VARIoT IoT vulnerabilities database

The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet. Rockwell Automation is a provider of industrial automation, control and information technology solutions. Rockwell Automation FactoryTalk Activation Server RNADiagReceiver has errors in processing packets. Submitting a packet containing more than 2000 bytes to UDP port 4445 can result in no subsequent connections. An attacker can exploit these issues to crash the affected application, denying service to legitimate users

The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted packet. Rockwell Automation is a provider of industrial automation, control and information technology solutions. Rockwell Automation FactoryTalk Activation Server RNADiagReceiver has errors in processing packets. Submitting a packet containing more than 2000 bytes to UDP port 4445 can result in no subsequent connections. An attacker can exploit these issues to crash the affected application, denying service to legitimate users

Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server. Schneider Electric Modicon Quantum is an automated control platform with a full range of complete processors for complex process control and infrastructure. (2) There is a backdoor account that allows access to the system with user or administrator privileges. (5) There is also a cross-site scripting attack. Schneider Electric Modicon Quantum is prone to multiple vulnerabilities including: 1. A remote code-execution vulnerability. 2. Multiple buffer-overflow vulnerabilities. 3. A security-bypass vulnerability. 4. A cross site-scripting vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, bypass some security restrictions, allow an attacker to steal cookie-based information, or execute script code in the context of the browser of an unsuspecting user; other attacks may also be possible. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Schneider Electric Modicon Quantum Cross-Site Scripting and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA47723 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47723/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47723 RELEASE DATE: 2012-01-23 DISCUSS ADVISORY: http://secunia.com/advisories/47723/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47723/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47723 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Schneider Electric Modicon Quantum Series Modules, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: Filter malicious characters and character sequences in a proxy. Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Ruben Santamarta via Digital Bond\x92s SCADA Security Scientific Symposium (S4). ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method. OPC Systems.NET is a .NET product for SCADA, HMI. ComponentOne FlexGrid ActiveX Control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. ComponentOne FlexGrid 7.1 is vulnerable; other versions may also be affected

Toshiba e-STUDIO is an all-in-one machine from Toshiba. Password information can be obtained from the HTML source code of various configuration pages, such as: http://IP Address/TopAccess/Administrator/Setup/ScanToFile/List.htm<td nowrap\">\"> Password <input ID=\342\200\235Password3\342\200\262\342\200\262 type = \"password\" value=\342\200\235Password1\342\200\235 onfocus=\342\200\235 if (this.disable) this.blur();\342\200\235 maxlength=\342\200\23532\342\200\235 Use these password information to access the file server, LDAP system, etc. Toshiba e-Studio Devices is prone to an information-disclosure vulnerability that exposes sensitive information. Successful exploits will allow unauthenticated attackers to obtain sensitive information from the device, such as an administrative password, which may aid in further attacks

Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors. A security vulnerability exists in Hitachi JP1/ServerConductor/DeploymentManager that allows malicious users to obtain sensitive information. The DeploymentManager PXE Mtftp service has an input validation error. Hitachi JP1/ServerConductor/DeploymentManager is prone to a directory-traversal vulnerability. Other attacks may also be possible. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA47221 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47221/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47221 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47221/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47221/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47221 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/ServerConductor/DeploymentManager, which can be exploited by malicious people to disclose sensitive information. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (HS11-026): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-026/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trendnet TV-IP422W, iPUX ICS1033, Digicom IP CAMERA 100W are IP camera products. These products include an undocumented account \"productmaker\" that uses the default password, which allows an attacker to access the WEB or Telnet interface and command injection attacks. Multiple IP cameras are prone to an unauthorized access vulnerability. Successful exploits will allow a remote attacker to gain unauthorized access to the affected device

D-Link ShareCenter is a network storage device. D-Link ShareCenter does not perform proper verification check on accessing existing CGI scripts (/cgi directory). Attackers can access the following resources to obtain the device model and firmware version: http://<device IP address>/cgi-bin/ Discovery.cgihttp://<device IP address>/cgi-bin/system_mgr.cgi?cmd=get_firm_v_xml Another undocumented feature allows arbitrary commands to be executed, such as: http://<device IP address>/cgi-bin/system_mgr .cgi?cmd=cgi_sms_test. D-Link ShareCenter products are prone to multiple remote code-execution vulnerabilities. Successful exploits will result in the execution of arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. The following products are affected: D-Link DNS-320 ShareCenter D-Link DNS-325 ShareCenter

The SEL-2032 Communications Processor is a communications processor used by Schneider. The SEL-2032 Communications Processor SCADA remote terminal unit uses the plain text protocol for password verification. In addition, the attacker can crash the service program through telnet and port 1024/TCP. An attacker could exploit a vulnerability to perform a denial of service attack on a service or obtain sensitive information to bypass security restrictions. SEL-2032 Communications Processor is prone to a denial-of-service vulnerability and a security-bypass vulnerability. Attackers can exploit these issues to perform denial-of-service attacks or gain unauthorized access to the affected device. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SEL-2032 Communications Processor Denial of Service Vulnerability SECUNIA ADVISORY ID: SA47739 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47739/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47739 RELEASE DATE: 2012-01-23 DISCUSS ADVISORY: http://secunia.com/advisories/47739/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47739/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47739 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SEL-2032 Communications Processor, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error when processing certain packets and can be exploited to crash the device. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Dillon Beresford via Digital Bond\x92s SCADA Security Scientific Symposium (S4). ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-04.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php. Zabbix is a CS network distributed network monitoring system. The gname variable is not properly filtered when creating users and host groups. The following URL can cause persistent XSS attacks: URL: hostgroups.php usergrps.php Affected Parameters: gname Method: POST Injection: \"</options><script>alert( 'XSS')</script> Persists in: http://test/zabbix/hostgroups.php http://test/zabbix/users.php http://test/zabbix/hosts.php?form=update. ZABBIX is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, or control how the site is rendered to the user. Other attacks are also possible. ZABBIX 1.8.5 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Zabbix Two Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA47216 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47216/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47216 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47216/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47216/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47216 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Zabbix, which can be exploited by malicious users to conduct script insertion attacks. Successful exploitation of this vulnerability requires access rights to modify "host group" names. 2) Certain unspecified input to the profiler is not properly sanitised before being used. The vulnerabilities are reported in version 1.8.5. SOLUTION: Fixed in version 1.8.10rc. PROVIDED AND/OR DISCOVERED BY: 1) Martina Matari within a Zabbix bug report. 2) Reported by the vendor. ORIGINAL ADVISORY: Zabbix: http://www.zabbix.com/rn1.8.10rc1.php https://support.zabbix.com/browse/ZBX-4015 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler. Zabbix is a CS network distributed network monitoring system. The gname variable is not properly filtered when creating users and host groups. The following URL can cause persistent XSS attacks: URL: hostgroups.php usergrps.php Affected Parameters: gname Method: POST Injection: \"</options><script>alert( 'XSS')</script> Persists in: http://test/zabbix/hostgroups.php http://test/zabbix/users.php http://test/zabbix/hosts.php?form=update. ZABBIX is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, or control how the site is rendered to the user. Other attacks are also possible. ZABBIX 1.8.5 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Zabbix Two Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA47216 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47216/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47216 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47216/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47216/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47216 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Zabbix, which can be exploited by malicious users to conduct script insertion attacks. Successful exploitation of this vulnerability requires access rights to modify "host group" names. 2) Certain unspecified input to the profiler is not properly sanitised before being used. The vulnerabilities are reported in version 1.8.5. SOLUTION: Fixed in version 1.8.10rc. PROVIDED AND/OR DISCOVERED BY: 1) Martina Matari within a Zabbix bug report. 2) Reported by the vendor. ORIGINAL ADVISORY: Zabbix: http://www.zabbix.com/rn1.8.10rc1.php https://support.zabbix.com/browse/ZBX-4015 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors. TeeChart Pro ActiveX is a full-featured graphical charting tool for business, science, engineering and statistics. TeeChart ActiveX control is prone to a remote denial-of-service vulnerability because of a buffer-overflow error. Attackers can exploit this issue to crash an application using the vulnerable control, which causes a denial-of-service condition. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Schneider Electric Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47046 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47046/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47046 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/47046/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47046/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47046 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in multiple Schneider Electric products, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system. No further information is currently available. Successful exploitation of this vulnerability may allow execution of arbitrary code. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Certain unspecified input passed to the web portal is not properly verified before being used to read files and can be exploited to disclose arbitrary files via directory traversal attacks. The vulnerabilities are reported in the following products: * Vijeo Historian version 4.30 and prior. * CitectHistorian version 4.30 and prior. * CitectSCADA Reports version 4.10 and prior. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Kuang-Chun Hung, Security Research and Service Institute Information and Communication Security Technology Center (ICST) via ICS-CERT. ORIGINAL ADVISORY: Schneider Electric: http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vijeo Historian, CitectHistorian, and CitectSCADA Reports are prone to a cross-site-scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following applications are vulnerable: Vijeo Historian V4.30 and earlier CitectHistorian V4.30 and earlier CitectSCADA Reports V4.10 and earlier. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Schneider Electric Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47046 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47046/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47046 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/47046/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47046/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47046 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in multiple Schneider Electric products, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system. 1) Two errors in the TeeChart ActiveX control can be exploited to cause buffer overflows. No further information is currently available. Successful exploitation of this vulnerability may allow execution of arbitrary code. 2) Certain unspecified input is not properly sanitised before being returned to the user. 3) Certain unspecified input passed to the web portal is not properly verified before being used to read files and can be exploited to disclose arbitrary files via directory traversal attacks. * CitectHistorian version 4.30 and prior. * CitectSCADA Reports version 4.10 and prior. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Kuang-Chun Hung, Security Research and Service Institute Information and Communication Security Technology Center (ICST) via ICS-CERT. ORIGINAL ADVISORY: Schneider Electric: http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. TeeChart Pro ActiveX is a full-featured graphical charting tool for business, science, engineering and statistics. TeeChart ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the application using the vulnerable control. Failed exploit attempts will result in a denial-of-service condition. If the attack fails, it may lead to denial of service. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Schneider Electric Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47046 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47046/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47046 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/47046/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47046/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47046 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in multiple Schneider Electric products, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system. 1) Two errors in the TeeChart ActiveX control can be exploited to cause buffer overflows. No further information is currently available. Successful exploitation of this vulnerability may allow execution of arbitrary code. 2) Certain unspecified input is not properly sanitised before being returned to the user. 3) Certain unspecified input passed to the web portal is not properly verified before being used to read files and can be exploited to disclose arbitrary files via directory traversal attacks. The vulnerabilities are reported in the following products: * Vijeo Historian version 4.30 and prior. * CitectHistorian version 4.30 and prior. * CitectSCADA Reports version 4.10 and prior. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Kuang-Chun Hung, Security Research and Service Institute Information and Communication Security Technology Center (ICST) via ICS-CERT. ORIGINAL ADVISORY: Schneider Electric: http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. Vijeo Historian, CitectHistorian, and CitectSCADA Reports are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Information harvested may aid in launching further attacks. The following applications are vulnerable: Vijeo Historian V4.30 and earlier CitectHistorian V4.30 and earlier CitectSCADA Reports V4.10 and earlier. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Schneider Electric Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47046 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47046/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47046 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/47046/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47046/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47046 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in multiple Schneider Electric products, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system. 1) Two errors in the TeeChart ActiveX control can be exploited to cause buffer overflows. No further information is currently available. Successful exploitation of this vulnerability may allow execution of arbitrary code. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. * CitectHistorian version 4.30 and prior. * CitectSCADA Reports version 4.10 and prior. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Kuang-Chun Hung, Security Research and Service Institute Information and Communication Security Technology Center (ICST) via ICS-CERT. ORIGINAL ADVISORY: Schneider Electric: http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Linksys WAG54GS Wireless Router is a wireless router device. A cross-site request forgery vulnerability exists in the Linksys WAG54GS Wireless Router. Because the program fails to properly validate user-submitted requests, an attacker can build a malicious URI, trick the user into parsing, and run privileged commands on the device, such as changing the configuration, performing a denial of service attack, or injecting arbitrary script code. Other attacks are also possible. Linksys WAG54GS running firmware 1.01.03 is vulnerable

Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server and Runtime Clients, allow remote attackers to execute arbitrary code via a long string in a property value, a different issue than CVE-2011-3141. Invensys Wonderware InBatch Server and runtime client (1) GUIControls , (2) BatchObjSrv ,and (3) BatchSecCtrl ActiveX The control contains a buffer overflow vulnerability. This vulnerability CVE-2011-3141 Is a different vulnerability.A third party may execute arbitrary code through an excessively long string of property values. Multiple stack-based buffer overflow vulnerabilities exist in Invensys Wonderware inBatch. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application that uses ActiveX controls (usually Internet Explorer), which could result in a denial of service. Failed exploit attempts will result in a denial-of-service condition. Failure to do so may result in a denial of service

Advantech BroadWin is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) house arrest. A security vulnerability exists in the WebAccess web service provided by Advantech BroadWin WebAccess software, which is used by remote attackers to submit arbitrary code or denial of service attacks by submitting a specially crafted RPC request to TCP port 4592 or 14592. Advantech BroadWin WebAccess is prone to a remote code-execution vulnerability because it fails to sufficiently validate user-supplied data. Successful exploits will allow an attacker to run arbitrary code in the servers managed by the affected application. Failed attacks may cause denial-of-service conditions

A hard-coded certificate security bypass vulnerability exists in Siemens SIMATIC S7-300. A remote attacker could exploit the vulnerability to access an affected device

Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ecava IntegraXor is a human interface product that uses HTML and SVG. A cross-site scripting vulnerability exists in Ecava IntegraXor. Because the application lacks filtering of user-submitted data, an attacker exploits a vulnerability to steal cookie-based authentication credentials and execute arbitrary code in an uninformed user's browser in the context of the affected site. Ecava IntegraXor is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Ecava IntegraXor versions prior to 3.60.4080 are vulnerable. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IntegraXor Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44321 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44321/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44321 RELEASE DATE: 2011-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/44321/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44321/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44321 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IntegraXor, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: Update to version 3.60 Build 4080. PROVIDED AND/OR DISCOVERED BY: An anonymous researcher via ICS CERT. ORIGINAL ADVISORY: IntegraXor: http://www.integraxor.com/blog/security-issue-xss-vulnerability-note ICS CERT (ICSA-11-147-02): http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------