#apache

The ABB BMS/BAS controller is vulnerable to code execution and sudo misconfiguration flaws. An authenticated remote code execution vulnerability in the firmware update mechanism allows an attacker with valid credentials to escalate privileges and execute commands as root. The process involves uploading a crafted .bsx file through projectUpdateBSXFileProcess.php, which is then moved to htmlroot and executed by projectUpdateBSXExecute.php. This script leverages sudo to run the uploaded bsx file, enabling the attacker to bypass input validation checks and execute arbitrary code, leading to full system compromise and unauthorized root access.

Multiple PHP and Java components across the system fail to properly sanitize user-supplied input before including it in application logs. In PHP, files like supervisorProxy.php directly embed values such as $_SERVER['REQUEST_URI'] and raw POST bodies into log messages without filtering, enabling attackers to inject arbitrary log entries using encoded newline characters. Similarly, Java classes using LoggerUtil.logger.* methods concatenate user-controlled strings like usernames and cookie keys into logs without validation. This systemic flaw allows for log forging, manipulating log content to obfuscate activity, insert misleading entries, or facilitate follow-up attacks.

ABB Cylon Aspect MIX's NTPServlet allows NTP config changes via the Host: 127.0.0.1 bypass, writing attacker-controlled hosts to NTPTickers and syncing the system clock. A malicious NTP server can manipulate time, enabling DoS or time-based attacks.

ABB Cylon Aspect BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate from localhost, granting unauthorized access to privileged operations. This bypass grants access to privileged functionality, including the HTTPDownloadServlet, which is vulnerable to directory traversal. By leveraging this, an attacker can delete arbitrary PHP files outside the intended directory scope.

The ABB Cylon Aspect BAS controller allows login using guest:guest, which initiates a web session but restricts access to administrative features by returning an 'Invalid Admin Username and/or Password' message. However, the session is still active and valid within the HMI environment. Despite failed privilege validation in the login flow, direct navigation to /setup.php bypasses authentication and authorization controls entirely. This endpoint serves as the administrative dashboard and allows full configuration access, including the ability to change credentials for the privileged aamuser account. This flaw results in privilege escalation from a limited guest session to full administrative control, compromising the integrity of the system.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 95057C-FTHTWXCT11 Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to launch XXE-based attacks on applications that accept malicious log4net configuration files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation FactoryTalk Historian ThingWorx are affected: 95057C-FTHTWXCT11: Versions v4.02.00 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. CVE-2018-1285 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has...

In their article on post-quantum cryptography, Emily Fox and Simo Sorce explained how Red Hat is integrating post-quantum cryptography (PQC) into our products. PQC protects confidentiality, integrity and authenticity of communication and data against quantum computers, which will make attacks on existing classic cryptographic algorithms such as RSA and elliptic curves feasible. Cryptographically relevant quantum computers (CRQCs) are not known to exist yet, but continued advances in research point to a future risk of successful attacks. While the migration to algorithms resistant against such

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and 1.3.4, which fix the issue.

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue.