VARIoT IoT vulnerabilities database
VAR-201210-0491 | CVE-2012-0227 | ComponentOne FlexGrid ActiveX Control Buffer Overflow Vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method. OPC Systems.NET is a .NET product for SCADA, HMI. ComponentOne FlexGrid ActiveX Control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
ComponentOne FlexGrid 7.1 is vulnerable; other versions may also be affected
VAR-190001-0886 | No CVE | Toshiba e-Studio Device Password Information Disclosure Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Toshiba e-STUDIO is an all-in-one machine from Toshiba. Password information can be obtained from the HTML source code of various configuration pages, such as: http://IP Address/TopAccess/Administrator/Setup/ScanToFile/List.htm<td nowrap\">\"> Password <input ID=\342\200\235Password3\342\200\262\342\200\262 type = \"password\" value=\342\200\235Password1\342\200\235 onfocus=\342\200\235 if (this.disable) this.blur();\342\200\235 maxlength=\342\200\23532\342\200\235 Use these password information to access the file server, LDAP system, etc. Toshiba e-Studio Devices is prone to an information-disclosure vulnerability that exposes sensitive information.
Successful exploits will allow unauthenticated attackers to obtain sensitive information from the device, such as an administrative password, which may aid in further attacks
VAR-201210-0531 | CVE-2011-5217 | Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors. A security vulnerability exists in Hitachi JP1/ServerConductor/DeploymentManager that allows malicious users to obtain sensitive information. The DeploymentManager PXE Mtftp service has an input validation error. Hitachi JP1/ServerConductor/DeploymentManager is prone to a directory-traversal vulnerability. Other attacks may also be possible. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal
Vulnerability
SECUNIA ADVISORY ID:
SA47221
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47221/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47221
RELEASE DATE:
2011-12-15
DISCUSS ADVISORY:
http://secunia.com/advisories/47221/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47221/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47221
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Hitachi
JP1/ServerConductor/DeploymentManager, which can be exploited by
malicious people to disclose sensitive information.
SOLUTION:
Please see the vendor's advisory for fix information.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Hitachi (HS11-026):
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-026/index.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-190001-0488 | No CVE | Multiple IP Camera Products 'productmaker' Account Unauthorized Access Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Trendnet TV-IP422W, iPUX ICS1033, Digicom IP CAMERA 100W are IP camera products. These products include an undocumented account \"productmaker\" that uses the default password, which allows an attacker to access the WEB or Telnet interface and command injection attacks. Multiple IP cameras are prone to an unauthorized access vulnerability.
Successful exploits will allow a remote attacker to gain unauthorized access to the affected device
VAR-190001-1101 | No CVE | D-Link ShareCenter Product Remote Code Execution Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
D-Link ShareCenter is a network storage device. D-Link ShareCenter does not perform proper verification check on accessing existing CGI scripts (/cgi directory). Attackers can access the following resources to obtain the device model and firmware version: http://<device IP address>/cgi-bin/ Discovery.cgihttp://<device IP address>/cgi-bin/system_mgr.cgi?cmd=get_firm_v_xml Another undocumented feature allows arbitrary commands to be executed, such as: http://<device IP address>/cgi-bin/system_mgr .cgi?cmd=cgi_sms_test. D-Link ShareCenter products are prone to multiple remote code-execution vulnerabilities.
Successful exploits will result in the execution of arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
The following products are affected:
D-Link DNS-320 ShareCenter
D-Link DNS-325 ShareCenter
VAR-190001-1159 | No CVE | SEL-2032 Communications Processor Denial of Service Security Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
The SEL-2032 Communications Processor is a communications processor used by Schneider. The SEL-2032 Communications Processor SCADA remote terminal unit uses the plain text protocol for password verification. In addition, the attacker can crash the service program through telnet and port 1024/TCP. An attacker could exploit a vulnerability to perform a denial of service attack on a service or obtain sensitive information to bypass security restrictions. SEL-2032 Communications Processor is prone to a denial-of-service vulnerability and a security-bypass vulnerability.
Attackers can exploit these issues to perform denial-of-service attacks or gain unauthorized access to the affected device. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
SEL-2032 Communications Processor Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA47739
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47739/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47739
RELEASE DATE:
2012-01-23
DISCUSS ADVISORY:
http://secunia.com/advisories/47739/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47739/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47739
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in SEL-2032 Communications
Processor, which can be exploited by malicious people to cause a DoS
(Denial of Service).
The vulnerability is caused due to an unspecified error when
processing certain packets and can be exploited to crash the device.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Dillon Beresford via Digital Bond\x92s SCADA Security
Scientific Symposium (S4).
ORIGINAL ADVISORY:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-04.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201112-0343 | CVE-2011-4615 | Zabbix Multiple cross-site scripting vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php. Zabbix is a CS network distributed network monitoring system. The gname variable is not properly filtered when creating users and host groups. The following URL can cause persistent XSS attacks: URL: hostgroups.php usergrps.php Affected Parameters: gname Method: POST Injection: \"</options><script>alert( 'XSS')</script> Persists in: http://test/zabbix/hostgroups.php http://test/zabbix/users.php http://test/zabbix/hosts.php?form=update. ZABBIX is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, or control how the site is rendered to the user. Other attacks are also possible.
ZABBIX 1.8.5 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Zabbix Two Script Insertion Vulnerabilities
SECUNIA ADVISORY ID:
SA47216
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47216/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47216
RELEASE DATE:
2011-12-16
DISCUSS ADVISORY:
http://secunia.com/advisories/47216/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47216/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47216
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Zabbix, which can be
exploited by malicious users to conduct script insertion attacks.
Successful exploitation of this vulnerability requires access rights
to modify "host group" names.
2) Certain unspecified input to the profiler is not properly
sanitised before being used.
The vulnerabilities are reported in version 1.8.5.
SOLUTION:
Fixed in version 1.8.10rc.
PROVIDED AND/OR DISCOVERED BY:
1) Martina Matari within a Zabbix bug report.
2) Reported by the vendor.
ORIGINAL ADVISORY:
Zabbix:
http://www.zabbix.com/rn1.8.10rc1.php
https://support.zabbix.com/browse/ZBX-4015
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201112-0115 | CVE-2011-5027 | Zabbix Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler. Zabbix is a CS network distributed network monitoring system. The gname variable is not properly filtered when creating users and host groups. The following URL can cause persistent XSS attacks: URL: hostgroups.php usergrps.php Affected Parameters: gname Method: POST Injection: \"</options><script>alert( 'XSS')</script> Persists in: http://test/zabbix/hostgroups.php http://test/zabbix/users.php http://test/zabbix/hosts.php?form=update. ZABBIX is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, or control how the site is rendered to the user. Other attacks are also possible.
ZABBIX 1.8.5 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Zabbix Two Script Insertion Vulnerabilities
SECUNIA ADVISORY ID:
SA47216
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47216/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47216
RELEASE DATE:
2011-12-16
DISCUSS ADVISORY:
http://secunia.com/advisories/47216/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47216/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47216
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Zabbix, which can be
exploited by malicious users to conduct script insertion attacks.
Successful exploitation of this vulnerability requires access rights
to modify "host group" names.
2) Certain unspecified input to the profiler is not properly
sanitised before being used.
The vulnerabilities are reported in version 1.8.5.
SOLUTION:
Fixed in version 1.8.10rc.
PROVIDED AND/OR DISCOVERED BY:
1) Martina Matari within a Zabbix bug report.
2) Reported by the vendor.
ORIGINAL ADVISORY:
Zabbix:
http://www.zabbix.com/rn1.8.10rc1.php
https://support.zabbix.com/browse/ZBX-4015
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201112-0156 | CVE-2011-4033 | TeeChart ActiveX Control Buffer Overflow Denial of Service Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors. TeeChart Pro ActiveX is a full-featured graphical charting tool for business, science, engineering and statistics. TeeChart ActiveX control is prone to a remote denial-of-service vulnerability because of a buffer-overflow error.
Attackers can exploit this issue to crash an application using the vulnerable control, which causes a denial-of-service condition. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Schneider Electric Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA47046
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47046/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47046
RELEASE DATE:
2011-11-29
DISCUSS ADVISORY:
http://secunia.com/advisories/47046/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47046/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47046
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in multiple Schneider
Electric products, which can be exploited by malicious people to
conduct cross-site scripting attacks, disclose potentially sensitive
information, and compromise a user's system. No further information is currently
available.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
2) Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
3) Certain unspecified input passed to the web portal is not properly
verified before being used to read files and can be exploited to
disclose arbitrary files via directory traversal attacks.
The vulnerabilities are reported in the following products:
* Vijeo Historian version 4.30 and prior.
* CitectHistorian version 4.30 and prior.
* CitectSCADA Reports version 4.10 and prior.
SOLUTION:
Apply patches (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Kuang-Chun Hung, Security Research and Service
Institute Information and Communication Security Technology Center
(ICST) via ICS-CERT.
ORIGINAL ADVISORY:
Schneider Electric:
http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201112-0158 | CVE-2011-4035 | Schneider Electric Vijeo Historian Web Server Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vijeo Historian, CitectHistorian, and CitectSCADA Reports are prone to a cross-site-scripting vulnerability because they fail to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following applications are vulnerable:
Vijeo Historian V4.30 and earlier
CitectHistorian V4.30 and earlier
CitectSCADA Reports V4.10 and earlier. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Schneider Electric Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA47046
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47046/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47046
RELEASE DATE:
2011-11-29
DISCUSS ADVISORY:
http://secunia.com/advisories/47046/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47046/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47046
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in multiple Schneider
Electric products, which can be exploited by malicious people to
conduct cross-site scripting attacks, disclose potentially sensitive
information, and compromise a user's system.
1) Two errors in the TeeChart ActiveX control can be exploited to
cause buffer overflows. No further information is currently
available.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
2) Certain unspecified input is not properly sanitised before being
returned to the user.
3) Certain unspecified input passed to the web portal is not properly
verified before being used to read files and can be exploited to
disclose arbitrary files via directory traversal attacks.
* CitectHistorian version 4.30 and prior.
* CitectSCADA Reports version 4.10 and prior.
SOLUTION:
Apply patches (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Kuang-Chun Hung, Security Research and Service
Institute Information and Communication Security Technology Center
(ICST) via ICS-CERT.
ORIGINAL ADVISORY:
Schneider Electric:
http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201112-0157 | CVE-2011-4034 | Schneider Electric Buffer Overflow Vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. TeeChart Pro ActiveX is a full-featured graphical charting tool for business, science, engineering and statistics. TeeChart ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code within the context of the application using the vulnerable control. Failed exploit attempts will result in a denial-of-service condition. If the attack fails, it may lead to denial of service. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Schneider Electric Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA47046
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47046/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47046
RELEASE DATE:
2011-11-29
DISCUSS ADVISORY:
http://secunia.com/advisories/47046/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47046/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47046
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in multiple Schneider
Electric products, which can be exploited by malicious people to
conduct cross-site scripting attacks, disclose potentially sensitive
information, and compromise a user's system.
1) Two errors in the TeeChart ActiveX control can be exploited to
cause buffer overflows. No further information is currently
available.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
2) Certain unspecified input is not properly sanitised before being
returned to the user.
3) Certain unspecified input passed to the web portal is not properly
verified before being used to read files and can be exploited to
disclose arbitrary files via directory traversal attacks.
The vulnerabilities are reported in the following products:
* Vijeo Historian version 4.30 and prior.
* CitectHistorian version 4.30 and prior.
* CitectSCADA Reports version 4.10 and prior.
SOLUTION:
Apply patches (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Kuang-Chun Hung, Security Research and Service
Institute Information and Communication Security Technology Center
(ICST) via ICS-CERT.
ORIGINAL ADVISORY:
Schneider Electric:
http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201112-0159 | CVE-2011-4036 | Schneider Electric Vijeo Historian Web Server Unknown directory traversal vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. Vijeo Historian, CitectHistorian, and CitectSCADA Reports are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Information harvested may aid in launching further attacks.
The following applications are vulnerable:
Vijeo Historian V4.30 and earlier
CitectHistorian V4.30 and earlier
CitectSCADA Reports V4.10 and earlier. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Schneider Electric Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA47046
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47046/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47046
RELEASE DATE:
2011-11-29
DISCUSS ADVISORY:
http://secunia.com/advisories/47046/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47046/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47046
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in multiple Schneider
Electric products, which can be exploited by malicious people to
conduct cross-site scripting attacks, disclose potentially sensitive
information, and compromise a user's system.
1) Two errors in the TeeChart ActiveX control can be exploited to
cause buffer overflows. No further information is currently
available.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
2) Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
* CitectHistorian version 4.30 and prior.
* CitectSCADA Reports version 4.10 and prior.
SOLUTION:
Apply patches (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Kuang-Chun Hung, Security Research and Service
Institute Information and Communication Security Technology Center
(ICST) via ICS-CERT.
ORIGINAL ADVISORY:
Schneider Electric:
http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-190001-0079 | No CVE | Linksys WAG54GS Wireless Router Cross-Site Request Forgery Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The Linksys WAG54GS Wireless Router is a wireless router device. A cross-site request forgery vulnerability exists in the Linksys WAG54GS Wireless Router. Because the program fails to properly validate user-submitted requests, an attacker can build a malicious URI, trick the user into parsing, and run privileged commands on the device, such as changing the configuration, performing a denial of service attack, or injecting arbitrary script code. Other attacks are also possible.
Linksys WAG54GS running firmware 1.01.03 is vulnerable
VAR-201201-0266 | CVE-2011-4870 | Invensys Wonderware InBatch of ActiveX Control buffer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server and Runtime Clients, allow remote attackers to execute arbitrary code via a long string in a property value, a different issue than CVE-2011-3141. Invensys Wonderware InBatch Server and runtime client (1) GUIControls , (2) BatchObjSrv ,and (3) BatchSecCtrl ActiveX The control contains a buffer overflow vulnerability. This vulnerability CVE-2011-3141 Is a different vulnerability.A third party may execute arbitrary code through an excessively long string of property values. Multiple stack-based buffer overflow vulnerabilities exist in Invensys Wonderware inBatch. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application that uses ActiveX controls (usually Internet Explorer), which could result in a denial of service. Failed exploit attempts will result in a denial-of-service condition. Failure to do so may result in a denial of service
VAR-190001-0875 | No CVE | Advantech BroadWin WebAccess Remote code execution vulnerability |
CVSS V2: 7.0 CVSS V3: - Severity: HIGH |
Advantech BroadWin is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) house arrest. A security vulnerability exists in the WebAccess web service provided by Advantech BroadWin WebAccess software, which is used by remote attackers to submit arbitrary code or denial of service attacks by submitting a specially crafted RPC request to TCP port 4592 or 14592. Advantech BroadWin WebAccess is prone to a remote code-execution vulnerability because it fails to sufficiently validate user-supplied data.
Successful exploits will allow an attacker to run arbitrary code in the servers managed by the affected application. Failed attacks may cause denial-of-service conditions
VAR-190001-0219 | No CVE | Siemens SIMATIC S7-300 Hardcoded Certificate Security Bypass Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
A hard-coded certificate security bypass vulnerability exists in Siemens SIMATIC S7-300. A remote attacker could exploit the vulnerability to access an affected device
VAR-201107-0258 | CVE-2011-2958 | Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ecava IntegraXor is a human interface product that uses HTML and SVG. A cross-site scripting vulnerability exists in Ecava IntegraXor. Because the application lacks filtering of user-submitted data, an attacker exploits a vulnerability to steal cookie-based authentication credentials and execute arbitrary code in an uninformed user's browser in the context of the affected site. Ecava IntegraXor is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Ecava IntegraXor versions prior to 3.60.4080 are vulnerable. ----------------------------------------------------------------------
The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.
Read more and request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
IntegraXor Unspecified Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID:
SA44321
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44321/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44321
RELEASE DATE:
2011-08-03
DISCUSS ADVISORY:
http://secunia.com/advisories/44321/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/44321/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44321
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in IntegraXor, which can be
exploited by malicious people to conduct cross-site scripting
attacks.
Certain unspecified input is not properly sanitised before being
returned to the user.
SOLUTION:
Update to version 3.60 Build 4080.
PROVIDED AND/OR DISCOVERED BY:
An anonymous researcher via ICS CERT.
ORIGINAL ADVISORY:
IntegraXor:
http://www.integraxor.com/blog/security-issue-xss-vulnerability-note
ICS CERT (ICSA-11-147-02):
http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201112-0027 | CVE-2011-0291 | Research In Motion BlackBerry PlayBook Vulnerabilities that can be used to acquire privileges in tablet software |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
The BlackBerry PlayBook service on the Research In Motion (RIM) BlackBerry PlayBook tablet with software before 1.0.8.6067 allows local users to gain privileges via a crafted configuration file in a backup archive. The BlackBerry PlayBook Tablet is a tablet from BlackBerry. This service is used for file sharing on a tablet with a computer running BlackBerry desktop software via a USB connection. This vulnerability cannot be used by remote attackers, but can increase privileges.
Local attackers can exploit this issue to gain elevated privileges on affected tablets. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
BlackBerry Tablet OS File Sharing Service Security Bypass
Vulnerability
SECUNIA ADVISORY ID:
SA47132
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47132/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47132
RELEASE DATE:
2011-12-07
DISCUSS ADVISORY:
http://secunia.com/advisories/47132/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47132/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47132
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in BlackBerry Tablet OS, which can
be exploited by malicious, local users to bypass certain security
restrictions.
The vulnerability is caused due to an error in the File Sharing
service when processing a backup archive file of the file system.
The vulnerability is reported in versions 1.0.8.4985 and prior.
SOLUTION:
Update to version 1.0.8.6067.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://blackberry.com/btsc/KB29191
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-190001-1025 | No CVE | Portech MV-372 VoIP Gateway Multiple Security Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: - |
Portech MV-372 has a WEB management verification bypass vulnerability. An attacker submits a malicious POST request without having to verify the username and password of the changed device: POST http://<device address>/change.cgi HTTP/1.1Host: <device address >User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv: 5.0) Gecko/20100101Firefox/5.0Accept: text/html, application/xhtml+xml, application/xml; q=0.9,*/*;q= 0.8Accept-Language: hu-hu, hu; q=0.8, en-us; q=0.5, en; q=0.3Accept-Encoding: gzip, deflateAccept-Charset: ISO-8859-2, utf-8; q= 0.7,*;q=0.7Connection: keep-aliveReferer: http://192.168.0.100/change.htmContent-Type: application/x-www-form-urlencodedContent-Length: 50Nuser=admin&Npass=admin&Nrpass=admin&submit=Submit to save These username and password changes can be submitted as follows: POST http://<device address>/save.cgiHost: <device address>User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv: 5.0) Gecko/20100101Firefox /5.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: hu-hu,hu;q=0.8,en-us;q=0.5 ,en;q=0.3Accept-E Ncoding: gzip, deflateAccept-Charset: ISO-8859-2, utf-8; q=0.7, *; q=0.7Connection: keep-aliveReferer: http://192.168.0.100/save.htmContent-Type: application/x -www-form-urlencodedContent-Length: 11submit=Save. Portech MV-372 is a VoIP network management device. The Portech MV-372 Telnet service has a remote denial of service vulnerability. Providing a very long password such as 5000 characters can cause the telnet service to crash. You need to restart the device for normal functions. The Portech MV-372 VoIP Gateway is prone to multiple security vulnerabilities.
An attacker may leverage these issues to obtain potentially sensitive information, cause vulnerable devices to crash (resulting in a denial-of-service condition), or bypass certain security restrictions by sending a specially crafted HTTP POST request
VAR-201109-0120 | CVE-2011-3391 | Siemens SIMATIC WinCC Flexible Tag Simulator Remote Memory Corruption Vulnerability |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu. IBM Rational Build Forge is an automated process execution software that helps customers build, test and publish automated software. An information disclosure vulnerability exists in IBM Rational Build Forge that could allow an attacker to exploit sensitive information. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A memory corruption vulnerability exists in Siemens SIMATIC WinCC Flexible. Due to an unspecified error in the tag emulator, an attacker can cause memory corruption by opening a specially crafted file, and the exploit can successfully execute arbitrary code.
Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions.
The following versions are affected:
The following products are affected:
ProTool 6.0 SP3
WinCC flexible 2004
WinCC flexible 2005
WinCC flexible 2005 SP1
WinCC flexible 2007
WinCC flexible 2008
WinCC flexible 2008 SP1
WinCC flexible 2008 SP2. Successful exploitation of the vulnerability can execute arbitrary code. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing
Find out more, take a free test drive, and share your opinion with us:
http://secunia.com/blog/242
----------------------------------------------------------------------
TITLE:
Siemens SIMATIC WinCC Flexible Tag Simulator Memory Corruption
Vulnerability
SECUNIA ADVISORY ID:
SA45770
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45770/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45770
RELEASE DATE:
2011-09-01
DISCUSS ADVISORY:
http://secunia.com/advisories/45770/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45770/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45770
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Siemens SIMATIC WinCC Flexible,
which can be exploited by malicious people to compromise a user's
system.
The vulnerability are reported in versions 2005 SP1, 2007, 2008, 2008
SP1, and 2008 SP2.
SOLUTION:
Apply patches. Please see vendor's advisory for details.
PROVIDED AND/OR DISCOVERED BY:
Billy Rios and Terry McCorkle via ICS-CERT.
ORIGINAL ADVISORY:
Siemens:
http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=50182361
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-11-175-02.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
The security issue is caused due to the web application not checking
the "EditSecurity" permissions when performing certain actions. This
can be exploited to e.g. export a key file from the security
sub-menu