Amazon cloud service acts quickly to close security hole in RDS

Internal AWS credentials swiped by researcher via SQL payload

An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.

    # Exploit Title: Vembu BDR 4.2.0.1 U1 - Multiple Unquoted Service Paths
    # Date: 2020-11-6
    # Exploit Author: Mohammed Alshehri
    # Vendor Homepage: https://www.vembu.com/
    # Software Link: https://sg-build-release.s3.amazonaws.com/BDRSuite/V420/4202020051312/Vembu_BDR_Backup_Server_Setup_4_2_0_1_U1_GA.exe
    # Version: Version 4.2.0.1 U1
    # Tested on: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763
    
    
    # Service info:
    C:\Users\m507>sc qc "hsflowd"
    [SC] QueryServiceConfig SUCCESS
    
    SERVICE_NAME: hsflowd
            TYPE               : 10  WIN32_OWN_PROCESS
            START_TYPE         : 2   AUTO_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Program Files\Vembu\VembuBDR\..\VembuBDR360Agent\bin\hsflowd.exe
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : Host_sFlow_Agent
            DEPENDENCIES       :
            SERVICE_START_NAME : LocalSystem
    
    C:\Users\m507>sc qc "VembuBDR360Agent"
    [SC] QueryServiceConfig SUCCESS
    
    SERVICE_NAME: VembuBDR360Agent
            TYPE               : 10  WIN32_OWN_PROCESS
            START_TYPE         : 2   AUTO_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Program Files\Vembu\VembuBDR\..\VembuBDR360Agent\bin\VembuBDR360Agent.exe
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : VembuBDR360Agent
            DEPENDENCIES       :
            SERVICE_START_NAME : LocalSystem
    
    C:\Users\m507>sc qc "VembuOffice365Agent"
    [SC] QueryServiceConfig SUCCESS
    
    SERVICE_NAME: VembuOffice365Agent
            TYPE               : 10  WIN32_OWN_PROCESS
            START_TYPE         : 2   AUTO_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Program Files\Vembu\VembuBDR\..\VembuOffice365Agent\bin\VembuOffice365Agent.exe
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : VembuOffice365Agent
            DEPENDENCIES       :
            SERVICE_START_NAME : LocalSystem
    
    C:\Users\m507>
    
    
    # Exploit:
    This vulnerability could permit executing code during startup or reboot with the escalated privileges.

CVE-2021-43458: Offensive Security’s Exploit Database Archive

CVE-2022-28378: cms/CHANGELOG.md at develop · craftcms/cms

The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.

Affected versions of Atlassian Fisheye and Crucible allow remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability in the DefaultRepositoryAdminService class.

When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information.

The affected versions are before version 4.8.9.  
 

**Affected versions:**

*   version < 4.8.9

**Fixed versions:**

*   4.8.9

CVE-2021-43954: [FE-7384] CVE-2021-43954: File and network resource enumeration via SSRF in DefaultRepositoryAdminService

An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition.

1.  You are here:
2.  » Industrial
3.  » Solutions
4.  » OPC and OPC UA

**OPC and OPC UA Solutions**

![](https://industrial.softing.com/fileadmin/_processed_/5/e/csm_01_Software_635x198_EN_7160f16fc8.jpg)

With a track record of more than 20 years of experience in OPC technology, Softing is your OPC partner. Softing offers a complete set of OPC Classic and OPC UA (Unified Architecture) products.  Softing's complete OPC portfolio provides a range of solutions from embedding connectivity into your OEM products to helping you solve PLC connectivity up to business enterprise systems.  Check out Softing's world leading OPC book.  Trust Softing with your OPC and OPC UA connnectivity needs.

**Products:**

OPC Products

Product Information

OPC Development Toolkits

OPC UA and OPC Classic Engineering Development Toolkits for OEMs

eATM OPC UA Server

OPC UA Server, in-chassis module for Rockwell ControlLogix PLC

 

 

echoCollect e

OPC UA gateway for over 50 PLC types, echoCollect e is a multi-protocol gateway including protocols such as MQTT and connectivity to SQL databases.  echoCollect e only connects to Ethernet PLCs.

echoCollect r/m

OPC UA gateway for over 50 PLC types, including serial addressable PLCs.  echoCollect r/m is a multi-protocol gateway including protocols such as MQTT and connectivity to SQL databases.  echocollect r/m connects to both Ethernet and Serial PLCs.

dataFEED OPC Suite

dataFEED OPC and OPC UA middleware (software acting as a bridge between databases and applications) and server solutions for connectivity

dataFEED edgeGate

OPC UA and MQTT gateway for Siemens PLCs and Modbus PLCs.  Supports connectivity to Microsoft Azure Connected Factory, Microsoft Azure IoT Hub, IBM Watson, Amazon AWS.

uaGate SI

OPC UA gateway for Siemens PLCs.  Checkout this article on uaGate SI.

uaGate MB

OPC UA gateway for Modbus PLCs

edgegate

OPC UA gateway for Siemens and Modbus PLCs

**OPC Training**

As a world leader in OPC applications, Softing offers education for OPC developers as well as OPC users.

**OPC Use Cases and References**

Read about the echocollect UA in a project implementation in a worldwide network of plants to realize seamless data exchange (PDF)

**OPC Software Trials**

Softing offers free trials with the complete functionality. Runtime is limited to 90 minutes. Under "Downloads" Technology "OPC", you will find the trial version for your desired OPC product.

**OPC Book**

From OPC Data Access to OPC Unified Architecture, the latest edition of the OPC Book provides an excellent overview of the fundamentals, implementation, and application of standardized data exchange via OPC. A key focus is on the new OPC generation – OPC UA – that allows for platform-independent data and information exchange. More information

**OPC Certification**

Independent Test Lab OPC Certification is the process of ensuring that applications meet the standards specified by the OPC Foundation. OPC Certification requires extensive testing to ensure true interoperability. OPC Certification means multi-vendor system interoperability is guaranteed. If your OPC products are not certified, you need to ask your vendor what sort of guarantees they offer.

CVE-2021-42262: OPC and OPC UA | Softing

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack.

Download PDF

> Abstract: We present Alexa versus Alexa (AvA), a novel attack that leverages audio files containing voice commands and audio reproduction methods in an offensive fashion, to gain control of Amazon Echo devices for a prolonged amount of time. AvA leverages the fact that Alexa running on an Echo device correctly interprets voice commands originated from audio files even when they are played by the device itself -- i.e., it leverages a command self-issue vulnerability. Hence, AvA removes the necessity of having a rogue speaker in proximity of the victim's Echo, a constraint that many attacks share. With AvA, an attacker can self-issue any permissible command to Echo, controlling it on behalf of the legitimate user. We have verified that, via AvA, attackers can control smart appliances within the household, buy unwanted items, tamper linked calendars and eavesdrop on the user. We also discovered two additional Echo vulnerabilities, which we call Full Volume and Break Tag Chain. The Full Volume increases the self-issue command recognition rate, by doubling it on average, hence allowing attackers to perform additional self-issue commands. Break Tag Chain increases the time a skill can run without user interaction, from eight seconds to more than one hour, hence enabling attackers to setup realistic social engineering scenarios. By exploiting these vulnerabilities, the adversary can self-issue commands that are correctly executed 99% of the times and can keep control of the device for a prolonged amount of time. We reported these vulnerabilities to Amazon via their vulnerability research program, who rated them with a Medium severity score. Finally, to assess limitations of AvA on a larger scale, we provide the results of a survey performed on a study group of 18 users, and we show that most of the limitations against AvA are hardly used in practice.

**Submission history**

From: Sergio Esposito \[view email\]  
**\[v1\]** Thu, 17 Feb 2022 12:05:09 UTC (596 KB)

CVE-2022-25809: Alexa versus Alexa: Controlling Smart Speakers by Self-Issuing Voice Commands

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.

CVE-2022-0564: Qlik Sense Enterprise on Windows Release notes - November 2021 Initial Release to Patch 16

Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.

*   Security Overview
*   Features
*   Practices
*   Compliance
*   Legal

**Your Computers, Network, and Data are Safe**

Splashtop has been committed to offering secure remote access solutions since 2006. Today, we power over 200K businesses and 30 million end users around the world, including large banks, law enforcement, government agencies, local governments, and government contractors.

With Splashtop remote access software, you can rest assured knowing your data is safe.

![Your Computers, Network, and Data are Safe](https://www.splashtop.com/wp-content/uploads/security-image.jpg)

![Standards and Compliance](https://www.splashtop.com/wp-content/uploads/standard-and-compliance-icon.svg)

Standards and Compliance

Splashtop remote access and remote support solutions comply with or support compliance with the industry and government standards and regulations that you adhere to. Splashtop is GDPR and SOC 2 compliant. Splashtop also supports HIPAA, FERPA, PCI, and many other industry compliances. Learn more about Splashtop compliance.

![Advanced Security Features](https://www.splashtop.com/wp-content/uploads/security-compliance-new.svg)

Advanced Security Features

Splashtop solutions are built to give IT full control over securing the data while giving users the flexibility to access it from anywhere. Features include two-factor authentication, multi-level password security, blank screen, screen auto-lock, session idle timeout, remote connection notification, logging, and much more! Learn more about Splashtop’s security features.

![Security Infrastructure](https://www.splashtop.com/wp-content/uploads/cloud.svg)

Security Infrastructure

Our Cloud infrastructure is hosted on Amazon Web Services (AWS) which provides a secure network and computing environment, including but not limited to firewalls at network, application and instance layer, data encryption, DDoS mitigation etc. Learn more about Splashtop’s security practices. Read the Splashtop Cloud Security White Paper.

![Intrusion Prevention](https://www.splashtop.com/wp-content/uploads/intrusion-protection-icon.svg)

Intrusion Prevention

We have intrusion detection and defense mechanisms for our production environment running 24×7. We have adopted industry best practices when building our Cloud application stacks to ensure security is enforced and instances are fortified. Learn more about Splashtop’s security practices.

![App Security](https://www.splashtop.com/wp-content/uploads/app-security-icon.svg)

App Security

On endpoint devices, we have multiple levels of security protection, including mandatory device authentication and optional two-factor-authentication and security code. All remote sessions are protected with TLS (including TLS 1.2) and 256-bit AES encryption. Learn more about Splashtop’s security practices.

![Endpoint Security](https://www.splashtop.com/wp-content/uploads/endpoint-security-icon.svg)

Endpoint Security

You can ensure that your managed endpoints are protected. View endpoint security protection status for Windows computers running Bitdefender, Windows Defender, Kaspersky, and more. Purchase, deploy and manage Bitdefender endpoint security technology through Splashtop Remote Support.

![Single Sign-On Integration (SSO)](https://www.splashtop.com/wp-content/uploads/single-sign-on-new.svg)

Single Sign-On Integration (SSO)

Take advantage of the Splashtop SSO integration to have your users authenticate their Splashtop account using a centralized SSO user ID and password. Support available for Okta, Azure AD, ADFS, JumpCloud, OneLogin, Workspace ONE, G-Suite, and TrustLogin. SSO is available in Splashtop Enterprise. Learn more about Splashtop SSO.

**Why Security is Our Priority**

Cybersecurity has become the biggest challenge faced by today’s IT professionals and MSPs. We take this seriously, which is why we’ve made security our top focus since day one. We work hard to ensure that our customers can trust our ability to protect their data and privacy.

That is why we invest millions every year to continually improve our infrastructure and security measures. We constantly scan our products to ensure their integrity, and we work with top-notch security firms to conduct audits regularly. We also formed our own Security Advisory Council to help guide Splashtop in achieving our rigorous security and compliance goals.

Security is something that is never ‘done’; it’s a constant effort to keep up with ever-evolving threats. We owe it to our current and future customers to do everything in our power to make Splashtop’s remote access and remote support offerings as secure as they can be.

**Security Feed**

Did you know that Splashtop hosts a security feed for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP? Check it out now and subscribe to receive email alerts so you can protect your business and your clients with security news as it comes. See the MSP & IT Security Feed.

Tuesday February 1, 2022

Wednesday January 26, 2022

Wednesday January 26, 2022

**Security Blogs**

Monday February 7, 2022

Monday January 31, 2022

Tuesday January 18, 2022

**Get Started with Splashtop**

Check out Splashtop’s remote access and remote support solutions for individuals, small teams, enterprises, IT, help desk, MSPs, and education! See all Splashtop Products and start a free trial now.

CVE-2021-42712: Remote Access Security | Splashtop

CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM.

CVE-2019-16864: CompleteFTP: CompleteFTP revision history

Improper isolation of shared resources in network on chip for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® 82599 Ethernet Series Advisory**

**Summary: **

Potential security vulnerabilities in the Intel® 82599 Ethernet Series Controllers and Adapters may allow denial of service.  Intel is releasing software updates and prescriptive guidance to address these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2021-33096

Description: Improper isolation of shared resources in network on chip for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2021-33061

Description: Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 6.5 MEDIUM

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

**Affected Products:**

All Intel® 82599 Ethernet Series Controllers and associated Adapters.

**Recommendations:**

Intel recommends following the steps below to address these issues.

For CVE-2021-33096:

1.  Download the prescriptive guidance found in this Application Note.
2.  Consult the Direct-Assignment Networking Fault Isolation in a Data Center Environment Prescriptive Guidance Addressing INTEL-SA-00571 Application Note. 

For CVE-2021-33061:

Update Intel® 82599 Ethernet Series Controllers and associated Adapters Kernel-mode Driver versions to 5.13.4 or higher.

Updates are available for download at this location:

https://sourceforge.net/projects/e1000/files/ixgbe%20stable/5.13.4/

**Acknowledgements:**

Intel would like to thank Asaf Modelevsky (Amazon Web Services) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

02/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#amazon