vulnerability to perform write operations to system files or other important user files

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. libcurl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Haxx libcurl is an open source client URL transfer library from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.65.0-i586-1_slack14.2.txz: Upgraded. This release fixes the following security issues: Integer overflows in curl_url_set tftp: use the current blksize for recvfrom() For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.65.0-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.65.0-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.65.0-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.65.0-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.65.0-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.65.0-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.65.0-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.65.0-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 6e09fa0f3bf3899629f78338886b8166 curl-7.65.0-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 55613986ed81a77a573976161b5b76fa curl-7.65.0-x86_64-1_slack14.0.txz Slackware 14.1 package: 4317a7f249ca9dc8fdd9c4470335c140 curl-7.65.0-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 1a0cfbced24644f121dcd3140c378d85 curl-7.65.0-x86_64-1_slack14.1.txz Slackware 14.2 package: 0112a5878893a036364b3792bb62de6c curl-7.65.0-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 794f036ca4ae31aaad11bdb3e4f1b7d9 curl-7.65.0-x86_64-1_slack14.2.txz Slackware -current package: 82112f6caf0dc1d94340b4cf6a3eb001 n/curl-7.65.0-i586-1.txz Slackware x86_64 -current package: df9c4d1a59fe2f191fd20035c0fcff29 n/curl-7.65.0-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg curl-7.65.0-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: cURL: Multiple vulnerabilities Date: March 15, 2020 Bugs: #686050, #694020 ID: 202003-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in cURL, the worst of which may lead to arbitrary code execution. Background ========== A command line tool and library for transferring data with URLs. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.66.0 >= 7.66.0 Description =========== Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All cURL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.66.0" References ========== [ 1 ] CVE-2019-5435 https://nvd.nist.gov/vuln/detail/CVE-2019-5435 [ 2 ] CVE-2019-5436 https://nvd.nist.gov/vuln/detail/CVE-2019-5436 [ 3 ] CVE-2019-5481 https://nvd.nist.gov/vuln/detail/CVE-2019-5481 [ 4 ] CVE-2019-5482 https://nvd.nist.gov/vuln/detail/CVE-2019-5482 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-29 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3993-1 May 22, 2019 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in curl. This issue only affected Ubuntu 19.04. (CVE-2019-5435) It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. (CVE-2019-5436) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: curl 7.64.0-2ubuntu1.1 libcurl3-gnutls 7.64.0-2ubuntu1.1 libcurl3-nss 7.64.0-2ubuntu1.1 libcurl4 7.64.0-2ubuntu1.1 Ubuntu 18.10: curl 7.61.0-1ubuntu2.4 libcurl3-gnutls 7.61.0-1ubuntu2.4 libcurl3-nss 7.61.0-1ubuntu2.4 libcurl4 7.61.0-1ubuntu2.4 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.7 libcurl3-gnutls 7.58.0-2ubuntu3.7 libcurl3-nss 7.58.0-2ubuntu3.7 libcurl4 7.58.0-2ubuntu3.7 Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.13 libcurl3 7.47.0-1ubuntu2.13 libcurl3-gnutls 7.47.0-1ubuntu2.13 libcurl3-nss 7.47.0-1ubuntu2.13 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: curl security update Advisory ID: RHSA-2020:2505-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2505 Issue date: 2020-06-10 CVE Names: CVE-2019-5436 ==================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7): Source: curl-7.29.0-54.el7_7.3.src.rpm x86_64: curl-7.29.0-54.el7_7.3.x86_64.rpm curl-debuginfo-7.29.0-54.el7_7.3.i686.rpm curl-debuginfo-7.29.0-54.el7_7.3.x86_64.rpm libcurl-7.29.0-54.el7_7.3.i686.rpm libcurl-7.29.0-54.el7_7.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7): x86_64: curl-debuginfo-7.29.0-54.el7_7.3.i686.rpm curl-debuginfo-7.29.0-54.el7_7.3.x86_64.rpm libcurl-devel-7.29.0-54.el7_7.3.i686.rpm libcurl-devel-7.29.0-54.el7_7.3.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.7): Source: curl-7.29.0-54.el7_7.3.src.rpm ppc64: curl-7.29.0-54.el7_7.3.ppc64.rpm curl-debuginfo-7.29.0-54.el7_7.3.ppc.rpm curl-debuginfo-7.29.0-54.el7_7.3.ppc64.rpm libcurl-7.29.0-54.el7_7.3.ppc.rpm libcurl-7.29.0-54.el7_7.3.ppc64.rpm libcurl-devel-7.29.0-54.el7_7.3.ppc.rpm libcurl-devel-7.29.0-54.el7_7.3.ppc64.rpm ppc64le: curl-7.29.0-54.el7_7.3.ppc64le.rpm curl-debuginfo-7.29.0-54.el7_7.3.ppc64le.rpm libcurl-7.29.0-54.el7_7.3.ppc64le.rpm libcurl-devel-7.29.0-54.el7_7.3.ppc64le.rpm s390x: curl-7.29.0-54.el7_7.3.s390x.rpm curl-debuginfo-7.29.0-54.el7_7.3.s390.rpm curl-debuginfo-7.29.0-54.el7_7.3.s390x.rpm libcurl-7.29.0-54.el7_7.3.s390.rpm libcurl-7.29.0-54.el7_7.3.s390x.rpm libcurl-devel-7.29.0-54.el7_7.3.s390.rpm libcurl-devel-7.29.0-54.el7_7.3.s390x.rpm x86_64: curl-7.29.0-54.el7_7.3.x86_64.rpm curl-debuginfo-7.29.0-54.el7_7.3.i686.rpm curl-debuginfo-7.29.0-54.el7_7.3.x86_64.rpm libcurl-7.29.0-54.el7_7.3.i686.rpm libcurl-7.29.0-54.el7_7.3.x86_64.rpm libcurl-devel-7.29.0-54.el7_7.3.i686.rpm libcurl-devel-7.29.0-54.el7_7.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-5436 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXuETNtzjgjWX9erEAQgikBAAhYGp5wxFiu7hF3qvyO4xQFdMToHSFrmM Gsgmu1cw0hxq9Yk29MJ3t978tO1v9KGRy6q3pFCCnBlBTD81Jssa9cTYyuzJsf4u /aLgUkHOTlXV+pD/eziBWxtrKHGD2LbE+vUFlBoRgW6UZNrNvNkp+p9l18FSMi2j moXBVpwvoY4Vymdq0zfqzBNPOuBySzyAZ1qc3WNP+lb5xg6N7BIJAaeE+9bGgsfq IYDNZTY+uYR6tnfi/ESXAyF1wNmzVRNu/y+tOHrQwlE4vQFXOJLYosTCuyaDzJ8H pVnpP5Ru7XZGGclR5k3ri0LUtd3k37xnZ02FySMrkaiKQEGy2+u7XXkkfHc/ok76 p0uKGiN/+b6Sb1DIk14sgwEopYz8DYOFnh5TYfAgGdDOtfqrV3tXjGYRcCwNS302 BiQa39fW+tqB2QVVdjkTg28yNov/j70Kmn6GNmMX7aF/6VLJhudE2uby4qlAkzB3 OKPZ97bU2HwdcmjXKn05aqri91EbmEyQvT05aXF7+hR5MKpC0kvBrbZjvqAz0E5I WuIZsfan9Eh/Q9QVeE9N/4w8KGO4IxmRFMFYP6Hl7Le4kITsqDL6YDDjIUgCK1RW Q6jFa6sH6Az9r2bfxsm6LIY/d33HT2cvPxMNmz9MbukCmUt1EeWVZ1LkRteC2qy7 LbXQ0NlBXVw=PR1z -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169) * grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624) * js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358) * npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769) * kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013) * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598) * npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662) * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * grafana: stored XSS (CVE-2020-11110) * grafana: XSS annotation popup vulnerability (CVE-2020-12052) * grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245) * nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * openshift/console: text injection on error page via crafted url (CVE-2020-10715) * kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743) * openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets 1861044 - CVE-2020-11110 grafana: stored XSS 1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4] 5. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Additional Changes: This update also fixes several bugs and adds various enhancements. This advisory contains the following OpenShift Virtualization 2.4.0 images: RHEL-7-CNV-2.4 ============== kubevirt-ssp-operator-container-v2.4.0-71 RHEL-8-CNV-2.4 ============== virt-cdi-controller-container-v2.4.0-29 virt-cdi-uploadproxy-container-v2.4.0-29 hostpath-provisioner-container-v2.4.0-25 virt-cdi-operator-container-v2.4.0-29 kubevirt-metrics-collector-container-v2.4.0-18 cnv-containernetworking-plugins-container-v2.4.0-36 kubevirt-kvm-info-nfd-plugin-container-v2.4.0-18 hostpath-provisioner-operator-container-v2.4.0-31 virt-cdi-uploadserver-container-v2.4.0-29 virt-cdi-apiserver-container-v2.4.0-29 virt-controller-container-v2.4.0-58 virt-cdi-cloner-container-v2.4.0-29 kubevirt-template-validator-container-v2.4.0-21 vm-import-operator-container-v2.4.0-21 kubernetes-nmstate-handler-container-v2.4.0-37 node-maintenance-operator-container-v2.4.0-27 virt-operator-container-v2.4.0-58 kubevirt-v2v-conversion-container-v2.4.0-23 cnv-must-gather-container-v2.4.0-73 virtio-win-container-v2.4.0-15 kubevirt-cpu-node-labeller-container-v2.4.0-19 ovs-cni-plugin-container-v2.4.0-37 kubevirt-vmware-container-v2.4.0-21 hyperconverged-cluster-operator-container-v2.4.0-70 virt-handler-container-v2.4.0-58 virt-cdi-importer-container-v2.4.0-29 virt-launcher-container-v2.4.0-58 kubevirt-cpu-model-nfd-plugin-container-v2.4.0-17 virt-api-container-v2.4.0-58 ovs-cni-marker-container-v2.4.0-38 kubemacpool-container-v2.4.0-39 cluster-network-addons-operator-container-v2.4.0-38 bridge-marker-container-v2.4.0-39 vm-import-controller-container-v2.4.0-21 hco-bundle-registry-container-v2.3.0-497 3. Bugs fixed (https://bugzilla.redhat.com/): 1684772 - virt-launcher images do not have the edk2-ovmf package installed 1716329 - missing Status, Version and Label for a number of CNV components, and Status term inconsistency 1724978 - [RFE][v2v] Improve the way we display progress percent in UI 1725672 - CDI: getting error with "unknown reason" when trying to create UploadTokenRequest for a none existing pvc 1727117 - [RFE] Reduce installed libvirt components 1780473 - Delete VM is hanging if the corresponding template does not exist anymore 1787213 - KubeMacpool may not work from time to time since it is skipped when we face certificate issue. 1789564 - Failed to allocate a SRIOV VF to VMI 1795889 - internal IP shown on VMI spec instead of public one on VMI with guest-agent 1796342 - VM Failing to start since hard disk not ready 1802554 - [SSP] cpu-feature-lahf_lm and Conroe are enabled on one worker (test issue) 1805044 - No mem/filesystem/Network Utilization in VM overview 1806288 - [CDI] fails to import images that comes from url that reject HEAD requests 1806436 - [SSP] Windows common templates - Windows10 should be removed from windows-server* templates, windows-server* should not have desktop version 1811111 - All the VM templates are visible in the developer catalog but not really/easily instantiable 1811417 - Failed to install cnv-2.4 on top of ocp 4.4 (hco operator in crashLoopBackOff state) 1816518 - [SSP] Common templates - template name under objects -> metadata -> labels should be identical to the template actual name 1817080 - node maintenance CRD is marked with NonStructuralSchema condition 1819252 - kubevirt-ssp-operator cannot create ServiceMonitor object 1820651 - CDI import fails using block volume (available size -1) 1821209 - Debug log message looks unprofessional 1822079 - nmstate-handler fails to start and keeps restarting 1822315 - status.desiredState: doesn't pick the correct value and is null 1823342 - Invalid qcow2 image causes HTTP range error and difficult to read stack trace 1823699 - [CNV-2.4] Failing to deploy NetworkAddons 1823701 - [CNV-2.4] when a single component is failing, HCO can continue reporting outdated negative conditions also on other components 1825801 - [CNV-2.4] Failing to deploy due issues in CRD of cluster network operator 1826044 - [CNV-2.4] Failing to deploy due issues in CRD of cluster host-path-provisioner operator 1827257 - VMs' connectivity is available even the two VMs are in different vlan 1828401 - misconfigured prow job e2e-aws-4.5-cnv resulting in step e2e-aws failed: step needs a lease but no lease client provided 1829376 - VMs with blank block volumes fail to spin up 1830780 - virt-v2v-wrapper - 0% VM migration progress in UI 1831536 - kubevirt-{handler,apiserver,controller} service accounts added to the privileged SCC 1832179 - [virt] VM with runStrategy attribute (instead of 'running' attribute) does not have 'RUNNING' state in cli 1832283 - [SSP operator] Common templates and template_validator are missing after clean installation 1832291 - SSP installation is successful even with some components missing 1832769 - [kubevirt version] is not reported correctly 1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters 1833376 - Hardcoded VMware-vix-disklib version 6 - import fail with version 7 1833786 - kubevirt hyperconverged-cluster-operator deploy_marketplace.sh fails in disconnected cluster 1834253 - VMs are stuck in Starting state 1835242 - Can't query SSP CRs after upgrade from 2.3 to 2.4 1835426 - [RFE] Provide a clear error message when VM and VMI name does not match 1836792 - [CNV deployment] kubevirt components are missing 1837182 - VMI virt-launcher reaches Error state after running for 10-24 hours 1837670 - Specifying "Ubuntu 18.04 LTS" force the Conroe CPU model 1838066 - [CNV deployment] kubevirt failing to create cpu-plugin-configmap obsoleteCPUs 1838424 - [Installation] CNV 2.4.0 virt-handler and kubevirt-node-labeller pods are not showing up 1839982 - [CNV][DOC] Lack of explanation for StorageClass default accessMode in openshift-cnv kubevirt-storage-class-defaults 1840047 - [CNV-2.4] virt-handler failing on /usr/bin/container-disk: no such file or directory 1840220 - [CNV-2.4] node-maintenance-operator failing to create deployment - invalid format of manifest 1840652 - Upgrade indication is missing 1841065 - [v2v] RHV to CNV: VM import fail on network mapping validation 1841325 - [CNV][V2V] VM migration fails if VMWare host isn't under Cluster but directly under Datacenter 1841505 - [CNV-2.4] virt-template-validator container fails to start 1842869 - vmi cannot be scheduled, because node labeller doesn't report correct labels 1842958 - [SSP] Fail to create Windows VMs from templates - windows-cd-bus validation added but cdrom is missing from the template 1843219 - node-labeller SCC is privileged, which appears too relaxed 1843456 - virt-launcher goes from running to error state due to panic: timed out waiting for domain to be defined 1843467 - [CNV network KMP] kubemacpool causes worker node to be Ready,SchedulingDisabled 1843519 - HCO CR is not listed when running "kubectl get all" from command line 1843948 - [Network operator] Upgrade from 2.3 to 2.4 - Network operator fails to upgrade ovs-cni pods, upgrade is not completed 1844057 - [CNV-2.4] cluster-network-addons-operator failing to start 1844105 - [SSP operator] Upgrade from 2.3.0 to 2.4.0- SSP operator fails to upgrade node labeller and template validator 1844907 - kubemacpool deployment status errors regarding replicas 1845060 - Node-labeller is in pending state when node doesn't have kvm device 1845061 - Version displayed in Container Native Virtualization OperatorHub side panel 1845477 - [SSP] Template validator fails to "Extract the CA bundle"; template validator is not called when a VM is created 1845557 - [CNV-2.4] template validator webhook fails with certification issues 1845604 - [v2v] RHV to CNV VM import: Prevent a second vm-import from starting. 1845899 - [CNV-2.5] cluster-network-addons-operator failing to start 1845901 - Filesystem corruption related to smart clone 1847070 - vmi cannot be scheduled , qemu-kvm core dump 1847594 - pods in openshift-cnv namespace no longer have openshift.io/scc under metadata.annotations 1848004 - [CNV-2.5] Deployment fails on NetworkAddonsConfigNotAvailable 1848007 - [CNV-2.4] Deployment fails on NetworkAddonsConfigNotAvailable 1848951 - CVE-2020-14316 kubevirt: VMIs can be used to access host files 1849527 - [v2v] [api] VM import RHV to CNV importer should stop send requests to RHV if they are rejected because of wrong user/pass 1849915 - [v2v] VM import RHV to CNV: The timezone data is not available in the vm-import-controller image. 1850425 - [v2v][VM import RHV to CNV] Add validation for network target type in network mapping 1850467 - [v2v] [api] VM import RHV to CNV invalid target network type should not crash the controller 1850482 - [v2v][VM import from RHV to CNV] 2 nics are mapped to a new network though second was mapped to pod. 1850937 - kubemacpool fails in a specific order of components startup 1851856 - Deployment not progressing due to PriorityClass missing 1851886 - [CNV][V2V] VMWare pod is failing when running wizard to migrate from RHV 1852446 - [v2v][RHV to CNV VM import] Windows10 VM import fail on: timezone is not UTC-compatible 1853028 - CNV must-gather failure on CNV-QE BM-RHCOS environment 1853133 - [CNV-2.4] Deployment fails on KubeVirtMetricsAggregationNotAvailable 1853373 - virtctl image-upload fails to upload an image if the dv name includes a "." 1854419 - [Re-brand] Align CSV 1854744 - To stabilize some tests I need to backport PRs which change production code 1855256 - [v2v][RHV to CNV VM import] Empty directories created for vm-import-operator/controller logs in cnv-must-gather 1856438 - [CNAO] Upgrade is not completed (wrong operatorVersion), CR is not updated. 1856447 - CNV upgrade - HCO fails to identify wrong observedVersion in CR, HCO is reported as READY 1856979 - Domain notify errors break VMI migrations and graceful shutdown 5

In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials. Vijeo Citect and CitectSCADA There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SchneiderElectricAVEVAVijeoCitect and SchneiderElectricAVEVACitectSCADA are a set of data acquisition and monitoring systems (SCADA) software from Schneider Electric. A security vulnerability exists in SchneiderElectricAVEVAVijeoCitect and SchneiderElectricAVEVACitectSCADA that caused the program to fail to adequately protect the credentials. AVEVA Vijeo Citect and CitectSCADA are prone to an information-disclosure vulnerability. Attackers can exploit this issue to to obtain the sensitive information. The following products of AVEVA are vulnerable: Vijeo Citect 7.30 and 7.40 CitectSCADA 7.30 and 7.40. The following products and versions are affected: Schneider Electric AVEVA Vijeo Citect Version 7.30, Version 7.40; Schneider Electric AVEVA CitectSCADA Version 7.30, Version 7.40

In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. Provided by Mitsubishi Electric Corporation MELSEC-Q Series Ethernet Interface unit FTP Functions include service disruption (DoS) (CWE-400) Vulnerabilities exist. The Mitsubishi Electric MELSEC-QseriesEthernetmoduleQJ71E71-100 is an Ethernet module from Japan's Mitsubishi Electric. A remote denial of service vulnerability exists in MitsubishiElectricMELSEC-QSeriesPLCs that could allow an attacker to cause a denial of service. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The following MELSEC-Q series PLCs are affected: QJ71E71-100 serial number 20121 and prior. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet. TP-Link TL-WR840N The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The TP-LinkTL-WR840N is a wireless router from China Unicom (TP-Link). The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code

XG5000 is a software for programming and debugging of XGT / XGB series PLC. XG5000 has a dll hijacking vulnerability that can be used by an attacker to execute malicious code

Century Star configuration software is a blocking software launched by Beijing Century Changqiu Technology Co., Ltd. It is a real-time human-machine interface utility generator, composed of CSMaker development system and CSViewer operating system. The Century Star mo *** server has a heap overflow vulnerability. An attacker can remotely execute malicious code on the user system through an open protocol port, and finally gain control of the user system. CSMaker Development system and CSViewer Composition of the operating system

InotouchEditor is an HMI programming software produced by Shenzhen Huichuan Technology Co., Ltd. InotouchEditor has a memory corruption vulnerability when processing afs project files. Attackers can use this vulnerability to gain control of the user system or crash the program

Century Star configuration software is a blocking software launched by Beijing Century Changqiu Technology Co., Ltd. It is a real-time human-machine interface utility generator, composed of CSMaker development system and CSViewer operating system. There is a stack overflow vulnerability in the Fl *** method of the CenturyStar WebViewer.ocx control. An attacker can trick users who have installed this control to visit a malicious webpage, trigger a vulnerability, execute malicious code remotely on the user system, and finally gain control of the user system. CSMaker Development system and CSViewer Composition of the operating system