VARIoT IoT vulnerabilities database

VAR-190001-1122 | No CVE | Multiple Vulnerabilities in GE Energy D20/D200 Substation Controller TFTP Service |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
The GE Energy D20/D200 Substation Controller has multiple security vulnerabilities that allow malicious users to disclose sensitive information and control devices. There is an unspecified error in the TFTP service, and a remote attacker can exploit the vulnerability to obtain sensitive information or execute arbitrary code. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
GE Energy D20/D200 Substation Controller TFTP Service Two
Vulnerabilities
SECUNIA ADVISORY ID:
SA47632
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47632/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47632
RELEASE DATE:
2012-01-20
DISCUSS ADVISORY:
http://secunia.com/advisories/47632/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47632/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47632
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in GE Energy D20/D200
Substation Controller, which can be exploited by malicious people to
disclose sensitive information and compromise a vulnerable device.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Reid Wightman via Digital Bond\x92s SCADA Security
Scientific Symposium (S4).
ORIGINAL ADVISORY:
ICS-CERT (ICS-ALERT-12-019-01):
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-019-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-190001-0355 | No CVE | BroadWin WebAccess Client 'OcxSpool()' Method Memory Corruption Vulnerability |
CVSS V2: - CVSS V3: - Severity: HIGH |
Advantech BroadWin is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) house arrest. The \"CloseFile()\" method (bwocxrun.ocx) has an error when the BroadWin WebAccess client handles opening a file descriptor. Passing an arbitrary integer value to the \"fpt\" method can cause memory corruption. Successful exploitation of a vulnerability can execute arbitrary code in the context of an application. BroadWin WebAccess Client is prone to multiple remote vulnerabilities, including:
1. A format-string vulnerability
2. Failed exploit attempts will likely result in denial-of-service conditions.
BroadWin WebAccess Client 7.0 is vulnerable; other verisons may also bea ffected. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing
Find out more, take a free test drive, and share your opinion with us:
http://secunia.com/blog/242
----------------------------------------------------------------------
TITLE:
BroadWin WebAccess Client Bwocxrun ActiveX Control Multiple
Vulnerabilities
SECUNIA ADVISORY ID:
SA45820
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45820/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45820
RELEASE DATE:
2011-09-02
DISCUSS ADVISORY:
http://secunia.com/advisories/45820/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45820/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45820
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Luigi Auriemma has discovered multiple vulnerabilities in BroadWin
WebAccess Client, which can be exploited by malicious people to
compromise a user's system. Other versions may also be
affected.
SOLUTION:
Set the kill-bit for the affected ActiveX control.
PROVIDED AND/OR DISCOVERED BY:
Luigi Auriemma
ORIGINAL ADVISORY:
http://aluigi.altervista.org/adv/bwocxrun_1-adv.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201109-0170 | CVE-2011-3498 |
Progea Movicon/PowerHMI Heap Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201109-0336 |
CVSS V2: 10.0 CVSS V3: - Severity: High |
Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request. When the software runs the project, it will listen to the 12233 port to process the special \"EIDP\" protocol, and submit a special \"EIDP\" message (the field is too large) through the WEB service to crash the service program. Movicon is an Italian HMI/SCADA software. When the software runs the project, it will listen to port 808 to receive the HTTP request. The server incorrectly processes the negative Content-Length field to trigger the heap-based buffer overflow. The memory can be destroyed by \"memcpy(heap_buffer, input, content_length_size)\". In addition, submitting an incoming HTTP request containing 8192 bytes can trigger a heap-based overflow. Movicon is prone to multiple heap-based buffer-overflow vulnerabilities and a denial-of-service vulnerability.
Movicon 11.2 Build 1085 is vulnerable; other versions may also be affected
VAR-201109-0171 | CVE-2011-3499 |
Progea Movicon/PowerHMI Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201109-0336 |
CVSS V2: 10.0 CVSS V3: - Severity: High |
Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location. When the software runs the project, it will listen to the 12233 port to process the special \"EIDP\" protocol, and submit a special \"EIDP\" message (the field is too large) through the WEB service to crash the service program. Movicon is an Italian HMI/SCADA software. When the software runs the project, it will listen to port 808 to receive the HTTP request. The server incorrectly processes the negative Content-Length field to trigger the heap-based buffer overflow. The memory can be destroyed by \"memcpy(heap_buffer, input, content_length_size)\". In addition, submitting an incoming HTTP request containing 8192 bytes can trigger a heap-based overflow. Movicon is prone to multiple heap-based buffer-overflow vulnerabilities and a denial-of-service vulnerability.
Movicon 11.2 Build 1085 is vulnerable; other versions may also be affected
VAR-201109-0184 | CVE-2011-3491 |
Progea Movicon/PowerHMI Heap Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201109-0336 |
CVSS V2: 10.0 CVSS V3: - Severity: High |
Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative Content-Length field. When the software runs the project, it will listen to the 12233 port to process the special \"EIDP\" protocol, and submit a special \"EIDP\" message (the field is too large) through the WEB service to crash the service program. Movicon is an Italian HMI/SCADA software. When the software runs the project, it will listen to port 808 to receive the HTTP request. The memory can be destroyed by \"memcpy(heap_buffer, input, content_length_size)\". In addition, submitting an incoming HTTP request containing 8192 bytes can trigger a heap-based overflow. Movicon is prone to multiple heap-based buffer-overflow vulnerabilities and a denial-of-service vulnerability.
Movicon 11.2 Build 1085 is vulnerable; other versions may also be affected
VAR-201109-0179 | CVE-2011-3486 |
TwinCAT 'TCATSysSrv.exe' Network Packet Denial of Service Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201109-0023 |
CVSS V2: 5.0 CVSS V3: - Severity: Medium |
Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read. Beckhoff TwinCAT is a PC-based software solution that provides complete CNC functionality. TwinCAT is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to crash the application, denying service to legitimate users.
TwinCAT 2.11 R2 Build 2032 is vulnerable. Other versions may also be affected
VAR-201109-0182 | CVE-2011-3489 |
RSLogix Remote Denial of Service Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201109-0578 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field. RSLinx Classic connects RSLogix and RSNetWorx products to Rockwell Automation networks and devices, and is also an OPC server. RsvcHost.exe and RNADiagReceiver.exe listen to 4446 and other ports. Rockwell RSLogix is a programming software for industrial automation. An attacker could exploit this vulnerability to execute arbitrary code for an attack. RSLogix is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to crash the application, denying service to legitimate users.
RSLogix 5000 is vulnerable. Other versions may also be affected. A buffer overflow vulnerability exists in RnaUtility.dll in RsvcHost.exe version 2.30.0.23 of Rockwell RSLogix 19 and earlier
VAR-190001-0595 | No CVE | H3C ER5100 Authentication Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The H3C ER5100 is an enterprise-class dual-core broadband router. The H3C ER5100 Enterprise Broadband Router web management page has a verification vulnerability. Unauthorized visitors can modify, restart, and view most system configurations. The H3C ER5100 is prone to a remote authentication-bypass vulnerability.
Attackers can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. ----------------------------------------------------------------------
Frost & Sullivan 2011 Report: Secunia Vulnerability Research
\"Frost & Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\" This is just one of the key factors that influenced Frost & Sullivan to select Secunia over other companies.
Read the report here:
http://secunia.com/products/corporate/vim/fs_request_2011/
----------------------------------------------------------------------
TITLE:
H3C ER5100 Router Web Interface Authentication Bypass Vulnerability
SECUNIA ADVISORY ID:
SA44969
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44969/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44969
RELEASE DATE:
2011-06-23
DISCUSS ADVISORY:
http://secunia.com/advisories/44969/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/44969/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44969
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
128bit has reported a vulnerability in H3C ER5100 Router, which can
be exploited by malicious people to bypass certain security
restrictions.
The vulnerability is caused due to an error in the authentication
mechanism of the administrative web interface. This can be exploited
to bypass authentication checks and gain access to the administrative
interface by e.g. appending "userLogin.asp" to the URL.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
128bit
ORIGINAL ADVISORY:
http://www.wooyun.org/bugs/wooyun-2010-02268
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-190001-0244 | No CVE | Barracuda Backup Service Multiple Security Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: - |
Barracuda Backup Service is a network backup solution. Barracudas Backup v2.x has multiple persistent input validation vulnerabilities, local low privileged user accounts or remote attackers (using user interaction) can implement/inject malicious persistent script code (Java/HTML) that can lead to sensitive information disclosure , access the intranet available server and operate part of the content. Affected Module: [+] E-Mail Message Browser - Filter[+] Expressions[+] Exclsuion Rules Image: ../ive1.png../ive2.png../ive3.png../ive4.png. Barracuda Backup Service is prone to multiple vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML or script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible
VAR-190001-0838 | No CVE | SAP WebAS Malicious SAP Shortcut Generates Remote Command Injection Vulnerability |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
SAP Web Application Server (sometimes called WebAS) is the runtime environment for SAP applications - all mySAP Business Suite solutions (SRM, CRM, SCM, PLM, ERP) run on SAP WebAS. The SAP Web Application Server provides access to multiple services through the WEB engine, namely the SAP Internet Communication Framework (ICM). The SHORTCUT ICF service is a dangerous feature that can be performed anonymously by third-party programs for client attacks on end users. In addition, this service includes a parameter injection vulnerability that allows the attacker to gain further control over the system. There are currently no detailed details of the vulnerability provided. SAP WebAS is prone to a remote command injection vulnerability
An attacker can exploit this issue inject arbitrary commands into the affected application and take over the generation of SAP shortcuts
VAR-190001-0709 | No CVE | D-Link DNS-320 ShareCenter Authentication Mechanism Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The D-Link DNS-320 is a storage device for small business users. D-Link ShareCenter DNS-320 manages the authentication mechanism of the WEB interface. It can be used to bypass the verification check and perform shutdown or restart operations. D-Link DNS-320 ShareCenter is prone to an authentication-bypass vulnerability.
Attackers can exploit this issue to connect to the affected device without authentication. This may aid in further attacks.
D-Link DNS-320 ShareCenter firmware 2.00b06 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
D-Link ShareCenter DNS-320 Authentication Bypass Vulnerability
SECUNIA ADVISORY ID:
SA47070
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47070/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47070
RELEASE DATE:
2011-12-08
DISCUSS ADVISORY:
http://secunia.com/advisories/47070/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47070/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47070
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in D-Link ShareCenter DNS-320,
which can be exploited by malicious people to bypass certain security
restrictions. This can be exploited
to bypass authentication checks and e.g. restart or shutdown the
device.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
rigan
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201108-0083 | CVE-2011-2402 | HP Network Automation Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: Medium |
Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. HP Network Automation is an automated network configuration management tool. HP Network Automation running on Linux, Solaris and Windows platforms has security vulnerabilities that allow attackers to perform cross-site scripting attacks that allow attackers to obtain sensitive information or hijack user sessions.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The vulnerabilities could be exploited remotely resulting in SQL injection and cross site scripting (XSS).
References: CVE-2011-2402(XSS), CVE-2011-2403 (SQL injection)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The patch is available here: http://support.openview.hp.com/selfsolve/patches
Upgrade to HP Network Automation v9.10
Apply patch 1 or subsequent (Title: Network Automation 09.10.01, Document ID: KM1207081)
HISTORY
Version:1 (rev.1) - 28 July 2011 Initial Release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk4xdeMACgkQ4B86/C0qfVntSwCdF4drR9sS5wJ4+kFmIYfnv4NJ
7QcAn13pc8sXX/aSZf4FHCfx+7aFUpQw
=v+ei
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.
Read more and request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
HP Network Automation Cross-Site Scripting and SQL Injection
Vulnerabilities
SECUNIA ADVISORY ID:
SA45454
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45454/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45454
RELEASE DATE:
2011-07-30
DISCUSS ADVISORY:
http://secunia.com/advisories/45454/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45454/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45454
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in HP Network Automation,
which can be exploited by malicious users to conduct SQL injection
attacks and by malicious people to conduct cross-site scripting
attacks.
1) Certain unspecified input is not properly sanitised before being
returned to the user.
2) Certain unspecified input is not properly sanitised before being
used in a SQL query. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.
The vulnerabilities reported in versions 7.2x, 7.5x, 7.6x, 9.0, and
9.10.
SOLUTION:
Update to version 9.10 and apply patch 1 or later.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBMU02693 SSRT100583:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02942385
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201108-0084 | CVE-2011-2403 |
HP Network Automation In SQL Injection vulnerability
Related entries in the VARIoT exploits database: VAR-E-201107-0314 |
CVSS V2: 6.5 CVSS V3: - Severity: Medium |
SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. HP Network Automation is an automated network configuration management tool. HP Network Automation running on Linux, Solaris and Windows platforms has security vulnerabilities that allow attackers to perform SQL injection attacks, allowing attackers to obtain sensitive information or manipulate databases.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. The vulnerabilities could be exploited remotely resulting in SQL injection and cross site scripting (XSS).
References: CVE-2011-2402(XSS), CVE-2011-2403 (SQL injection)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Network Automation v7.2x, v7.5x, v7.6x, v9.0, v9.10
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-2402 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2011-2403 (AV:N/AC:L/Au:S/C:C/I:C/A:C) 9.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided a patch to resolve the vulnerabilities for HP Network Automation v9.10. The patch is available here: http://support.openview.hp.com/selfsolve/patches
Upgrade to HP Network Automation v9.10
Apply patch 1 or subsequent (Title: Network Automation 09.10.01, Document ID: KM1207081)
HISTORY
Version:1 (rev.1) - 28 July 2011 Initial Release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk4xdeMACgkQ4B86/C0qfVntSwCdF4drR9sS5wJ4+kFmIYfnv4NJ
7QcAn13pc8sXX/aSZf4FHCfx+7aFUpQw
=v+ei
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.
Read more and request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
HP Network Automation Cross-Site Scripting and SQL Injection
Vulnerabilities
SECUNIA ADVISORY ID:
SA45454
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45454/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45454
RELEASE DATE:
2011-07-30
DISCUSS ADVISORY:
http://secunia.com/advisories/45454/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45454/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45454
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in HP Network Automation,
which can be exploited by malicious users to conduct SQL injection
attacks and by malicious people to conduct cross-site scripting
attacks.
1) Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.
The vulnerabilities reported in versions 7.2x, 7.5x, 7.6x, 9.0, and
9.10.
SOLUTION:
Update to version 9.10 and apply patch 1 or later.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBMU02693 SSRT100583:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02942385
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201202-0282 | CVE-2012-1008 |
OfficeSIP Server Input Validation Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201202-0193 |
CVSS V2: 5.0 CVSS V3: - Severity: Medium |
OfficeSIP Server There is a service disruption ( Daemon crash ) There is a vulnerability that becomes a condition.By a third party SIP INVITE Cleverly crafted in the message To Service disruption via header ( Daemon crash ) There is a possibility of being put into a state. A vulnerability exists in the OfficeSIP Server version 3.1.
Successful exploits may allow the attacker to cause the application to crash, resulting in denial-of-service conditions
VAR-201201-0168 | CVE-2011-4057 | Wibu-Systems CodeMeter remote denial of service vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability. CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service (DoS). Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS). The Wibu-Systems CodeMeter dongle provides secure hardware based software and digital content protection and effective license management. Wibu-Systems CodeMeter has problems handling special TCP packets. Wibu-Systems CodeMeter is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users.
Wibu-Systems CodeMeter versions prior to 4.40 are affected. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
CodeMeter Unspecified Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA47497
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47497/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47497
RELEASE DATE:
2012-01-12
DISCUSS ADVISORY:
http://secunia.com/advisories/47497/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47497/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47497
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in CodeMeter, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error. No further
information is currently available.
SOLUTION:
Update to version 4.40.
ORIGINAL ADVISORY:
JVN:
http://jvn.jp/en/jp/JVN78901873/index.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000003.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201406-0031 | CVE-2011-4821 | D-Link DIR-601 TFTP Server Directory Traversal Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors. The D-Link DIR-601 is a wireless router device. The attacker performs the WAN interface monitored by the TFTP server without authentication. D-Link DIR-601 is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an attacker to gain access to system and other configuration files.
D-Link DIR-601 1.02NA is vulnerable; other versions may be affected. ----------------------------------------------------------------------
SC Magazine awards the Secunia CSI a 5-Star rating
Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296
----------------------------------------------------------------------
TITLE:
2X ApplicationServer TuxSystem ActiveX Control "ExportSettings()"
Insecure Method
SECUNIA ADVISORY ID:
SA47657
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47657/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47657
RELEASE DATE:
2012-02-03
DISCUSS ADVISORY:
http://secunia.com/advisories/47657/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47657/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47657
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Andrea Micalizzi has discovered a vulnerability in 2X
ApplicationServer TuxSystem ActiveX Control, which can be exploited
by malicious people to manipulate certain data.
The vulnerability is caused due to the TuxSystem ActiveX control
(TuxScripting.dll) providing an insecure "ExportSettings()" method,
which can be exploited to create or overwrite arbitrary files in the
context of the currently logged-on user.
The vulnerability is confirmed in version 10.1 Build 1224.
SOLUTION:
Set the kill-bit for the affected ActiveX control.
PROVIDED AND/OR DISCOVERED BY:
Andrea Micalizzi (rgod) via Secunia.
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
SOLUTION:
Disable the TFTP service
VAR-201112-0253 | CVE-2011-4860 | NOE 771 device ComputePassword Function Information Disclosure Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message. A remote attacker can gain access by means of (1) ARP request information or (2) Neighbor Solicitation information. The firmware provided by Schneider Schneider Electric Quantum Ethernet Module has a hard-coded problem. The built-in hard-coded authentication credentials can be used to access the following services: Telnet port, allowing remote attackers to view the operation of the module firmware, perform denial of service, modify the module memory, execute Arbitrary code. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Schneider Electric Ethernet Modules Undocumented Account Security
Issues
SECUNIA ADVISORY ID:
SA47019
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47019/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47019
RELEASE DATE:
2011-12-14
DISCUSS ADVISORY:
http://secunia.com/advisories/47019/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47019/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47019
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Ruben Santamarta has reported some security issues in multiple
Schneider Electric modules, which can be exploited by malicious
people to bypass certain security restrictions.
1) The Telnet service contains undocumented hardcoded credentials,
which can be exploited to gain access to the service and e.g. modify
module's memory and execute arbitrary code.
2) The Windriver Debug service contains undocumented hardcoded
credentials, which can be exploited to gain access to the service and
e.g. modify module's memory and execute arbitrary code.
3) The FTP service contains undocumented hardcoded credentials, which
can be exploited to gain access to the service and e.g. modify HTTP
passwords and upload malicious firmware.
Please see the ICS-CERT's advisory for a list of affected products
and versions.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
Ruben Santamarta
ORIGINAL ADVISORY:
Ruben Santamarta:
http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-190001-1072 | No CVE | D-Link DAP-1150 Cross-Site Request Forgery Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The D-Link DAP-1150 is a wireless access device. D-Link DAP-1150 has a cross-site request forgery vulnerability that allows an attacker to build a malicious link, entice a logged-in user to resolve, and perform various administrative operations in the target user context. D-Link DAP-1150 is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible.
D-Link DAP-1150 firmware version 1.2.94 is vulnerable; other versions may also be affected
VAR-190001-0402 | No CVE | Trend Micro DataArmor/DriveArmor Pre-Boot Local Privilege Escalation Vulnerability |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
Trend Micro DataArmor/DriveArmor is a data protection application. Trend Micro DataArmor/DriveArmor pre-boot has a security vulnerability that allows a local attacker to execute arbitrary code in the login user context and gain access to the DataArmor Recovery Console.
Attackers with physical access to the affected system can exploit this issue to escalate privileges and perform unauthorized actions
VAR-190001-0356 | No CVE | Wibu-Systems CodeMeter License Server Directory Traversal Vulnerability |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. The Wibu-Systems CodeMeter certificate server listens by default on port 22350, which allows for limited directory traversal attacks in virtual directories. Wibu-Systems CodeMeter is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an attacker to download arbitrary files with certain extensions from outside the server root directory. This may aid in further attacks.
CodeMeter 4.30c is affected; other versions may also be vulnerable