Headline

CVE-2022-30694

A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.19), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.

2 years ago

CVE

Open in Source

#vulnerability #web #js #pdf #auth

%PDF-1.5 %�� 153 0 obj << /Length 2552 /Filter /FlateDecode >> stream x��Z[S��~�W�Q�:s��!p*[K��&��}��\1�ײ��7�Ƭ ��F����f7��s�spt�x��\g��Pb�ΌsD1�u��׼=(�Q�:��7��u��1(��4O]��4�b:��{��rp�9��A!��G1�e��Ь�g�d�g��]&� J ��Y��4U]�dz�҄Z�I��2&��a�&��N�w�1��L��^�]��qf+�Hj6��4%T�e�e9ݬ+�#��m��1٠=g��)�&��0�V�?i_�5�x�U�P��Que[U�b�e<+z��x�n��h�v1BpG��k�&#�0�Z3bФ�dD[��a[�-g�=ۨ8�)��ۢAs� v’́k�2��b#��i�[K��A{g��f�%�h�� .��e+|Y��?p]�@JL�v��h%�C9^�u+��u|ӄzi �;��um�;�鍺C�\��V�h܄Æ)0��D�d��0%GX��z}N+�ɉm�a?Yw�w��F�p�F�B�c�:��l:��x �]�g O��F��v��^��jـ��h��M+�!F;�b+�B&�C�7��a� �݇�x�,�J�s��!c��9 7�KU �n9�c�&�8Jƞu2�N�Q��e�i��1Z2��/��q_��8� ,��w�"��+`��5QO��)�qa��L(t��BuZ��eK��~��&*5Q��J��Y��;��Ɩ�*=�r��hq��6�� I�& C(��k�HD�~z’��e�돋�ZK5��O��ƩBX�׻-z-��2 "$��|��c��~��(��Dۻs�ࣙaT��ٔo��;�u{��`%�2��{�z#��&Pt��Kv�Fm>/�Dxy�M��e�h��<,��y��rx��x�h=�W !M�dB��E�ė ��+��C��K/��nhH�0,�~잇L��[�xo!B�C��~<��T �;�W��wP��ϣ?N��]��f�X�z� U�*e4/��9�� r5�A �t�L�I7��N��yZT�k��hKvྜ��7Jy/��Y��;�v>�D�� *$/�,�BŦ|YRv�C��G�<��x��’6֫��7�K��)��z��,q\l�r�#�f)�8>;;=�~h�<�{<;1�}�X�dj�5�Y�6��e ��ť��W’�v��y��-$p ��F K��O ~��.js��[I�/��2�j�?�z��SX=��LQ��P�N�w��)�A�=��n-��&x�B��Ϊ`xV�1��&[�\:��"�M��9�K�<-��)X��ў I�*?�D�j{��#

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago