SCALANCE XB205-3LD (SC, PN) Security Vulnerabilities

Siemens Multiple RTOS Integer Overflow or Wraparound (CVE-2020-35198)

An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.....

OCS Inventory NG 2.3.0.0 - Unquoted Service Path

...

OCS Inventory NG 2.3.0.0 - Unquoted Service Path Vulnerability

...

Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path

...

Wondershare Filmora 12.2.9.2233 - Unquoted Service Path

...

Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Vulnerability

...

Tenable SecurityCenter 5.22.0 / 5.23.1 / 6.0.0 Multiple Vulnerabilities (TNS-2023-18)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running 5.22.0 or 5.23.1 or 6.0.0 and and is therefore affected by multiple vulnerabilities in PHP prior to version 8.0.28 / 8.1.16 / 8.2.3: - In PHP 8.0.X before 8.0.28, 8.1.X before...

[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.22.0, 5.23.1, and 6.0.0: SC-202304.1

[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.22.0, 5.23.1, and 6.0.0: SC-202304.1 Arnie Cabral Mon, 04/24/2023 - 11:47 Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (PHP) was found to contain...

File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control

...

Katana - A Next-Generation Crawling And Spidering Framework

A next-generation crawling and spidering framework Features • Installation • Usage • Scope • Config • Filters • Join Discord Features...

Security Bulletin: Vulnerability in Apache Tomcat affects App Connect Professional.

Summary App Connect Professional have addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be...

AspEmail 5.6.0.2 Weak Permissions / Local Privilege Escalation

...

Nmap-API - Uses Python3.10, Debian, python-Nmap, And Flask Framework To Create A Nmap API That Can Do Scans With A Good Speed Online And Is Easy To Deploy

Uses python3.10, Debian, python-Nmap, and flask framework to create a Nmap API that can do scans with a good speed online and is easy to deploy. This is a implementation for our college PCL project which is still under development and constantly updating. API Reference Get all items GET...

Threat Source newsletter (April 13, 2023) — Dark web forum whac-a-mole

Welcome to this week's edition of the Threat Source newsletter. Law enforcement organizations across the globe notched a series of wins over the past few weeks against online forums for cybercriminals. On March 23, the FBI announced it disrupted the online cybercriminal marketplace BreachForums,...

Siemens SCALANCE X-200, X-200IRT, and X-300 Switch Families BadAlloc Vulnerabilities

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

File Replication Pro 7.5.0 Insecure Permissions / Privilege Escalation Vulnerabilities

File Replication Pro version 7.5.0 suffers from having insecure directory permissions that can allow a local attacker the ability to escalate...

Siemens SCALANCE and SIMATIC Uncontrolled Resource Consumption (CVE-2019-19301)

A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT,...

Siemens SCALANCE X Expected Behavior Violation (CVE-2019-6569)

The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime...

Siemens SCALANCE Products Improper Adherence to Coding Standards (CVE-2019-10927)

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a...

Siemens SCALANCE X Switches Protection Mechanism Failure (CVE-2019-13924)

A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-20...

Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA Improper Input Validation (CVE-2018-5391)

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation...

ESET Service 16.0.26.0 Unquoted Service Path

...

ESET Service 16.0.26.0 - (Service ekrn) Unquoted Service Path Vulnerability

...

ActFax 10.10 Unquoted Service Path

...

RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution

...

ActFax 10.10 - Unquoted Path Services Vulnerability

...

ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path

...

Wondershare Dr Fone 12.9.6 - Privilege Escalation

...

Wondershare Dr Fone 12.9.6 - Privilege Escalation Vulnerability

...

Industrial Control Links ScadaFlex II SCADA Controllers

EXECUTIVE SUMMARY **CVSS v3 9.1 ** ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Industrial Control Links Equipment: ScadaFlex II SCADA Controllers Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation...

Siemens SCALANCE and RUGGEDCOM Devices Stack-Based Buffer Overflow (CVE-2021-25667)

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All vers...

Splashtop 8.71.12001.0 Unquoted Service Path

...

HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path

...

Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path

...

Chromacam 4.0.3.0 Unquoted Service Path

...

Microsoft Exchange Active Directory Topology 15.02.1118.007 - Service MSExchangeADTopology Unquoted

...

Chromacam 4.0.3.0 - PsyFrameGrabberService Unquoted Service Path Vulnerability

...