#auth

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations. This is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10. This issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11. Operators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. Operators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC Vulnerability: Incorrect Calculation of Buffer Size 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service of the product when an unauthenticated user sends a crafted HTTPS packet to the webserver. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC are affected: Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety): Versions prior to SV4.30 Modicon M580 CPU Safety (part numbers BMEP58-S and BMEH58-S): Versions prior to SV4.21 BMENOR2200H: All versions EVLink Pro AC: Versions prior to v1.3.10 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT CALCULATION OF BUFFER SIZE CWE-131 The affected product is vulnerable to an incorrect calculation of buffer size vulnerability which could cause a...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-more EA9 HMI Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or achieve remote code execution on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Automation Direct products are affected: C-more EA9 HMI EA9-T6CL: v6.79 and prior C-more EA9 HMI EA9-T7CL-R: v6.79 and prior C-more EA9 HMI EA9-T7CL: v6.79 and prior C-more EA9 HMI EA9-T8CL: v6.79 and prior C-more EA9 HMI EA9-T10CL: v6.79 and prior C-more EA9 HMI EA9-T10WCL: v6.79 and prior C-more EA9 HMI EA9-T12CL: v6.79 and prior C-more EA9 HMI EA9-T15CL-R: v6.79 and prior C-more EA9 HMI EA9-T15CL: v6.79 and prior C-more EA9 HMI EA9-RHMI: v6.79 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 Buffer Copy without Checking S...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and BMXNOE0100/0110, BMXNOR0200H Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could cause information disclosure of a restricted web page, modification of a web page, and a denial of service when specific web pages are modified and restricted functions invoked. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Schneider Electric products, Modicon M340 and BMXNOE0100/0110, BMXNOR0200H, are affected: Modicon M340 processors (part numbers BMXP34*): All versions BMXNOE0100: All versions BMXNOE0110: All versions BMXNOR0200H: Versions prior to SV1.70IR26 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200 The affected products are vulnerable to an exposure of sensitive information to an unauthorized ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Web Designer for Modicon Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure, workstation integrity and potential remote code execution on the compromised computer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Web Designer for Modicon are affected: Web Designer for BMXNOR0200H: All versions Web Designer for BMXNOE0110(H): All versions Web Designer for BMENOC0311(C): All versions Web Designer for BMENOC0321(C): All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 The affected product is vulnerable to an improper restriction of XML external entity reference vulnerability that could cause information disclosure, impacts to workstation integrity, and potential remote code execution...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX and Remote HMI Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow man-in-the-middle attacks, resulting in information disclosure, integrity issues, and operational failures. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Pro-face GP-Pro EX and Remote HMI are affected: Pro-face GP-Pro EX: All versions Pro-face Remote HMI: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER ENFORCEMENT OF MESSAGE INTEGRITY DURING TRANSMISSION IN A COMMUNICATION CHANNEL CWE-924 The affected products are vulnerable to an improper enforcement of message integrity during transmission in a communication channel vulnerability that could cause partial loss of confidentiality, loss of integrity, and availability of the HMI when at...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Elber Equipment: Communications Equipment Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Hidden Functionality 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized administrative access to the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Elber Communications Equipment are affected: Signum DVB-S/S2 IRD: Versions 1.999 and prior Cleber/3 Broadcast Multi-Purpose Platform: Version 1.0 Reble610 M/ODU XPIC IP-ASI-SDH: Version 0.01 ESE DVB-S/S2 Satellite Receiver: Versions 1.5.179 and prior Wayber Analog/Digital Audio STL: Version 4 3.2 VULNERABILITY OVERVIEW 3.2.1 Authentication Bypass Using an Alternate Path or Channel CWE-288 Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Western Telematic Inc Equipment: NPS Series, DSM Series, CPM Series Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to gain privileged access to files on the device's filesystem. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Western Telematic Inc products are affected: Network Power Switch (NPS Series): Firmware Version 6.62 and prior Console Server (DSM Series): Firmware Version 6.62 and prior Console Server + PDU Combo Unit (CPM Series): Firmware Version 6.62 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 External Control of File Name or Path CWE-73 Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a Local File Inclusion Attack (LFI), where any authenticated user has privileged access to files on the device's filesystem. CVE-2025-...

An investigation into more than 300 cyberattacks against US K–12 schools over the past five years shows how schools can withhold crucial details from students and parents whose data was stolen.