Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1552

ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user’s context through the deserialization of an untrusted configuration file. Two CVSS scores have been provided to capture the differences between the two aforementioned attack vectors.

Customers are advised to update to ToolboxST 7.10 which can be found in ControlST 7.10. If unable to update at this time customers should ensure they are following the guidance laid out in GE Gas Power’s Secure Deployment Guide (GEH-6839). Customers should ensure they are not running ToolboxST as an Administrative user.

CVE
Open in Source
#vulnerability#pdf#auth

%PDF-1.7 %���� 71 0 obj <> endobj xref 71 37 0000000016 00000 n 0000001428 00000 n 0000001572 00000 n 0000001614 00000 n 0000002009 00000 n 0000002197 00000 n 0000002362 00000 n 0000002535 00000 n 0000002702 00000 n 0000003942 00000 n 0000004771 00000 n 0000005693 00000 n 0000005830 00000 n 0000006733 00000 n 0000007766 00000 n 0000008820 00000 n 0000009000 00000 n 0000010158 00000 n 0000011006 00000 n 0000011057 00000 n 0000011108 00000 n 0000040483 00000 n 0000040735 00000 n 0000041061 00000 n 0000093856 00000 n 0000094091 00000 n 0000094493 00000 n 0000094562 00000 n 0000094814 00000 n 0000095148 00000 n 0000095312 00000 n 0000095339 00000 n 0000095634 00000 n 0000102110 00000 n 0000102369 00000 n 0000001261 00000 n 0000001036 00000 n trailer <<67983A6595B6B2110A00604828D4FC7F>]/Prev 110291/XRefStm 1261>> startxref 0 %%EOF 107 0 obj <>stream h�b``Pd``uf```�À ���������"30H30�30,d�b���ò�Y���!�9�� 3�L�lfS ��% ��)0\`,g���:���H2�`83�����>�f`��L L��3�~f�0��� endstream endobj 106 0 obj <>/Filter/FlateDecode/Index[5 66]/Length 20/Size 71/Type/XRef/W[1 1 1]>>stream h�bbbd`b``� �i�� endstream endobj 72 0 obj <>/Metadata 3 0 R/Pages 2 0 R/StructTreeRoot 5 0 R/Type/Catalog/ViewerPreferences 73 0 R>> endobj 73 0 obj <> endobj 74 0 obj <>/MediaBox[0 0 612 792]/Parent 2 0 R/Resources<>/Font<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI]>>/Rotate 0/StructParents 0/Tabs/S/Type/Page>> endobj 75 0 obj <>/BS<>/F 4/Rect[389.74 622.31 467.36 634.96]/StructParent 1/Subtype/Link>> endobj 76 0 obj <>/BS<>/F 4/Rect[357.07 144.92 520.23 157.57]/StructParent 2/Subtype/Link>> endobj 77 0 obj <> endobj 78 0 obj <> endobj 79 0 obj <>stream H��W�n�H}G����Z�/mK���,�Ʉ��h��EK�i�e�h�r��� <���Hv�է˧OU��v7��E4��ӧvW�h����g{�>?����=���$��4iOv�M��<�>fW���ٰL �B�a�����f��o,i6���F��f�g�>�.� p�Y���#X l6}��$`�-:t��Y�x��eK��4?�̀l����+�l6��-��KnoS:�$�^������Ԥ22Z.O��g����OMN�Ƶ|��>��p�i�5yL ��F��]��{�5Z>Yo�l_�"�=a�vɐ!!VO��m��ϔ��T���|�NS���a���6]��ў�3Zl�e�.w,ǡG����x�Ϣ�Q�FK� ��3<32�,4Ұ’�?=�Td��ڛ4��� �4>[�m �%�l��Q>�c�z�x@�Pc"v��`�8�q�.� q�/M���\��/Q�׏�]��z�X’�)� n��Ew%`���隣d�ʱ��V�Y�Vho�D4���� �~�={|����L4��i��,�v��’��|��.|5�h ���,+JEXW�X�Ѡ�PuZ�Z�%���t^��k9�Z�Y�h!��’_��F�U�4����[�% ��(���zz ��(AQ ij�+�P:�j���H �5=�\�&��>ٶO��`HJ|�CG�C�5��u4�}�>� '�+�’IP0U�<|@���tũ ��� \4�̐;’�_h�*�9��,r|+(����r0t������c$ݒQ���f���TKc�)�&�͔����o���������ƜKy���wx�� ,’Oc]�a�w�h�� G�Q�� ����m����˱����+ 3�G���F������k�2N ;����vL�s�I=�H�A�;�c�v�?^�����x�׻w!ڽ(��WE�s �S�z�]^US� �Q$�TQ���î��~

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE