VARIoT IoT vulnerabilities database
| VAR-201206-0355 | CVE-2012-2038 | Flash Player issue in implementations of the Same Origin Policy |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Flash Player contains an issue in implementations of the Same Origin Policy. SoundMixer.computeSpectrum() method, included in Flash Player, contains an issue in implementations of the Same Origin Policy. Mitsuaki Shiraishi of Symantec Japan, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker may obtain sound spectrum data that user playing in violation of the same-origin policy. Adobe Flash Player is prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application or disclose sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Attackers can exploit this vulnerability to obtain sensitive information by bypassing expected access restrictions with unknown vectors.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.236"
References
==========
[ 1 ] CVE-2012-0779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779
[ 2 ] CVE-2012-2034
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2034
[ 3 ] CVE-2012-2035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2035
[ 4 ] CVE-2012-2036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2036
[ 5 ] CVE-2012-2037
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2037
[ 6 ] CVE-2012-2038
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2038
[ 7 ] CVE-2012-2039
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2039
[ 8 ] CVE-2012-2040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2040
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-21.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0722-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0722.html
Issue date: 2012-06-12
CVE Names: CVE-2012-2034 CVE-2012-2035 CVE-2012-2036
CVE-2012-2037 CVE-2012-2038 CVE-2012-2039
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
Several security flaws were found in the way flash-plugin displayed certain
SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-2034,
CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2039)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially-crafted web
page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
830310 - CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2039 flash-plugin: multiple code execution flaws (APSB12-14)
830311 - CVE-2012-2038 flash-plugin: information disclosure flaw (APSB12-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-2034.html
https://www.redhat.com/security/data/cve/CVE-2012-2035.html
https://www.redhat.com/security/data/cve/CVE-2012-2036.html
https://www.redhat.com/security/data/cve/CVE-2012-2037.html
https://www.redhat.com/security/data/cve/CVE-2012-2038.html
https://www.redhat.com/security/data/cve/CVE-2012-2039.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFP10/1XlSAg2UNWIIRAt0QAJ9cWmHh2pD6CwG2vlYYSFnpHJY2rgCghiNF
ixtzEGNgHcJfH27QkDYqNLk=
=picc
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201206-0357 | CVE-2012-2040 | Adobe Flash Player and Adobe AIR Vulnerability that can be obtained by the right installer |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory. Adobe Flash Player is prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application or disclose sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to open a specially crafted SWF
file, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.236"
References
==========
[ 1 ] CVE-2012-0779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779
[ 2 ] CVE-2012-2034
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2034
[ 3 ] CVE-2012-2035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2035
[ 4 ] CVE-2012-2036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2036
[ 5 ] CVE-2012-2037
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2037
[ 6 ] CVE-2012-2038
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2038
[ 7 ] CVE-2012-2039
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2039
[ 8 ] CVE-2012-2040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2040
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-21.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201206-0356 | CVE-2012-2039 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. Adobe Flash Player is prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application or disclose sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.236"
References
==========
[ 1 ] CVE-2012-0779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779
[ 2 ] CVE-2012-2034
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2034
[ 3 ] CVE-2012-2035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2035
[ 4 ] CVE-2012-2036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2036
[ 5 ] CVE-2012-2037
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2037
[ 6 ] CVE-2012-2038
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2038
[ 7 ] CVE-2012-2039
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2039
[ 8 ] CVE-2012-2040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2040
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-21.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0722-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0722.html
Issue date: 2012-06-12
CVE Names: CVE-2012-2034 CVE-2012-2035 CVE-2012-2036
CVE-2012-2037 CVE-2012-2038 CVE-2012-2039
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
Several security flaws were found in the way flash-plugin displayed certain
SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-2034,
CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2039)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially-crafted web
page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
830310 - CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2039 flash-plugin: multiple code execution flaws (APSB12-14)
830311 - CVE-2012-2038 flash-plugin: information disclosure flaw (APSB12-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-2034.html
https://www.redhat.com/security/data/cve/CVE-2012-2035.html
https://www.redhat.com/security/data/cve/CVE-2012-2036.html
https://www.redhat.com/security/data/cve/CVE-2012-2037.html
https://www.redhat.com/security/data/cve/CVE-2012-2038.html
https://www.redhat.com/security/data/cve/CVE-2012-2039.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFP10/1XlSAg2UNWIIRAt0QAJ9cWmHh2pD6CwG2vlYYSFnpHJY2rgCghiNF
ixtzEGNgHcJfH27QkDYqNLk=
=picc
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201206-0352 | CVE-2012-2035 | Adobe Flash Player and Adobe AIR Vulnerable to stack-based buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player is prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application or disclose sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.236"
References
==========
[ 1 ] CVE-2012-0779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779
[ 2 ] CVE-2012-2034
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2034
[ 3 ] CVE-2012-2035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2035
[ 4 ] CVE-2012-2036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2036
[ 5 ] CVE-2012-2037
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2037
[ 6 ] CVE-2012-2038
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2038
[ 7 ] CVE-2012-2039
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2039
[ 8 ] CVE-2012-2040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2040
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-21.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0722-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0722.html
Issue date: 2012-06-12
CVE Names: CVE-2012-2034 CVE-2012-2035 CVE-2012-2036
CVE-2012-2037 CVE-2012-2038 CVE-2012-2039
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
Several security flaws were found in the way flash-plugin displayed certain
SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-2034,
CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2039)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially-crafted web
page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
830310 - CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2039 flash-plugin: multiple code execution flaws (APSB12-14)
830311 - CVE-2012-2038 flash-plugin: information disclosure flaw (APSB12-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-2034.html
https://www.redhat.com/security/data/cve/CVE-2012-2035.html
https://www.redhat.com/security/data/cve/CVE-2012-2036.html
https://www.redhat.com/security/data/cve/CVE-2012-2037.html
https://www.redhat.com/security/data/cve/CVE-2012-2038.html
https://www.redhat.com/security/data/cve/CVE-2012-2039.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFP10/1XlSAg2UNWIIRAt0QAJ9cWmHh2pD6CwG2vlYYSFnpHJY2rgCghiNF
ixtzEGNgHcJfH27QkDYqNLk=
=picc
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201206-0362 | CVE-2012-2034 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 7.5 Severity: HIGH |
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037. This vulnerability CVE-2012-2037 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.236"
References
==========
[ 1 ] CVE-2012-0779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779
[ 2 ] CVE-2012-2034
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2034
[ 3 ] CVE-2012-2035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2035
[ 4 ] CVE-2012-2036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2036
[ 5 ] CVE-2012-2037
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2037
[ 6 ] CVE-2012-2038
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2038
[ 7 ] CVE-2012-2039
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2039
[ 8 ] CVE-2012-2040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2040
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-21.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0722-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0722.html
Issue date: 2012-06-12
CVE Names: CVE-2012-2034 CVE-2012-2035 CVE-2012-2036
CVE-2012-2037 CVE-2012-2038 CVE-2012-2039
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
Several security flaws were found in the way flash-plugin displayed certain
SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-2034,
CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2039)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially-crafted web
page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
830310 - CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2039 flash-plugin: multiple code execution flaws (APSB12-14)
830311 - CVE-2012-2038 flash-plugin: information disclosure flaw (APSB12-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-2034.html
https://www.redhat.com/security/data/cve/CVE-2012-2035.html
https://www.redhat.com/security/data/cve/CVE-2012-2036.html
https://www.redhat.com/security/data/cve/CVE-2012-2037.html
https://www.redhat.com/security/data/cve/CVE-2012-2038.html
https://www.redhat.com/security/data/cve/CVE-2012-2039.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFP10/1XlSAg2UNWIIRAt0QAJ9cWmHh2pD6CwG2vlYYSFnpHJY2rgCghiNF
ixtzEGNgHcJfH27QkDYqNLk=
=picc
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201208-0291 | CVE-2012-4355 |
Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354. Sielco Sistemi Winlog Pro SCADA and Winlog Lite SCADA of TCPIPS_Story.dll Contains a vulnerability that allows arbitrary code execution. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Winlog Pro is prone to the following security vulnerabilities:
1. Multiple code-execution vulnerabilities.
2. A stack-based buffer-overflow vulnerability.
3. A directory-traversal vulnerability.
Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0290 | CVE-2012-4354 |
Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Vulnerabilities in TCPIPS_Story.dll in versions of Sielco Sistemi Winlog Pro prior to SCADA 2.07.17 and versions prior to Winlog Lite SCADA 2.07.17. Winlog Pro is prone to the following security vulnerabilities:
1. Multiple code-execution vulnerabilities.
2. A stack-based buffer-overflow vulnerability.
3. A directory-traversal vulnerability.
Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0289 | CVE-2012-4353 |
Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function, a different vulnerability than CVE-2012-3815. NOTE: some of these details are obtained from third party information. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Winlog Pro is prone to the following security vulnerabilities:
1. Multiple code-execution vulnerabilities.
2. A stack-based buffer-overflow vulnerability.
3. A directory-traversal vulnerability.
Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible.
Winlog Pro 2.07.16 and prior are vulnerable. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0288 | CVE-2012-4359 |
Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Denial of service vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. A vulnerability exists in Sielco Sistemi Winlog Pro versions prior to SCADA 2.07.18 and versions prior to Winlog Lite SCADA 2.07.18. The vulnerability stems from the unverified ‘realloc’ function return value. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is prone to the following security vulnerabilities:
1. Multiple code-execution vulnerabilities.
2. A stack-based buffer-overflow vulnerability.
3. A directory-traversal vulnerability.
Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in RunTime.exe when
processing packets and can be exploited to cause a stack-based buffer
overflow via a specially crafted packet sent to TCP port 46824.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0287 | CVE-2012-4358 |
Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Denial of service vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. A vulnerability exists in Sielco Sistemi Winlog Pro versions prior to SCADA 2.07.17 and versions prior to Winlog Lite SCADA 2.07.17. The vulnerability stems from the unverified ‘realloc’ function return value. Winlog Pro is prone to the following security vulnerabilities:
1. Multiple code-execution vulnerabilities.
2. A stack-based buffer-overflow vulnerability.
3. A directory-traversal vulnerability.
Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in RunTime.exe when
processing packets and can be exploited to cause a stack-based buffer
overflow via a specially crafted packet sent to TCP port 46824.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0286 | CVE-2012-4357 |
Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Arbitrary code execution vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Vulnerabilities in array indexes in Sielco Sistemi Winlog Pro versions prior to SCADA 2.07.17 and versions prior to Winlog Lite SCADA 2.07.17. Winlog Pro is prone to the following security vulnerabilities:
1. Multiple code-execution vulnerabilities.
2. A stack-based buffer-overflow vulnerability.
3. A directory-traversal vulnerability.
Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible.
Winlog Pro 2.07.16 and prior are vulnerable. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in RunTime.exe when
processing packets and can be exploited to cause a stack-based buffer
overflow via a specially crafted packet sent to TCP port 46824.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0285 | CVE-2012-4356 |
Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Multiple Directory Traversal Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98. For opening files Opcode 0x78 and .. ( Dot dot ) Port number with pathname including 46824 To TCP packet For reading files Opcode (1) 0x96 , (2) 0x97 , (3) 0x98 Port number with 46824 To TCP packet. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Read file operations to read any file. Winlog Pro is prone to the following security vulnerabilities:
1. Multiple code-execution vulnerabilities.
2. A stack-based buffer-overflow vulnerability.
3. A directory-traversal vulnerability.
Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible.
Winlog Pro 2.07.16 and prior are vulnerable. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in RunTime.exe when
processing packets and can be exploited to cause a stack-based buffer
overflow via a specially crafted packet sent to TCP port 46824.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201206-0072 | CVE-2012-2596 |
Siemens WinCC of Web Application XPath Vulnerability to read settings in function
Related entries in the VARIoT exploits database: VAR-E-201206-0992 |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters. There is a security vulnerability in the implementation, and an attacker can use the vulnerability to read or write system settings. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible. The vulnerability is related to 'XML injection' attacks.
The vulnerability is caused due to an input sanitisation error within
the DiagAgent web server and can be exploited to cause a buffer
overflow and crash the DiagAgent.
Successful exploitation requires the DiagAgent web server to be
enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA49341
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49341/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE:
2012-06-07
DISCUSS ADVISORY:
http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and some vulnerabilities have been reported in Siemens
SIMATIC WinCC, which can be exploited by malicious users to disclose
potentially sensitive information and system information and
manipulate certain data and by malicious people to conduct spoofing
and cross-site scripting attacks. This can be exploited to manipulate XPath
queries by injecting arbitrary XPath code and e.g.
2) Certain input passed via a filename to two unspecified web
applications is not properly verified before being used to display
files. This can be exploited to disclose the contents of arbitrary
files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not
properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to
redirect users. This can be exploited to redirect a user to an
arbitrary website e.g. when a user clicks a specially crafted link to
the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION:
Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey
Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis
Baranov, and Andrey Medov, Positive Technologies.
4) Reported by the vendor.
ORIGINAL ADVISORY:
Siemens:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201206-0115 | CVE-2012-3003 |
Siemens WinCC of Web Application open redirect vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0992 |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters, and there is a security hole in implementation. An attacker could exploit a vulnerability to redirect a user to a malicious site. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible.
The vulnerability is caused due to an input sanitisation error within
the DiagAgent web server and can be exploited to cause a buffer
overflow and crash the DiagAgent.
Successful exploitation requires the DiagAgent web server to be
enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA49341
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49341/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE:
2012-06-07
DISCUSS ADVISORY:
http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and some vulnerabilities have been reported in Siemens
SIMATIC WinCC, which can be exploited by malicious users to disclose
potentially sensitive information and system information and
manipulate certain data and by malicious people to conduct spoofing
and cross-site scripting attacks.
1) Certain input passed via URL parameters to two unspecified web
applications is not properly sanitised before being used to construct
a XPath query for XML data. This can be exploited to manipulate XPath
queries by injecting arbitrary XPath code and e.g. read or write
certain system settings.
2) Certain input passed via a filename to two unspecified web
applications is not properly verified before being used to display
files. This can be exploited to disclose the contents of arbitrary
files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not
properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to
redirect users. when a user clicks a specially crafted link to
the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION:
Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey
Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis
Baranov, and Andrey Medov, Positive Technologies.
4) Reported by the vendor.
ORIGINAL ADVISORY:
Siemens:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201206-0071 | CVE-2012-2595 |
Siemens WinCC Cross-Site Scripting Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0992 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible.
The vulnerability is caused due to an input sanitisation error within
the DiagAgent web server and can be exploited to cause a buffer
overflow and crash the DiagAgent.
Successful exploitation requires the DiagAgent web server to be
enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA49341
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49341/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE:
2012-06-07
DISCUSS ADVISORY:
http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and some vulnerabilities have been reported in Siemens
SIMATIC WinCC, which can be exploited by malicious users to disclose
potentially sensitive information and system information and
manipulate certain data and by malicious people to conduct spoofing
and cross-site scripting attacks.
1) Certain input passed via URL parameters to two unspecified web
applications is not properly sanitised before being used to construct
a XPath query for XML data. This can be exploited to manipulate XPath
queries by injecting arbitrary XPath code and e.g. read or write
certain system settings.
2) Certain input passed via a filename to two unspecified web
applications is not properly verified before being used to display
files. This can be exploited to disclose the contents of arbitrary
files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not
properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to
redirect users. This can be exploited to redirect a user to an
arbitrary website e.g. when a user clicks a specially crafted link to
the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION:
Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey
Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis
Baranov, and Andrey Medov, Positive Technologies.
4) Reported by the vendor.
ORIGINAL ADVISORY:
Siemens:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201206-0509 | No CVE | IIJ SEIL Multiple Product Security Bypass Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: - |
Multiple SEIL products are prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass the security mechanisms built into an affected device. This may aid in further attacks.
Note: Successful exploitation requires HTTP-Proxy is set and 'Application-Gateway' is enabled.
The following products are vulnerable:
SEIL/x86 1.00 through 2.35
SEIL/X1 2.30 through 3.75
SEIL/X2 2.30 through 3.75
SEIL/B1 2.30 through 3.75
| VAR-201206-0410 | CVE-2012-2632 | SEIL series fail to restrict access permissions |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which allows remote attackers to bypass intended URL restrictions via a TCP session. SEIL series contain an issue where access permissions are not restricted. SEIL series are wireless LAN routers. SEIL series contain an issue where access permissions are not restricted.An attacker that can access the product's HTTP proxy may bypass restrictions such as the URL filter. The SEIL Router is a router from Japan's SEIL vendors. A security vulnerability exists in the SEIL Router that allows malicious users to bypass some security restrictions. There is an error in the HTTP-Proxy/Gateway function provided by the router. To successfully exploit the vulnerability, you need to set HTTP-Proxy and enable \"Application-Gateway\". SEIL routers are routers produced by SEIL manufacturers in Japan. A successful attack requires setting up an HTTP proxy and enabling an "Application Gateway". ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
SEIL Routers HTTP-Proxy/Gateway Functionality Security Bypass
Vulnerability
SECUNIA ADVISORY ID:
SA49365
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49365/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49365
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49365/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49365/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49365
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in SEIL routers, which can be
exploited by malicious people to bypass certain security
restrictions.
The vulnerability is caused due to an error within the
HTTP-Proxy/Gateway functionality and can be exploited to e.g.
The vulnerability is reported in the following products and
versions:
* SEIL/x86 firmware versions 1.00 through 2.35.
* SEIL/X1 firmware versions 2.30 through 3.75.
* SEIL/X2 firmware versions 2.30 through 3.75.
* SEIL/B1 firmware versions 2.30 through 3.75.
SOLUTION:
Update to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
SEIL:
http://www.seil.jp/support/security/a01232.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201206-0073 | CVE-2012-2597 |
Siemens WinCC Directory Traversal Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0992 |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL. WinCC flexible is a human-machine interface for use in some machine or process applications. An attacker can exploit the vulnerability to read arbitrary files. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible.
The vulnerability is caused due to an input sanitisation error within
the DiagAgent web server and can be exploited to cause a buffer
overflow and crash the DiagAgent.
Successful exploitation requires the DiagAgent web server to be
enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA49341
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49341/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE:
2012-06-07
DISCUSS ADVISORY:
http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and some vulnerabilities have been reported in Siemens
SIMATIC WinCC, which can be exploited by malicious users to disclose
potentially sensitive information and system information and
manipulate certain data and by malicious people to conduct spoofing
and cross-site scripting attacks.
1) Certain input passed via URL parameters to two unspecified web
applications is not properly sanitised before being used to construct
a XPath query for XML data. This can be exploited to manipulate XPath
queries by injecting arbitrary XPath code and e.g. read or write
certain system settings.
2) Certain input passed via a filename to two unspecified web
applications is not properly verified before being used to display
files. This can be exploited to disclose the contents of arbitrary
files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not
properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to
redirect users. This can be exploited to redirect a user to an
arbitrary website e.g. when a user clicks a specially crafted link to
the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION:
Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey
Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis
Baranov, and Andrey Medov, Positive Technologies.
4) Reported by the vendor.
ORIGINAL ADVISORY:
Siemens:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201206-0074 | CVE-2012-2598 |
Siemens WinCC Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0992 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters, and there is a buffer overflow vulnerability in implementation. An attacker could exploit the vulnerability to cause a denial of service. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible.
Successful exploitation requires the DiagAgent web server to be
enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA49341
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49341/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE:
2012-06-07
DISCUSS ADVISORY:
http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and some vulnerabilities have been reported in Siemens
SIMATIC WinCC, which can be exploited by malicious users to disclose
potentially sensitive information and system information and
manipulate certain data and by malicious people to conduct spoofing
and cross-site scripting attacks.
1) Certain input passed via URL parameters to two unspecified web
applications is not properly sanitised before being used to construct
a XPath query for XML data. This can be exploited to manipulate XPath
queries by injecting arbitrary XPath code and e.g. read or write
certain system settings.
2) Certain input passed via a filename to two unspecified web
applications is not properly verified before being used to display
files. This can be exploited to disclose the contents of arbitrary
files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not
properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to
redirect users. This can be exploited to redirect a user to an
arbitrary website e.g. when a user clicks a specially crafted link to
the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION:
Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey
Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis
Baranov, and Andrey Medov, Positive Technologies.
4) Reported by the vendor.
ORIGINAL ADVISORY:
Siemens:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201206-0183 | CVE-2012-3815 |
Sielco Sistemi Winlog Lite Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained from third party information. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. There is a security hole in Winlog Pro/lite. Winlog Pro/lite has an input validation error. Unauthorized users can send special requests to the TCP 46824 port to access the read system files. Winlog Lite is prone to a remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------