Tag
#auth
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M241 / M251 / M258 / LMC058 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a denial-of-service and a loss of confidentiality and integrity in the controller. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that following Modicon PLCs are affected: Modicon Controllers M241: All versions Modicon Controllers M251: All versions Modicon Controllers M258: All versions Modicon Controllers LMC058: All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 An improper input validation vulnerability exists that could lead to a denial-of-service and a loss of confidentiality and integrity in the controller when an unauthenticated crafted Modbus packet is sent to the device. CVE-2024-11737 has been assigned to this vulnerability. A CVSS v3 base...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PowerMonitor 1000 Remote Vulnerabilities: Unprotected Alternate Channel, Heap-based Buffer Overflow, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform edit operations, create admin users, perform factory reset, execute arbitrary code, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the following versions of PowerMonitor 1000 Remote are affected: PM1k 1408-BC3A-485: Versions prior to 4.020 PM1k 1408-BC3A-ENT: Versions prior to 4.020 PM1k 1408-TS3A-485: Versions prior to 4.020 PM1k 1408-TS3A-ENT: Versions prior to 4.020 PM1k 1408-EM3A-485: Versions prior to 4.020 PM1k 1408-EM3A-ENT: Versions prior to 4.020 PM1k 1408-TR1A-485: Versions prior to 4.020 PM1k 1408-TR2A-485: Versions prior to 4.020 PM1k 1408-EM1A-485: Vers...
Experts say the catchall term for online fraud furthers harm against victims and could dissuade people from reporting attempts to bilk them out of their money.
Arctic Wolf plans to integrate Cylance's endpoint detection and response (EDR) technology into its extended detection and response (XDR) platform.
SUMMARY Cicada3301, a ransomware group, has claimed responsibility for a data breach targeting Concession Peugeot (concessions.peugeot.fr), a prominent…
Artificial intelligence capabilities are coming to a desktop near you — with Microsoft 365 Copilot, Google Gemini with Project Jarvis, and Apple Intelligence all arriving (or having arrived). But what are the risks?
While low-code/no-code tools can speed up application development, sometimes it's worth taking a slower approach for a safer product.
The sector must prioritize comprehensive data protection strategies to safeguard PII in an aggressive threat environment.
SUMMARY The Cl0p ransomware group has recently claimed responsibility for exploiting a critical vulnerability in Cleo’s managed file…
The `OVERWRITE` clause of the `DEFINE TABLE` statement would fail to overwrite data for tables that were defined with `TYPE RELATION`. Since table definitions include the `PERMISSIONS` clause, this failure would result in permissions not being overwritten as a result, which may potentially lead users to believe they have changed the table permissions when they have not. ### Impact If a user attempted to update table permissions of a table defined with `TYPE RELATION` using `DEFINE TABLE ... OVERWRITE`, permissions for the table would not be changed. This may allow a client that is authorized to run queries in a SurrealDB server to access certain data in that specific table that they were not intended to be able to access after the specified change in permissions. ### Patches The `DEFINE TABLE` statement has been updated to appropriately overwrite data for tables defined with `TYPE RELATION`. - Version 2.1.3 and later are not affected by this issue. ### Workarounds Users of table...