VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202206-0838 CVE-2022-32255 Siemens SINEMA Remote Connect Server Security hole CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
VAR-202206-1033 CVE-2022-31309 WAVLINK AERIAL X 1200M Information Disclosure Vulnerability (CNVD-2022-61032) CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function. WAVLINK AERIAL X 1200M is a WiFi extender from China WAVLINK company. The vulnerability originates from improper authorization management on the live_check.shtml page
VAR-202206-1186 CVE-2022-21125 Microsoft Windows Information disclosure vulnerability CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统. Microsoft Windows存在安全漏洞。该漏洞源于Intel处理器存在安全问题。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 11 for x64-based Systems,Windows 11 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation). 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. 7) - noarch, x86_64 3. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/ Security fixes: * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) * moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129) * nodejs16: CRLF injection in node-undici (CVE-2022-31150) * nodejs/undici: Cookie headers uncleared on cross-origin redirect (CVE-2022-31151) * vm2: Sandbox Escape in vm2 (CVE-2022-36067) Bug fixes: * RHACM 2.4 using deprecated APIs in managed clusters (BZ# 2041540) * vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes (BZ# 2074766) * cluster update status is stuck, also update is not even visible (BZ# 2079418) * Policy that creates cluster role is showing as not compliant due to Request entity too large message (BZ# 2088486) * Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster (BZ# 2089490) * ACM Console Becomes Unusable After a Time (BZ# 2097464) * RHACM 2.4.6 images (BZ# 2100613) * Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster (BZ# 2102436) * ManagedClusters in Pending import state after ACM hub migration (BZ# 2102495) 3. Solution: For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions on installing this update: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing 4. Bugs fixed (https://bugzilla.redhat.com/): 2041540 - RHACM 2.4 using deprecated APIs in managed clusters 2074766 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes 2079418 - cluster update status is stuck, also update is not even visible 2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message 2089490 - Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2097464 - ACM Console Becomes Unusable After a Time 2100613 - RHACM 2.4.6 images 2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster 2102495 - ManagedClusters in Pending import state after ACM hub migration 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici 2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel-rt security and bug fix update Advisory ID: RHSA-2022:6437-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6437 Issue date: 2022-09-13 CVE Names: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 ==================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Real Time (v. 8) - x86_64 Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123) * Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125) * Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * The latest RHEL 8.6.z3 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2111112) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) 2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) 2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW) 6. Package List: Red Hat Enterprise Linux Real Time for NFV (v. 8): Source: kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm x86_64: kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm Red Hat Enterprise Linux Real Time (v. 8): Source: kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm x86_64: kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-21123 https://access.redhat.com/security/cve/CVE-2022-21125 https://access.redhat.com/security/cve/CVE-2022-21166 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYyCCBtzjgjWX9erEAQiMVxAAj4C0/6TQ/Wts6/PsnA7c4EJbxOzcjnSf bdJSktu0TYTmpmiZI1tZ22LbABATshxGKqzz15bFGQlIE+wHSDxN8NF86XPmdNCF Yqi8g2YZDLeKd02ggzE8ZOcjuSdkAT09qaTP9AusbQububoCFv/dR4v0UZ3+Mpk2 Bhe1VumtyZVHt4ps06dRVthVCt4HJdPEEOFmoCE4kg+ij6x626dvRuLWFbUclhHe qg+5JOBLJx9UCMHMS5X7qrdySfLw6xrqX0QM18ElmCTtnfJ03FQjzw6j6F0gV17a xGqDhJJbYby4Uhqe0eNPG5P01UW+8aWyXIxtpuG/uCJ0oC65j4yXpG136fuztx1a R+7c2xYeuZ1qrNvYsJDecYtgDwlSuhWJ/S+snlYAgB4HJ6ouHPx2Y0SYu2Xznm/2 fNj5oV13UioCVvTptBU6dI6ByX8qalq0fIbt+lb5M23vu+zlpMs6b80u3pekC7uR 3PM9Udb59P9wIcwDlS1v9jSyO/4B3maCh6vtjpdGDBUIbbOSE5E9S7zTR4vHFzhI ji5EcEHGpBz615xVGi/fSzudyR/2yjzqjazhkX5dYEZ5kOBtOOeAxTIgAQ3yhjt2 +ZFPoA9cSGTxR3AhZU+lnggpod97b8rD3IqCuz2PetsRoikUTQSIRiKBlp058FAt /NJdeWcHmjI=t/FA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bug Fix(es): * sched/pelt: Fix attach_entity_load_avg() corner case (BZ#2105360) * RHEL9[fleetwood][P9]:kdump fails to capture vmcore when crash is triggered while running forkoff. (BZ#2109144) * ISST-LTE:[P10 Everest] [5.14.0-70.9.1.el9_0.ppc64le] HPT:RHEL9.0:ecolp95: lpar crashed at __list_del_entry_valid+0x90/0x100 and LPM failed (BZ#2112823) * [rhel9] livepatch panic: RIP: 0010:0xffffffffc0e070c4 seq_read_iter+0x124/0x4b0 (BZ#2122625) * System crashes due to list_add double add at iwl_mvm_mac_wake_tx_queue+0x71 (BZ#2123315) * [Dell EMC 9.0 BUG] Any process performing I/O doesn't fail on degraded LVM RAID and IO process hangs (BZ#2126215) * [HPEMC RHEL 9.0 REGRESSION] net, e810, ice: not enough device MSI-X vectors (BZ#2126491) * RHEL9.0 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127874) * Enable check-kabi (BZ#2132372) * Add symbols to stablelist (BZ#2132373) * Update RHEL9.1 kabi tooling (BZ#2132380) * kABI: Prepare the MM subsystem for kABI lockdown (BZ#2133464) * [Dell Storage 9.1 BUG] NVME command hang during storage array node reboot (BZ#2133553) * WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134589) * crypto/testmgr.c should not list dh, ecdh-nist-p256, ecdh-nist-p384 as .fips_allowed = 1 (BZ#2136523) * FIPS self-tests for RSA pkcs7 signature verification (BZ#2136552) * [ovs-tc] Bad length in dpctl/dump-flows (BZ#2137354) * [RHEL9] s_pf0vf2: hw csum failure for mlx5 (BZ#2137355) * kernel memory leak while freeing nested actions (BZ#2137356) * ovs: backports from upstream (BZ#2137358) * kernel should conform to FIPS-140-3 requirements (both parts) (BZ#2139095) * [DELL EMC 9.0-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139214) * Fix panic in nbd/004 test (BZ#2139535) * Nested KVM is not working on RHEL 8.6 with hardware error 0x7 (BZ#2140141) * [RHEL9] Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142169) 4. Bugs fixed (https://bugzilla.redhat.com/): 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5. ========================================================================== Ubuntu Security Notice USN-5535-1 July 28, 2022 Intel Microcode vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Intel Microcode. Software Description: - intel-microcode: Processor microcode for Intel CPUs Details: Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. (CVE-2021-0145) Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges. (CVE-2021-0146) It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-0127) It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123, CVE-2022-21127) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) Alysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that some Intel processors improperly optimised security-critical code. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21151) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) It was discovered that some Intel processors did not properly restrict access in some situations. A local attacker could use this to obtain sensitive information. (CVE-2021-33117) Brandon Miller discovered that some Intel processors did not properly restrict access in some situations. A local attacker could use this to obtain sensitive information or a remote attacker could use this to cause a denial of service (system crash). (CVE-2021-33120) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: intel-microcode 3.20220510.0ubuntu0.16.04.1+esm1 In general, a standard system update will make all the necessary changes
VAR-202206-0840 CVE-2022-32258 Siemens SINEMA Remote Connect Server Security hole CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
VAR-202206-1063 CVE-2021-37182 Vulnerability related to insufficient data integrity verification in multiple Siemens products CVSS V2: 4.3
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device. SCALANCE XM-408-4C firmware, scalance xm408-4c l3 firmware, SCALANCE XM-408-8C Multiple Siemens products such as firmware contain vulnerabilities related to insufficient data integrity verification.Service operation interruption (DoS) It may be in a state. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs)
VAR-202206-0842 CVE-2022-32252 Siemens SINEMA Remote Connect Server Data forgery problem vulnerability CVSS V2: 9.3
CVSS V3: 7.8
Severity: HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
VAR-202206-0837 CVE-2022-32259 Siemens SINEMA Remote Connect Server Security hole CVSS V2: 6.4
CVSS V3: 6.5
Severity: MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
VAR-202206-1244 CVE-2022-31308 WAVLINK AERIAL X 1200M Information Disclosure Vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function. WAVLINK AERIAL X 1200M is a WiFi extender from China WAVLINK company. The vulnerability is caused by improper authorization management on the live_mfg.shtml page
VAR-202206-1079 CVE-2022-21127 Microsoft Windows Security hole CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统. Microsoft Windows 存在安全漏洞,该漏洞源于 Intel 部分处理器存在安全问题。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 11 for x64-based Systems,Windows 11 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation). (CVE-2021-0127). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5178-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 06, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : intel-microcode CVE ID : CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21151 CVE-2022-21166 Debian Bug : 1010947 This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities. CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166 Various researchers discovered flaws in Intel processors, collectively referred to as MMIO Stale Data vulnerabilities, which may result in information leak to local users. For the oldstable distribution (buster), these problems have been fixed in version 3.20220510.1~deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 3.20220510.1~deb11u1. We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmLFiNRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QsfQ/7BFnYhmBMr5u1iyXJY79QkOuBFij/I7N5doGb/5m/LTbUOKgHKlI3XKqr NHbWZWQZVO7gexkZIdGSY2RnCtVS1oNkKxNzuFVxkPjbsRpJJBAyPqoY6JogDjhM 18jXAyZqB5tfZdGohiHBeVDsQwP5M3IPTdG2USoLOwcwd5+BK8ZgdrLrREDHo9mA +VJU8fhGRpdminz5MR2NPenu5jgG2JVKAhFRC8ioy92umF/5c/C6wRAyQsRid4lZ i+lzWAOQbUzvUGlomDrjqtSEn0fVQR2A0VoU+5AQnln8fODQmSLOHo/Ti00RuUUL 8WLfrKnfimXvTWnUeWKLCnHIRCbzLBfPa1EPbCagkD7XDkcYd+MWLm0C6RhUvBPN p3U9AbWstO4z2RjldX1DYUVeCR5zQqBT6pAY6G14MqIvuqrAodi9p0jgjOchdCUZ Hv4H6b0F7QusCZrj1onfe4//CG5AmN0D8E/QKCKNBplJmciVg2o/8R0hTfaKDK8v NhUYBkEWnG0zUlo93Qkapqc00j5i7cbXKbzRV3zPa42WtypoS8yd/tftZ6y7yBpa lHZOAVcfdDcN7jm9U9ZV3tVCCs3Cu5wb3ZYoYyhfEZBpEgCQ7YEEPQffTq9Y3LMN 4IUiKp8LINReMEEfV8My7PB2fX8dvti2lEQ/pJfAC/XKNoassd0= =8N2y -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5535-1 July 28, 2022 Intel Microcode vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Intel Microcode. Software Description: - intel-microcode: Processor microcode for Intel CPUs Details: Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. (CVE-2021-0145) Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges. (CVE-2021-0146) It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-0127) It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123, CVE-2022-21127) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) Alysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that some Intel processors improperly optimised security-critical code. A local attacker could possibly use this to expose sensitive information. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) It was discovered that some Intel processors did not properly restrict access in some situations. A local attacker could use this to obtain sensitive information. (CVE-2021-33117) Brandon Miller discovered that some Intel processors did not properly restrict access in some situations. A local attacker could use this to obtain sensitive information or a remote attacker could use this to cause a denial of service (system crash). (CVE-2021-33120) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: intel-microcode 3.20220510.0ubuntu0.16.04.1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5535-1 CVE-2021-0127, CVE-2021-0145, CVE-2021-0146, CVE-2021-33117, CVE-2021-33120, CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21151, CVE-2022-21166
VAR-202206-0839 CVE-2022-27221 Siemens SINEMA Remote Connect Server Security feature vulnerability CVSS V2: 4.3
CVSS V3: 5.9
Severity: MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
VAR-202206-0836 CVE-2022-32261 Siemens SINEMA Remote Connect Server Security hole CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
VAR-202206-1187 CVE-2022-30937 Siemens EN100 Ethernet module Buffer error vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition
VAR-202206-1110 CVE-2022-31845 WAVLINK WN535 G3 Information Disclosure Vulnerability (CNVD-2022-61034) CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. WAVLINK WN535 G3 is a wireless router from China WAVLINK company. There is an information disclosure vulnerability in WAVLINK WN535 G3 M35G3R.V5030.180927. The vulnerability is caused by improper authorization management on the live_check.shtml page
VAR-202206-1138 CVE-2022-31311 WAVLINK AERIAL X 1200M Command Injection Vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request. WAVLINK AERIAL X 1200M is a WiFi extender from China WAVLINK company. An attacker can use this vulnerability to execute arbitrary commands
VAR-202206-1219 CVE-2022-27668 plural  SAP  Fraudulent Authentication Vulnerability in Products CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. SAP NetWeaver AS ABAP , netweaver as abap krnl64nuc , netweaver as abap krnl64uc etc. multiple SAP The product contains an incorrect authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202206-0845 CVE-2022-32254 Siemens SINEMA Remote Connect Server Log information disclosure vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants. Attackers can use this vulnerability to obtain sensitive information of users
VAR-202206-0844 CVE-2022-32253 Siemens SINEMA Remote Connect Server Input validation error vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
VAR-202206-0885 CVE-2022-26476 Siemens Spectrum Power Trust Management Issue Vulnerability CVSS V2: 5.4
CVSS V3: 8.8
Severity: HIGH
A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges
VAR-202206-0841 CVE-2022-32262 Siemens SINEMA Remote Connect Server Command injection vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants
VAR-202206-0974 CVE-2022-31734 Cisco Catalyst 2940  series   Cross-site scripting vulnerability in Switch CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015. (CWE-79) Vulnerability exists. This vulnerability is 2011 Released in the year 12.2(50)SY Is being dealt with (Cisco bug id: CSCek36997) .. In addition, the product 2015 A year End-of-Support It has become. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer