VARIoT IoT vulnerabilities database
| VAR-202206-0838 | CVE-2022-32255 | Siemens SINEMA Remote Connect Server Security hole |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
| VAR-202206-1033 | CVE-2022-31309 | WAVLINK AERIAL X 1200M Information Disclosure Vulnerability (CNVD-2022-61032) |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function. WAVLINK AERIAL X 1200M is a WiFi extender from China WAVLINK company. The vulnerability originates from improper authorization management on the live_check.shtml page
| VAR-202206-1186 | CVE-2022-21125 | Microsoft Windows Information disclosure vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统.
Microsoft Windows存在安全漏洞。该漏洞源于Intel处理器存在安全问题。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 11 for x64-based Systems,Windows 11 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation). 8.1) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system. 7) - noarch, x86_64
3. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.4.6 images
Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/
Security fixes:
* golang: crypto/tls: session tickets lack random ticket_age_add
(CVE-2022-30629)
* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)
* nodejs16: CRLF injection in node-undici (CVE-2022-31150)
* nodejs/undici: Cookie headers uncleared on cross-origin redirect
(CVE-2022-31151)
* vm2: Sandbox Escape in vm2 (CVE-2022-36067)
Bug fixes:
* RHACM 2.4 using deprecated APIs in managed clusters (BZ# 2041540)
* vSphere network name doesn't allow entering spaces and doesn't reflect
YAML changes (BZ# 2074766)
* cluster update status is stuck, also update is not even visible (BZ#
2079418)
* Policy that creates cluster role is showing as not compliant due to
Request entity too large message (BZ# 2088486)
* Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster (BZ#
2089490)
* ACM Console Becomes Unusable After a Time (BZ# 2097464)
* RHACM 2.4.6 images (BZ# 2100613)
* Cluster Pools with conflicting name of existing clusters in same
namespace fails creation and deletes existing cluster (BZ# 2102436)
* ManagedClusters in Pending import state after ACM hub migration (BZ#
2102495)
3. Solution:
For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation, which will be updated shortly for this release, for
important
instructions on installing this update:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing
4. Bugs fixed (https://bugzilla.redhat.com/):
2041540 - RHACM 2.4 using deprecated APIs in managed clusters
2074766 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes
2079418 - cluster update status is stuck, also update is not even visible
2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message
2089490 - Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2097464 - ACM Console Becomes Unusable After a Time
2100613 - RHACM 2.4.6 images
2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster
2102495 - ManagedClusters in Pending import state after ACM hub migration
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici
2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect
2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2
5. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: kernel-rt security and bug fix update
Advisory ID: RHSA-2022:6437-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6437
Issue date: 2022-09-13
CVE Names: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166
====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Real Time (v. 8) - x86_64
Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* Incomplete cleanup of multi-core shared buffers (aka SBDR)
(CVE-2022-21123)
* Incomplete cleanup of microarchitectural fill buffers (aka SBDS)
(CVE-2022-21125)
* Incomplete cleanup in specific special register write operations (aka
DRPW) (CVE-2022-21166)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* The latest RHEL 8.6.z3 kernel changes need to be merged into the RT
source tree to keep source parity between the two kernels. (BZ#2111112)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)
2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)
2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)
6. Package List:
Red Hat Enterprise Linux Real Time for NFV (v. 8):
Source:
kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm
x86_64:
kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
Red Hat Enterprise Linux Real Time (v. 8):
Source:
kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm
x86_64:
kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
kernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-21123
https://access.redhat.com/security/cve/CVE-2022-21125
https://access.redhat.com/security/cve/CVE-2022-21166
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYyCCBtzjgjWX9erEAQiMVxAAj4C0/6TQ/Wts6/PsnA7c4EJbxOzcjnSf
bdJSktu0TYTmpmiZI1tZ22LbABATshxGKqzz15bFGQlIE+wHSDxN8NF86XPmdNCF
Yqi8g2YZDLeKd02ggzE8ZOcjuSdkAT09qaTP9AusbQububoCFv/dR4v0UZ3+Mpk2
Bhe1VumtyZVHt4ps06dRVthVCt4HJdPEEOFmoCE4kg+ij6x626dvRuLWFbUclhHe
qg+5JOBLJx9UCMHMS5X7qrdySfLw6xrqX0QM18ElmCTtnfJ03FQjzw6j6F0gV17a
xGqDhJJbYby4Uhqe0eNPG5P01UW+8aWyXIxtpuG/uCJ0oC65j4yXpG136fuztx1a
R+7c2xYeuZ1qrNvYsJDecYtgDwlSuhWJ/S+snlYAgB4HJ6ouHPx2Y0SYu2Xznm/2
fNj5oV13UioCVvTptBU6dI6ByX8qalq0fIbt+lb5M23vu+zlpMs6b80u3pekC7uR
3PM9Udb59P9wIcwDlS1v9jSyO/4B3maCh6vtjpdGDBUIbbOSE5E9S7zTR4vHFzhI
ji5EcEHGpBz615xVGi/fSzudyR/2yjzqjazhkX5dYEZ5kOBtOOeAxTIgAQ3yhjt2
+ZFPoA9cSGTxR3AhZU+lnggpod97b8rD3IqCuz2PetsRoikUTQSIRiKBlp058FAt
/NJdeWcHmjI=t/FA
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
.
Bug Fix(es):
* sched/pelt: Fix attach_entity_load_avg() corner case (BZ#2105360)
* RHEL9[fleetwood][P9]:kdump fails to capture vmcore when crash is
triggered while running forkoff. (BZ#2109144)
* ISST-LTE:[P10 Everest] [5.14.0-70.9.1.el9_0.ppc64le] HPT:RHEL9.0:ecolp95:
lpar crashed at __list_del_entry_valid+0x90/0x100 and LPM failed
(BZ#2112823)
* [rhel9] livepatch panic: RIP: 0010:0xffffffffc0e070c4
seq_read_iter+0x124/0x4b0 (BZ#2122625)
* System crashes due to list_add double add at
iwl_mvm_mac_wake_tx_queue+0x71 (BZ#2123315)
* [Dell EMC 9.0 BUG] Any process performing I/O doesn't fail on degraded
LVM RAID and IO process hangs (BZ#2126215)
* [HPEMC RHEL 9.0 REGRESSION] net, e810, ice: not enough device MSI-X
vectors (BZ#2126491)
* RHEL9.0 - zfcp: fix missing auto port scan and thus missing target ports
(BZ#2127874)
* Enable check-kabi (BZ#2132372)
* Add symbols to stablelist (BZ#2132373)
* Update RHEL9.1 kabi tooling (BZ#2132380)
* kABI: Prepare the MM subsystem for kABI lockdown (BZ#2133464)
* [Dell Storage 9.1 BUG] NVME command hang during storage array node reboot
(BZ#2133553)
* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105
ex_handler_fprestore+0x3f/0x50 (BZ#2134589)
* crypto/testmgr.c should not list dh, ecdh-nist-p256, ecdh-nist-p384 as
.fips_allowed = 1 (BZ#2136523)
* FIPS self-tests for RSA pkcs7 signature verification (BZ#2136552)
* [ovs-tc] Bad length in dpctl/dump-flows (BZ#2137354)
* [RHEL9] s_pf0vf2: hw csum failure for mlx5 (BZ#2137355)
* kernel memory leak while freeing nested actions (BZ#2137356)
* ovs: backports from upstream (BZ#2137358)
* kernel should conform to FIPS-140-3 requirements (both parts)
(BZ#2139095)
* [DELL EMC 9.0-RT BUG] System is not booting into RT Kernel with perc12.
(BZ#2139214)
* Fix panic in nbd/004 test (BZ#2139535)
* Nested KVM is not working on RHEL 8.6 with hardware error 0x7
(BZ#2140141)
* [RHEL9] Practically limit "Dummy wait" workaround to old Intel systems
(BZ#2142169)
4. Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
5. ==========================================================================
Ubuntu Security Notice USN-5535-1
July 28, 2022
Intel Microcode vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Intel Microcode.
Software Description:
- intel-microcode: Processor microcode for Intel CPUs
Details:
Joseph Nuzman discovered that some Intel processors did not properly
initialise shared resources. A local attacker could use this to obtain
sensitive information. (CVE-2021-0145)
Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel
processors did not prevent test and debug logic from being activated at
runtime. A local attacker could use this to escalate
privileges. (CVE-2021-0146)
It was discovered that some Intel processors did not implement sufficient
control flow management. A local attacker could use this to cause a denial
of service (system crash). (CVE-2021-0127)
It was discovered that some Intel processors did not completely perform
cleanup actions on multi-core shared buffers. A local attacker could
possibly use this to expose sensitive information. (CVE-2022-21123,
CVE-2022-21127)
It was discovered that some Intel processors did not completely perform
cleanup actions on microarchitectural fill buffers. A local attacker could
possibly use this to expose sensitive information. (CVE-2022-21125)
Alysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that
some Intel processors improperly optimised security-critical code. A local
attacker could possibly use this to expose sensitive
information. (CVE-2022-21151)
It was discovered that some Intel processors did not properly perform
cleanup during specific special register write operations. A local attacker
could possibly use this to expose sensitive information. (CVE-2022-21166)
It was discovered that some Intel processors did not properly restrict
access in some situations. A local attacker could use this to obtain
sensitive information. (CVE-2021-33117)
Brandon Miller discovered that some Intel processors did not properly
restrict access in some situations. A local attacker could use this to
obtain sensitive information or a remote attacker could use this to
cause a denial of service (system crash). (CVE-2021-33120)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
intel-microcode 3.20220510.0ubuntu0.16.04.1+esm1
In general, a standard system update will make all the necessary changes
| VAR-202206-0840 | CVE-2022-32258 | Siemens SINEMA Remote Connect Server Security hole |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
| VAR-202206-1063 | CVE-2021-37182 | Vulnerability related to insufficient data integrity verification in multiple Siemens products |
CVSS V2: 4.3 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device. SCALANCE XM-408-4C firmware, scalance xm408-4c l3 firmware, SCALANCE XM-408-8C Multiple Siemens products such as firmware contain vulnerabilities related to insufficient data integrity verification.Service operation interruption (DoS) It may be in a state. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs)
| VAR-202206-0842 | CVE-2022-32252 | Siemens SINEMA Remote Connect Server Data forgery problem vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
| VAR-202206-0837 | CVE-2022-32259 | Siemens SINEMA Remote Connect Server Security hole |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
| VAR-202206-1244 | CVE-2022-31308 | WAVLINK AERIAL X 1200M Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function. WAVLINK AERIAL X 1200M is a WiFi extender from China WAVLINK company. The vulnerability is caused by improper authorization management on the live_mfg.shtml page
| VAR-202206-1079 | CVE-2022-21127 | Microsoft Windows Security hole |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统.
Microsoft Windows 存在安全漏洞,该漏洞源于 Intel 部分处理器存在安全问题。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 11 for x64-based Systems,Windows 11 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation). (CVE-2021-0127). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5178-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 06, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : intel-microcode
CVE ID : CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21151
CVE-2022-21166
Debian Bug : 1010947
This update ships updated CPU microcode for some types of Intel CPUs and
provides mitigations for security vulnerabilities.
CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166
Various researchers discovered flaws in Intel processors,
collectively referred to as MMIO Stale Data vulnerabilities, which
may result in information leak to local users.
For the oldstable distribution (buster), these problems have been fixed
in version 3.20220510.1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in
version 3.20220510.1~deb11u1.
We recommend that you upgrade your intel-microcode packages.
For the detailed security status of intel-microcode please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/intel-microcode
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmLFiNRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QsfQ/7BFnYhmBMr5u1iyXJY79QkOuBFij/I7N5doGb/5m/LTbUOKgHKlI3XKqr
NHbWZWQZVO7gexkZIdGSY2RnCtVS1oNkKxNzuFVxkPjbsRpJJBAyPqoY6JogDjhM
18jXAyZqB5tfZdGohiHBeVDsQwP5M3IPTdG2USoLOwcwd5+BK8ZgdrLrREDHo9mA
+VJU8fhGRpdminz5MR2NPenu5jgG2JVKAhFRC8ioy92umF/5c/C6wRAyQsRid4lZ
i+lzWAOQbUzvUGlomDrjqtSEn0fVQR2A0VoU+5AQnln8fODQmSLOHo/Ti00RuUUL
8WLfrKnfimXvTWnUeWKLCnHIRCbzLBfPa1EPbCagkD7XDkcYd+MWLm0C6RhUvBPN
p3U9AbWstO4z2RjldX1DYUVeCR5zQqBT6pAY6G14MqIvuqrAodi9p0jgjOchdCUZ
Hv4H6b0F7QusCZrj1onfe4//CG5AmN0D8E/QKCKNBplJmciVg2o/8R0hTfaKDK8v
NhUYBkEWnG0zUlo93Qkapqc00j5i7cbXKbzRV3zPa42WtypoS8yd/tftZ6y7yBpa
lHZOAVcfdDcN7jm9U9ZV3tVCCs3Cu5wb3ZYoYyhfEZBpEgCQ7YEEPQffTq9Y3LMN
4IUiKp8LINReMEEfV8My7PB2fX8dvti2lEQ/pJfAC/XKNoassd0=
=8N2y
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-5535-1
July 28, 2022
Intel Microcode vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Intel Microcode.
Software Description:
- intel-microcode: Processor microcode for Intel CPUs
Details:
Joseph Nuzman discovered that some Intel processors did not properly
initialise shared resources. A local attacker could use this to obtain
sensitive information. (CVE-2021-0145)
Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel
processors did not prevent test and debug logic from being activated at
runtime. A local attacker could use this to escalate
privileges. (CVE-2021-0146)
It was discovered that some Intel processors did not implement sufficient
control flow management. A local attacker could use this to cause a denial
of service (system crash). (CVE-2021-0127)
It was discovered that some Intel processors did not completely perform
cleanup actions on multi-core shared buffers. A local attacker could
possibly use this to expose sensitive information. (CVE-2022-21123,
CVE-2022-21127)
It was discovered that some Intel processors did not completely perform
cleanup actions on microarchitectural fill buffers. A local attacker could
possibly use this to expose sensitive information. (CVE-2022-21125)
Alysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that
some Intel processors improperly optimised security-critical code. A local
attacker could possibly use this to expose sensitive
information. A local attacker
could possibly use this to expose sensitive information. (CVE-2022-21166)
It was discovered that some Intel processors did not properly restrict
access in some situations. A local attacker could use this to obtain
sensitive information. (CVE-2021-33117)
Brandon Miller discovered that some Intel processors did not properly
restrict access in some situations. A local attacker could use this to
obtain sensitive information or a remote attacker could use this to
cause a denial of service (system crash). (CVE-2021-33120)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
intel-microcode 3.20220510.0ubuntu0.16.04.1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5535-1
CVE-2021-0127, CVE-2021-0145, CVE-2021-0146, CVE-2021-33117,
CVE-2021-33120, CVE-2022-21123, CVE-2022-21125, CVE-2022-21127,
CVE-2022-21151, CVE-2022-21166
| VAR-202206-0839 | CVE-2022-27221 | Siemens SINEMA Remote Connect Server Security feature vulnerability |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
| VAR-202206-0836 | CVE-2022-32261 | Siemens SINEMA Remote Connect Server Security hole |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
| VAR-202206-1187 | CVE-2022-30937 | Siemens EN100 Ethernet module Buffer error vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition
| VAR-202206-1110 | CVE-2022-31845 | WAVLINK WN535 G3 Information Disclosure Vulnerability (CNVD-2022-61034) |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. WAVLINK WN535 G3 is a wireless router from China WAVLINK company.
There is an information disclosure vulnerability in WAVLINK WN535 G3 M35G3R.V5030.180927. The vulnerability is caused by improper authorization management on the live_check.shtml page
| VAR-202206-1138 | CVE-2022-31311 | WAVLINK AERIAL X 1200M Command Injection Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request. WAVLINK AERIAL X 1200M is a WiFi extender from China WAVLINK company. An attacker can use this vulnerability to execute arbitrary commands
| VAR-202206-1219 | CVE-2022-27668 | plural SAP Fraudulent Authentication Vulnerability in Products |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. SAP NetWeaver AS ABAP , netweaver as abap krnl64nuc , netweaver as abap krnl64uc etc. multiple SAP The product contains an incorrect authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202206-0845 | CVE-2022-32254 | Siemens SINEMA Remote Connect Server Log information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants. Attackers can use this vulnerability to obtain sensitive information of users
| VAR-202206-0844 | CVE-2022-32253 | Siemens SINEMA Remote Connect Server Input validation error vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
| VAR-202206-0885 | CVE-2022-26476 | Siemens Spectrum Power Trust Management Issue Vulnerability |
CVSS V2: 5.4 CVSS V3: 8.8 Severity: HIGH |
A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges
| VAR-202206-0841 | CVE-2022-32262 | Siemens SINEMA Remote Connect Server Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
| VAR-202206-0974 | CVE-2022-31734 | Cisco Catalyst 2940 series Cross-site scripting vulnerability in Switch |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015. (CWE-79) Vulnerability exists. This vulnerability is 2011 Released in the year 12.2(50)SY Is being dealt with (Cisco bug id: CSCek36997) .. In addition, the product 2015 A year End-of-Support It has become. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer