VARIoT IoT vulnerabilities database

Siemens SIMATIC is an automation software in a single engineering environment. The challenge-response protocol used by SIEMENS SIMATIC S7 PLC for online verification has security vulnerabilities that allow attackers in border networks to intercept TCP/IP communications and then obtain challenge-response data from files for password brute force hacking. Siemens SIMATIC S7 Programmable Logic Controllers (PLC) systems are prone to a password-disclosure vulnerability. Attackers can exploit this issue to obtain device password credentials. This may aid in further attacks

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests. Schneider Electric Ethernetmokuai has a cross-site request forgery vulnerability that allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions, such as changing passwords, in the context of the target user. The following versions are affected by this vulnerability: Quantum: 140NOE77111 140NOE77101 140NWM10000 M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx Premium: TSXETY4103 TSXETY5103 TSXWMY100. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. The mechanism sent to the PLC via the Modbus command does not require authentication, allowing the attacker to send these messages to perform stop operations, modify I/O data, and so on. Schneider Electric Products are prone to multiple security vulnerabilities. Successfully exploiting these issues allows remote attackers to execute arbitrary code or perform unauthorized actions in the context of the user's session; other attacks are also possible. Note: The denial-of-service vulnerability issue affecting Modicon M340 and the authentication-bypass issue affecting Maagelis XBT HMI were determined not to be vulnerabilities. The following Schneider Electric products are affected: BMX NOE 0110 Modicon M340. Schneider Electric software on customer PCs uses the SESU service as a communication mechanism to the Schneider Electric central update server, which can be used to receive software updates on a regular basis. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Schneider Electric Ethernet Modules Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA52189 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52189/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52189 RELEASE DATE: 2013-02-14 DISCUSS ADVISORY: http://secunia.com/advisories/52189/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52189/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52189 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Schneider Electric Ethernet Modules, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to the modules allowing users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change credentials when a logged-in administrator visits a specially crafted web page. Quantum: 140NOE77111 140NOE77101 140NWM10000 M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx Premium: TSXETY4103 TSXETY5103 TSXWMY100 SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: The vendor credits Arthur Gervais. ORIGINAL ADVISORY: SEVD-2013-023-01: http://download.schneider-electric.com/files?L=en&p=&p_docId=&p_docId=&p_Reference=SEVD%202013-023-01&p_EnDocType=Technical%20paper&p_File_Id=36555639&p_File_Name=SEVD-2013-023-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials. The following versions are affected by this vulnerability: Quantum: 140NOE77111 140NOE77101 140NWM10000 M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx Premium: TSXETY4103 TSXETY5103 TSXWMY100. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Such as modifying the HTTP authentication credentials. Schneider Electric Products are prone to multiple security vulnerabilities. Successfully exploiting these issues allows remote attackers to execute arbitrary code or perform unauthorized actions in the context of the user's session; other attacks are also possible. Note: The denial-of-service vulnerability issue affecting Modicon M340 and the authentication-bypass issue affecting Maagelis XBT HMI were determined not to be vulnerabilities. The following Schneider Electric products are affected: BMX NOE 0110 Modicon M340. Schneider Electric software on customer PCs uses the SESU service as a communication mechanism to the Schneider Electric central update server, which can be used to receive software updates on a regular basis. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Schneider Electric Ethernet Modules Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA52189 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52189/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52189 RELEASE DATE: 2013-02-14 DISCUSS ADVISORY: http://secunia.com/advisories/52189/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52189/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52189 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Schneider Electric Ethernet Modules, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to the modules allowing users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change credentials when a logged-in administrator visits a specially crafted web page. Quantum: 140NOE77111 140NOE77101 140NWM10000 M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx Premium: TSXETY4103 TSXETY5103 TSXWMY100 SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: The vendor credits Arthur Gervais. ORIGINAL ADVISORY: SEVD-2013-023-01: http://download.schneider-electric.com/files?L=en&p=&p_docId=&p_docId=&p_Reference=SEVD%202013-023-01&p_EnDocType=Technical%20paper&p_File_Id=36555639&p_File_Name=SEVD-2013-023-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462. Successful exploits may allow an attacker to cause a crash, resulting in a denial-of-service condition. This issue is being tracked by Cisco bug ID CSCtc59462

Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Firewall allows remote attackers to cause a denial of service (device reload) via a malformed H.225 H.323 IPv4 packet, aka Bug IDs CSCuc42812 and CSCuc88741. The problem is Bug ID CSCuc42812 and CSCuc88741 It is a problem.Malformed by a third party H.225 , H.323 ,and IPv4 Service disruption via packets (( Device reload ) There is a possibility of being put into a state. Successful exploits may allow an attacker to trigger a reload on the device. A sustained denial-of-service condition can also arise due to repeated attacks. This issue is being tracked by Cisco bug ID CSCuc42812. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability SECUNIA ADVISORY ID: SA51897 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51897/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51897 RELEASE DATE: 2013-01-16 DISCUSS ADVISORY: http://secunia.com/advisories/51897/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51897/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51897 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco ASA 1000V Cloud Firewall, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when inspecting H.323 packets and can be exploited to trigger a reload via a specially crafted packet sent through the device. Successful exploitation requires that H.323 inspection is enabled (enabled by default). The vulnerability is reported in versions 8.7.1 and 8.7.1.1. SOLUTION: Update to version 8.7.1.3. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130116-asa1000v OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The Trimble Infrastructure GNSS Series Receivers is a GPS satellite receiver. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Trimble NetRS Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA51859 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51859/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51859 RELEASE DATE: 2013-01-16 DISCUSS ADVISORY: http://secunia.com/advisories/51859/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51859/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51859 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Deloitte has reported a vulnerability in Trimble NetRS, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. The vulnerability is reported in firmware versions prior to 1.3-2. SOLUTION: Update to firmware version 1.3-2. PROVIDED AND/OR DISCOVERED BY: Fara Rustein, Deloitte. ORIGINAL ADVISORY: Trimble: http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf DTTAR-20130001: http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064. Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks

Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCzu81067

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775. The problem is Bug ID CSCuc65775 It is a problem.Service disruption by remotely authenticated user ( Device crash ) There is a possibility of being put into a state. An authenticated attacker can exploit this issue to cause a crash, denying service to legitimate users. Cisco Adaptive Security Appliances (ASA) 8.4 is vulnerable; other versions may also be affected. This issue is being tracked by Cisco Bug ID CSCuc65775. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco Adaptive Security Appliance CIFS UNC Handling Denial of Service Vulnerability SECUNIA ADVISORY ID: SA51955 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51955/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51955 RELEASE DATE: 2013-01-28 DISCUSS ADVISORY: http://secunia.com/advisories/51955/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51955/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51955 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling CIFS UNC input and can be exploited to cause a crash. The vulnerability is reported in version 8.4. SOLUTION: Contact the vendor for patches. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6395 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. A local attacker can exploit this issue to crash the system, resulting in denial-of-service conditions. This issue is being tracked by Cisco bug ID CSCuc81669. The vulnerability is caused by the program not interacting with the kernel properly

Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989. The problem is Bug ID CSCub67989 It is a problem.Unspecified by a third party Conductor A meeting may be created via a request. Successful exploits may allow an attacker to bypass intended security restrictions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCub67989. The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect. A remote attacker could exploit this vulnerability to create a conference through an unidentified Conductor request

The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. Attackers can exploit this vulnerability to bypass certain security restrictions, perform unauthorized actions; which may aid in further attacks

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. plural Rockwell Automation Products, Ethernet There is a vulnerability that allows arbitrary code to be executed due to improper authentication when updating firmware.A third party may be able to execute arbitrary code via a Trojan update image. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications

The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. plural Rockwell Automation The product contains a buffer overflow vulnerability.Malformed by a third party CIP Service disruption via packets (CPU Crashes and communication outages ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit this issue to cause the NIC to crash, denying service to legitimate users

The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. plural Rockwell Automation The product contains a buffer overflow vulnerability.Malformed by a third party CIP Service disruption via packets (NIC Crashes and communication outages ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit this issue to cause the NIC to crash, denying service to legitimate users

Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site. Siemens SIMATIC RF Manager is an RFID reader engineering and configuration tool. The Siemens SIMATIC RF Manager ActiveX control is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Siemens SIMATIC is an automation software with a single engineering environment. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Siemens SIMATIC RF Manager ActiveX Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA51845 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51845/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51845 RELEASE DATE: 2013-01-14 DISCUSS ADVISORY: http://secunia.com/advisories/51845/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51845/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51845 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Siemens SIMATIC RF Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in an unspecified ActiveX control and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in RF-MANAGER 2008 and RF-MANAGER Basic versions 3.0 and prior. SOLUTION: Patch is available by contacting vendor support (see the vendor's advisory for more details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-099741.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. Rockwell Automation MicroLogix is a programmable controller platform. attack. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit these issues to crash the affected application, denying service to legitimate users. When sending specially crafted CIP packets to ports 2222/TCP, Port 2222/UDP, Port 44818/TCP, and Port 44818/UDP, this vulnerability can cause buffer overflow , causing the NIC to deny service

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s configuration and network parameters, a DoS condition can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.   Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. plural Rockwell Automation Product has a service disruption ( Stop control and communication ) There is a vulnerability that becomes a condition.By a third party (1) Setting, or (2) Falsify network parameters CIP Service disruption via message ( Stop control and communication ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit these issues to crash the affected application, denying service to legitimate users

Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter. The TP-LINK TL-WR841N wireless router contains a local file inclusion vulnerability which could allow an attacker to download critical configuration files off the device. TL-WR841N Contains an information disclosure vulnerability. TP-LINK Provided by TL-WR841N The web interface has a problem with parameter analysis processing and an information disclosure vulnerability.A configuration file for the product may be obtained by a third party that has access to the product's web interface. The TP-LINK TL-WR841N Router is a wireless router device. TP-LINK TL-WR841N router is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. This may aid in further attacks. TP-LINK TL-WR841N 3.13.9 Build 120201 Rel.54965n is vulnerable; other versions may also be affected

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. plural Rockwell Automation Product has a service disruption ( Stop control and communication ) There is a vulnerability that becomes a condition.Trigger reset by a third party CIP Service disruption via message ( Stop control and communication ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit these issues to crash the affected application, denying service to legitimate users