Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability.

L’**Offensive Security Team** di **Swascan** ha identificato **5 vulnerabilità** sul prodotto **Sme.UP ERP**.

**Sme.UP ERP**

**Sme.UP** è una realtà che nasce dalla messa a fattor comune delle competenze delle aziende che ne fanno parte per garantire assistenza e supporto alle imprese che intendono costruire sistemi informativi integrati, flessibili, evolutivi e adatti alla crescita.

**Descrizione del prodotto**

**Sme.UP ERP** è il software gestionale sviluppato interamente da Sme.UP per rispondere alle esigenze dei clienti. La logica applicativa con cui smeup erp è costruito consente di realizzare **installazioni complete o dipartimentali**, flessibili, personalizzate e veloci in assenza di programmazione e dunque anche implementazioni graduali e successive in organizzazioni complesse vengono facilitate.

**Technical summary**

L’Offensive Security Team di Swascan ha rilevato alcune vulnerabilità su: **Sme.UP ERP** versione **TOKYO V6R1M220406**

**Vulnerability**

**CVSSv3.1**

**Attack Vector**

**OS Command Injection** **(autenticato)** \[2 occorrenze\]

**9.9 Critical**

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

**Esposizione di informazioni sensibili**

**8.6 High**

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

**Arbitrary File Download via Path Traversal (non autenticato)**

**8.2 High**

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

**Arbitrary File Download via Path Traversal** **(autenticato)**

**7.1 High**

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

**Arbitrary File Upload** **(autenticato)**

**6.3 Medium**

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

Nella sezione seguente vengono mostrati i dettagli tecnici delle vulnerabilità rilevate.

**OS Command Injection (autenticato) CVE-2023-26759****Descrizione**

Il componente Loocup è vulnerabile ad attacchi di tipo OS Command Injection da parte di utenti autenticati.

Un potenziale attaccante sarà in grado di eseguire comandi sul sistema operativo target con il livello di privilegio con cui è in esecuzione il programma effettuando delle chiamate ai servizi esposti **/debug** e **/XMLService**.

Per ottenere questo tipo di risultato, l’attaccante dovrà ottenere prima un codice di connessione valido o essere in possesso della password di accesso al sistema AS/400.

**Proof of Concept**

Si mostrano di seguito le evidenze della vulnerabilità e di come sia stato possibile eseguire un comando locale alla macchina, come ad esempio una reverse shell precedentemente caricata sfruttando un’altra vulnerabilità presente nella stessa applicazione:

Evidenza 1  OS Command Injection tramite servizio /XMLService

Allo stesso modo è possibile eseguire funzioni del backend e quindi comandi di sistema con la servlet /debug nella parte di esecuzione funzione.

Un potenziale attaccante potrebbe sfruttare questa vulnerabilità per ottenere una shell sulla macchina target o uploadare ed eseguire dei malware.

**Riferimenti**

https://owasp.org/www-community/attacks/Command\_Injection  
https://cwe.mitre.org/data/definitions/78.html  
https://owasp.org/Top10/A03\_2021-Injection/  
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/OS\_Command\_Injection\_Defense\_Cheat\_Sheet.md

**Esposizione di Informazioni sensibili****Descrizione**

Sfruttando questa vulnerabilità un potenziale attaccante potrebbe avere accesso, in maniera non autenticata, ad informazioni quali credenziali di accesso al sistema AS/400 e credenziali presenti eventualmente nelle variabili di sistema.

**Proof of Concept**

Si riporta di seguito come sia stato possibile accedere ad informazioni sensibili tramite il link esposto:

Evidenza 2 Accesso a https://X.X.X.X/debug

Tale pagina dà accesso a informazioni e funzioni riservate, tra cui le credenziali in chiaro del sistema AS/400.

Tali informazioni hanno permesso l’accesso al sistema AS/400 e l’ottenimento di una sessione autenticata che è stata utilizzata per abusare di altre funzionalità del servizio esposto quali ad esempio la lettura di file locali del server o la scrittura di file potenzialmente dannosi sul server.

**Riferimenti **

https://cwe.mitre.org/data/definitions/200.html  
https://owasp.org/Top10/A01\_2021-Broken\_Access\_Control/  

**Arbitrary File Download via Path Traversal (non autenticato) CVE-2023-26758****Descrizione**

La vulnerabilità Path Traversal consente l’accesso a file presenti nel sistema operativo che risiedono al di fuori della web root dell’applicazione. Manipolando le variabili che richiedono i file, attraverso l’uso dei caratteri “../” o  “..\\” è possibile accedere arbitrariamente ai file e/o cartelle contenuti nel sistema operativo come il codice sorgente dell’applicazione o file sensibili che risiedono nella macchina.

**Assets**

*   https://X.X.X.X/ResourceService

**Proof of Concept**

Le richieste HTTP POST verso l’URL **https://X.X.X.X/ResourceService** consentono tramite il parametro **customer**, permettendo di accedere a qualsiasi file del sistema operativo a cui si ha permesso di lettura.

Di seguito vengono mostrate le evidenze di come è possibile leggere il contenuto di file sensibili impostando dei percorsi relativi:

Evidenza 3 – Richiesta del file win.ini di windows

Evidenza 4 – File win.ini

**Riferimenti**

https://cwe.mitre.org/data/definitions/23.html

https://owasp.org/Top10/A01\_2021-Broken\_Access\_Control/

https://owasp.org/www-community/attacks/Path\_Traversal

**Arbitrary File Download via Path Traversal (autenticato) CVE-2023-26760****Descrizione**

La vulnerabilità Path Traversal consente l’accesso a file presenti nel sistema operativo che risiedono al di fuori della web root dell’applicazione. Manipolando le variabili che richiedono i file, attraverso l’uso dei caratteri “../” o  “..\\” è possibile accedere arbitrariamente ai file e/o cartelle contenuti nel sistema operativo come il codice sorgente dell’applicazione o file sensibili che risiedono nella macchina.

**Assets**

*   https://X.X.X.X/debug   

**Proof of Concept**

Le richieste HTTP POST verso l’URL **https://****X.X.X.X/debug** consente tramite il parametro **filepath** di accedere a qualsiasi file del sistema operativo a cui si ha permesso di lettura.

Di seguito vengono mostrate le evidenze di come è possibile leggere il contenuto di file sensibili impostando dei percorsi relativi:

Evidenza 5 – Richiesta del file hosts di windows

Evidenza 6 – File hosts locale

**Riferimenti**

https://cwe.mitre.org/data/definitions/23.html  
https://owasp.org/Top10/A01\_2021-Broken\_Access\_Control/  
https://owasp.org/www-community/attacks/Path\_Traversal

**Arbitrary File Upload (autenticato) CVE-2023-26762****Descrizione**

L’applicazione risulta vulnerabile ad Arbitrary File Upload.

Ciò può consentire ad un attaccante che abbia a disposizione utente e password del servizio, di effettuare l’upload di file malevoli per l’esecuzione di codice arbitrario o di una shell attraverso la quale potrebbe eseguire comandi arbitrari sul server remoto. A seguito di ciò, l’attaccante potrebbe altresì effettuare ricerca di credenziali, movimenti laterali all’interno dell’infrastruttura, oppure semplicemente creare disservizi (DoS) caricando file di grandi dimensioni.

Per sfruttare questa vulnerabilità, l’attaccante dovrà superare eventuali controlli come Anti-Virus o End-Point Protection, ed occorrerà l’intervento di un utente per l’esecuzione del file o eventualmente concatenando altre vulnerabilità per innescarne l’esecuzione.

**Assets**

*   https://X.X.X.X/UploadService

**Proof of Concept**

La servlet esposta **/UploadService** permette l’upload di files con qualsiasi estensione.

Evidenza 7 Upload di file con qualsiasi estensione

Evidenza 8 Upload effettuato

E’ stato possibile accedere al file caricato e sfruttare tale vulnerabilità per eseguire comandi tramite webshell concatenando altre vulnerabilità rilevate in questo Advisory.

**Remediation**

Si consiglia di effettuare l’aggiornamento all’ultima versione contattando il vendor.

**Riferimenti**

https://www.oracle.com/java/technologies/javase/seccodeguide.html

https://cwe.mitre.org/data/definitions/434.html

https://cheatsheetseries.owasp.org/cheatsheets/DotNet\_Security\_Cheat\_Sheet.html

https://owasp.org/Top10/it/A04\_2021-Insecure\_Design/

**Disclosure Timeline**

*   27-05-2022: Vulnerabilità identificata
*   27-05-2022: Vendor contattato via email (1° tentativo)
*   07-05-2022: Vendor contattato via email (2° tentativo)
*   01-07-2022: Vendor contattato telefonicamente, invio del Security Advisory
*   21-10-2022: Il Vendor dichiara di aver fixato la vulnerabilità
*   07-02-2023: Swascan pubblica la vulnerabilità

CVE-2023-26762: Security Advisory: Sme.UP ERP (CVE-2023-26758/ CVE-2023-26759/ CVE-2023-26760/ CVE-2023-26762)

File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows attackers to execute arbitrary code.

Il team Offensive Security di Swascan ha identificato una vulnerabilità nel framework **Instant Developer** **RD3 < 22.5 r23**. 

La vulnerabilità interessa tutti gli applicativi sviluppati con il framework RD3 nelle versioni inferiori a quella indicata. 

****_Instant Developer_** **

_Instant Developer_ è una famiglia di piattaforme ad alta produttività per lo sviluppo di applicazioni multicanale e multipiattaforma progettata per risolvere i problemi che affliggono maggiormente i professionisti dello sviluppo software_._ 

****Technical summary** **

L’Offensive Security Team di Swascan ha trovato un importante vulnerabilità su:  

**Assets** 

**Vulnerability** 

**CVSS** 

**Severity** 

**Instant Developer RD3 Framework < 22.5 r23**

Arbitrary File Upload 

**9.8** 

**Critical** 

Nella seguente sezione vengono riportati i dettagli tecnici su questa vulnerabilità, comprese le evidenze e un proof-of-concept. Questa vulnerabilità può interessare tutti i clienti che utilizzano il software per sviluppare le proprie Webapp. 

**Dettaglio Vulnerabilità** 

**Framework RD3 – Arbitrary file upload** 

CWE-434: _Unrestricted File Upload_  

CVSSv3.1 Base Score: **9.8**  

CVSSv3.1 Base Vector:        AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 

OWASP Top10 2021:          A04 – Insecure Design 

**_Descrizione_** 

La vulnerabilità è stata individuata nella libreria “full.js” del framework RD3 di InstantDeveloper. 

Ciò può consentire ad un attaccante di effettuare l’upload di file malevoli per l’esecuzione di codice arbitrario o di una shell attraverso la quale potrebbe eseguire comandi arbitrari sul server remoto. A seguito di ciò, l’attaccante potrebbe altresì effettuare ricerca di credenziali, movimenti laterali all’interno dell’infrastruttura, oppure semplicemente creare disservizi (DoS) caricando file di grandi dimensioni. 

La vulnerabilità interessa tutti gli applicativi sviluppati con il framework RD3 nelle versioni inferiori alla 22.5 r23. 

**_Assets_** 

*   https://<TARGET>/<cartella applicazione>/<file applicazione>.aspx/?WCI=IWFiles&WCE=&SESSIONID=\[cookie Sessione\] 

**_Proof of Concept_** 

La vulnerabilità è stata individuata analizzando il file full.js dove è presente una porzione di codice relativa che riguarda l’upload di file. Ciò ha permesso di trovare l’entrypoint per creare il comando di upload. 

Di seguito viene riportata la porzione di codice sopra citata: 

**Evidenza** **1** **Codice sorgente full.js** 

Si mostra di seguito come sia stato possibile, sfruttando quanto descritto in precedenza, caricare sul server una reverse shell.  

Per ottenere tale risultato è stato edeguito il seguente comando 

curl -kis -F “\[email protected\]<FILE MALEVOLO>.aspx” -H “Cookie: ASP.NET\_SessionId=<CODICE SESSIONE>” -A Chrome https://<TARGET>/<cartella applicazione>/<file applicazione>.aspx /?WCI=IWFiles&WCE=&SESSIONID=<CODICE SESSIONE> 

Tale processo è descritto dalle seguenti evidenze: 

**Evidenza 2 Upload reverse shell** 

Di seguito viene mostrata la shell interattiva sul server: 

**Evidenza 3 Reverse shell interattiva sul server target** 

**_Remediation_** 

Ricompilare l’applicazione con l’ultima versione del framework 22.5 r23. 

**_Riferimenti_** 

*   https://cwe.mitre.org/data/definitions/434.html 
*   https://owasp.org/Top10/it/A04\_2021-Insecure\_Design/ 
*   https://docs.microsoft.com/it-it/dotnet/standard/security/secure-coding-guidelines 
*   https://cheatsheetseries.owasp.org/cheatsheets/DotNet\_Security\_Cheat\_Sheet.html 
*   https://doc.instantdeveloper.com/ 

****Considerazioni del Vendor** **

Durante il processo di Responsible Disclosure il vendo ha fornito le seguenti considerazioni per meglio specificare alcuni aspetti della vulnerabilità e della conseguente remediation: 

1) Per sfruttare la vulnerabilità era necessario conoscere il SessionID di una sessione utente che avesse effettuato il login (utente autenticato). Solo avendo accesso al browser dove era in esecuzione una sessione autenticata era possibile ottenere un SessionID valido. 

2) Se il programmatore non ha rimosso l’autenticazione dalla propria applicazione il sistema non permette l’upload di file in sessioni non autenticate (dalla versione 20.5). E’ compito del programmatore verificare le credenziali utente e autorizzare l’accesso all’applicazione solo quando è stato correttamente identificato (tramite username/password). 

3) A partire dalla versione 22.0 nella cartella TEMP dell’applicazione è stato inserito un apposito file che non permette l’esecuzione di file arbitrari. Il programmatore, che usa l’ambiente di sviluppo, non deve rimuovere tale file e deve correttamente installarlo nell’applicazione quando questa viene installata in produzione. 

4) Quando viene eseguito l’upload di un file da una sessione autenticata è compito del programmatore decidere se tale file è corretto o meno. Lo può fare implementando l’evento OnFileUpload nel quale può decidere se accettare o meno l’upload. Qualora l’upload sia rifiutato dal programmatore il file viene immediatamente rimosso dal disco. 

5) Pro Gamma fornisce un ambiente di sviluppo general purpose ed è compito del programmatore sviluppare l’applicazione e configurare il web server quando la stessa è resa disponibile su internet. 

3.  **Disclosure Timeline** 

*   25-07-2022: Vulnerabilità scoperta 

*   24-08-2022: Swascan contatta il vendor (1° tentativo, senza risposta) 
*   29-08-2022: Swascan richiede il CVE-ID  al mitre 
*   07-09-2022: Swascan contatta il vendor (2° tentativo, con risposta) 
*   15-09-2022: Swascan condivide il report con il vendor  
*   23-01-2023: Il vendor rilascia la versione 22.5 r23 
*   15-02-2023: Il mitre rilascia il CVE-ID CVE-2022-39983

CVE-2022-39983: ​​Vulnerability Report - Instant Developer RD3 (CVE-2022-39983)

Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVE(s)**

**Description**

**More Information**

CVE-2023-24575

Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

See NVD (http://nvd.nist.gov/) for additional details

**Proprietary Code CVE(s)**

**Description**

**More Information**

CVE-2023-24575

Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

See NVD (http://nvd.nist.gov/) for additional details

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Affected Version(s)**

**Updated Version(s)**

**Link to Update**

Dell Multifunction Printer E525w Driver and Software Suite

Versions prior to 1.047.2022, A05

Dell Multifunction Printer E525w Driver and Software Suite 1.047.2022, A05

Dell Multifunction Printer E525w Driver and Software

**Product**

**Affected Version(s)**

**Updated Version(s)**

**Link to Update**

Dell Multifunction Printer E525w Driver and Software Suite

Versions prior to 1.047.2022, A05

Dell Multifunction Printer E525w Driver and Software Suite 1.047.2022, A05

Dell Multifunction Printer E525w Driver and Software

**Keinoja ongelman kiertämiseen tai lieventämiseen**

None.

**Kiitokset**

**CVE-2023-24575**: Dell Technologies would like to thank Joel Cobbs for reporting this issue.   
 

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2023-02-15

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

15 helmik. 2023

CVE-2023-24575: DSA-2023-043: Dell Multifunction Printer E525w Security Update for a Privilege Escalation Vulnerability

Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

Artikkelin numero: 000208462

**DSA-2023-020: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities****Yhteenveto: Dell Secure Connect Gateway contains remediation for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.**

**Artikkelin sisältö**

**Vaikutus**

High

**Tiedot**

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen****Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2023-02-15

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

**Artikkelin ominaisuudet**

**Tuote, johon asia vaikuttaa**

Secure Connect Gateway, Product Security Information, Secure Connect Gateway - Virtual Edition

**Edellinen julkaisupäivä**

16 helmik. 2023

**Versio**

2

**Artikkelin tyyppi**

Dell Security Advisory

CVE-2023-23695: DSA-2023-020: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

**REDWOOD CITY, Calif.****,** **Feb. 16, 2023** **/PRNewswire/ --** According to a recently published report from Dell'Oro Group, the trusted source for market information about the telecommunications, security, networks, and data center industries, the modernization of networking and security for enterprise branches and hybrid workers is expected to drive the total SASE revenue to surpass $60 B between 2022 and 2027.  The report further divides the total SASE market along its two components, Security Service Edge (SSE) and SD-WAN, and details how the strong demand for security is expected to fuel SSE revenue to double between 2022 and 2027.

"The last three years of the pandemic, and the subsequent need to modernize enterprise branches and address hybrid work needs, have fueled great interest in SASE as evidenced by the total SASE market to double in size to over $6 B in 2022," said Mauricio Sanchez, Research Director, Network Security, and SASE & SD-WAN at Dell'Oro Group. "While angst about the macroeconomic environment is starting to lead to some belt-tightening, we expect growth in SASE to continue unabated and double again by 2027," added Sanchez.

Additional highlights from SASE and SD-WAN 5-Year Forecast Report:

*   SD-WAN and SSE revenues are expected to see a double-digit compounded annual growth rate (CAGR) over the 2022 to 2027 timeframe.
*   Unified SASE revenue is anticipated to grow 5X by 2027.

**About the Report**

Dell'Oro Group SASE and SD-WAN 5-year forecast report offers a complete industry overview with tables covering SASE by technology (SSE versus SD-WAN) and by the implementation (unified versus disaggregated) as far back as 2019. SSE has further segmented across SWG, CASB, ZTNA, and FWaaS technologies. In addition, the report provides historical data as far back as 1995, covering revenue, port/unit shipment, and average selling prices for access routers. To purchase this report, please contact us at \[email protected\].

**About Dell'Oro Group**

Dell'Oro Group is a market research firm that specializes in strategic competitive analysis in the telecommunications, enterprise networks, data center infrastructure, and network security markets. Our firm provides in-depth quantitative data and qualitative analysis to facilitate critical, fact-based business decisions.  For more information, contact Dell'Oro Group at +1.650.622.9400 or visit www.delloro.com.

SOURCE Dell'Oro Group

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

SASE Market to Exceed Over $60B Between 2022 and 2027, According to Dell'Oro Group

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild.
The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month.
Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are

Patch Tuesday / Software Updates

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild.

The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month.

Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are classified as remote code execution (RCE) flaws. The three zero-days of note that have been exploited are as follows -

*   **CVE-2023-21715** (CVSS score: 7.3) - Microsoft Office Security Feature Bypass Vulnerability
*   **CVE-2023-21823** (CVSS score: 7.8) - Windows Graphics Component Elevation of Privilege Vulnerability
*   **CVE-2023-23376** (CVSS score: 7.8) - Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability

"The attack itself is carried out locally by a user with authentication to the targeted system," Microsoft said in advisory for CVE-2023-21715.

"An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer."

Successful exploitation of the above flaws could enable an adversary to bypass Office macro policies used to block untrusted or malicious files or gain SYSTEM privileges.

CVE-2023-23376 is also the third actively exploited zero-day flaw in the CLFS component after CVE-2022-24521 and CVE-2022-37969 (CVSS scores: 7.8), which were addressed by Microsoft in April and September 2022.

"The Windows Common Log File System Driver is a component of the Windows operating system that manages and maintains a high-performance, transaction-based log file system," Immersive Labs' Nikolas Cemerikic said.

"It is an essential component of the Windows operating system, and any vulnerabilities in this driver could have significant implications for the security and reliability of the system."

It's worth noting that Microsoft OneNote for Android is vulnerable to CVE-2023-21823, and with the note-taking service increasingly emerging as a conduit for delivering malware, it's crucial that users apply the fixes.

Also addressed by Microsoft are multiple RCE defects in Exchange Server, ODBC Driver, PostScript Printer Driver, and SQL Server as well as denial-of-service (DoS) issues impacting Windows iSCSI Service and Windows Secure Channel.

Three of the Exchange Server flaws are classified by the company as "Exploitation More Likely," although successful exploitation requires the attacker to be already authenticated.

Exchange servers have proven to be high-value targets in recent years as they can enable unauthorized access to sensitive information, or facilitate Business Email Compromise (BEC) attacks.

**Software Patches from Other Vendors**

Besides Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —

*   Adobe
*   AMD
*   Android
*   Apple
*   Atlassian
*   Cisco
*   Citrix
*   CODESYS
*   Dell
*   Drupal
*   F5
*   GitLab
*   Google Chrome
*   HP
*   IBM
*   Intel
*   Juniper Networks
*   Lenovo
*   Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
*   MediaTek
*   Mozilla Firefox, Firefox ESR, and Thunderbird
*   NETGEAR
*   NVIDIA
*   Palo Alto Networks
*   Qualcomm
*   Samba
*   Samsung
*   SAP
*   Schneider Electric
*   Siemens
*   Sophos
*   Synology
*   Trend Micro
*   VMware
*   Zoho, and
*   Zyxel

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities

Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

**Vaikutus**

Critical

**Tiedot**

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Products**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Unity Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers

Dell UnityVSA Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

Dell Unity XT Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

**Products**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Unity Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers

Dell UnityVSA Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

Dell Unity XT Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

**Versiohistoria**

**Revision**

**Date**

**More Informatio**n

 

 

1.0

2022-04-29

Initial Release

 

 

2.0

2023-02-14

Added CVE-2022-22564 to Details Section.

 

 

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Dell EMC Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600

Product Security Information, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC UnityVSA (Virtual Storage Appliance)

14 helmik. 2023

CVE-2022-22564: DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

**ARLINGTON, Va.****,** **Feb. 14, 2023** **/PRNewswire/ --** ThreatConnect, maker of leading threat intelligence operations (TI Ops) and risk quantification solutions, announced today the company's accelerated growth through 2022 and market leading position heading into 2023.

"With a tumultuous year marked by geopolitical and economic uncertainty that increased pressure on CISOs and their teams to improve security effectiveness and efficiency, ThreatConnect had a tremendous year in both new customer acquisition and product innovation," said Balaji Yelamanchili, CEO of ThreatConnect. "As we enter 2023, we're positioned to continue delivering market leading product innovation that enables our customers and partners to manage efficient TI Ops with quantifiable risk mitigation strategies."

**Customer & Revenue Growth** 

*   Substantial double-digit growth in new logo and expansion business, including some of the world's largest technology, financial services, healthcare, governmental, and cyber security organizations choosing ThreatConnect for their TI Ops and risk quantification initiatives.
*   Expanded risk quantification and TI Ops deployments with three of the top five software companies in the world, 12 global financial services organizations, and 33 other large enterprise customers.
*   Now serving nearly 200 global customers, including five of the top 10 software companies in the world, three of the top five airlines, three of the top five pharmaceutical companies, two of the top five insurance providers, and more than 10 defense and federal agencies.

**Threat Intelligence Operations Innovation**

The company's product and engineering teams delivered a variety of new features that enable cyber threat intelligence (CTI) teams to more efficiently investigate and create intelligence, and work with security operations (SecOps) teams to consume and operationalize threat intelligence.  These new features are designed to deliver better security outcomes in terms of mean time to detect (MTTD) and mean time to resolve (MTTR) potential threats and incidents, and drive efficiencies across teams and tools.

**Specific Innovations:** 

ThreatConnect made many useful product enhancements, including:

*   ThreatConnect's Collective Analytics Layer (CAL™), powered by Big Data and Machine Learning, increased its volume of data by 25% versus prior year to over 176 billion points of data used for scoring potential indicators of compromise (IOCs), providing insights for investigations, and categorizing relationships between indicators, threat actors, malware, and campaigns. By merging anonymized insights from ThreatConnect users with this massive data set creates the ability to have better confidence scoring and enrichment on potential IOCs that very few other players in the market can claim.
*   Natural Language Processing (NLP) capabilities to recognize MITRE ATT&CK® techniques by extracting insights from open source blogs, research, and other sources. This enables customers to get faster insights on relevant threats they are investigating.
*   Highly intuitive graph investigation capability that incorporates the customer's threat intelligence and internal case & investigation data, with insights from CAL's Automated Threat Library, including threat actors, campaigns, and ATT&CK techniques, and a growing number of third-party intelligence and enrichment sources.
*   A new reporting engine that makes it easy to create and disseminate threat intelligence reports with graphs, tables, images, and narrative descriptions.
*   New Enrich Anywhere capability automates the addition of context to indicators of compromise, allowing users to easily identify false positives and pinpoint actionable intelligence.  
*   Streamline the work of the SOC by infusing relevant threat intelligence directly into every step of their case workflow, and allowing for relevant artifacts and findings to be promoted for validation as threat intelligence by the CTI team.
*   Measure the work being done by the team with case and analyst efficiency metrics.
*   Stronger multi-tenant management of clients for MSSP and multi-tiered organizations with the introduction of Super Admin Users who can answer RFI's or work alongside analysts in other organizations without leaving their ThreatConnect instance.

**Risk Quantification Break Out Year**

*   Significant double digit annual sales growth, including new customers in healthcare, finance and manufacturing.
*   Launched technology alliance and go-to-market partnership with SecurityScorecard, resulting in 14 net new customers.
*   New go-to-market partnership with 3 of the top global software vendors.

**Industry recognition**

Winner of multiple industry accolades, including the Global Infosec Awards, Cybersecurity Excellence Award, and the top 100 most Innovative Cybersecurity companies by Expert Insights.

**Experienced Leadership and Board Advisors**

In 2022, the company added seasoned cybersecurity operators to its executive ranks with cybersecurity veterans. Balaji Yelamanchili, previously EVP and General Manager of Symantec's Enterprise Security business, joined the company as Chief Executive Officer.  Burney Barker, a veteran of Forescout, Gigamon, and Dell EMC, joined the company as Chief Revenue Officer.  In the Chief Marketing Officer role, Charles Gold joined the company, bringing more than 25 years of executive experience at category leaders including Sonatype, Virtru, and FireMon.

The company also added an elite group of enterprise cybersecurity leaders as Board Advisors.  This esteemed group includes Colin Anderson, current CISO at Ceridian and former CISO at Safeway and Levi Straus, Myrna Soto former CISO at MGM and Comcast and current Board member at Spirit Airlines and Trinet, and Patrick Joyce, CISO at Medtronic.  They will advise the company's Board and executive team on strategic product and go-to-market matters.

"Enterprises are transforming  their approach to security operations to support their move to the cloud and the digital economy while at the same time addressing a growing threat landscape and emerging threats like ransomware,"  said Yelamanchili.   "Our TI Ops and risk quantification solutions are critical to these initiatives and, given our momentum in 2022 and near term product roadmap, I couldn't be more excited about this coming year."

**About ThreatConnect**

ThreatConnect enables threat intelligence operations, security operations, and cyber risk management teams to work together for more effective, efficient, and collaborative cyber defense and protection. With ThreatConnect, organizations can infuse ML and AI-powered threat intel and cyber risk quantification into their work, allowing them to orchestrate and automate processes to get the necessary insights, and respond faster and more confidently than ever before. More than 200 enterprises and thousands of security operations professionals rely on ThreatConnect every day to protect their organizations' most critical assets.

ThreatConnect Closes 2022 with Accelerated Growth in Threat Intelligence Operations (TI Ops)

A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.

*   Aktuelles
*   Academy
*   Karriere
*   Downloads

*   Über uns
    
    *   Philosophie
    *   Presse
        *   Pressekontakt
    *   Kundenmagazin
    *   E-Mail-Service von B&R
        *   Aktuell
    *   Standorte
    *   Kontakt
    *   Impressum
    *   AGB
        *   International
        *   Italy
        *   Belgium
        *   Sweden
        *   Switzerland
        *   GTC India
    *   Produkt-Lifecycle
    *   Datenschutzmitteilungen
        *   Mitarbeiter
        *   Auftragnehmer
        *   Lieferanten
        *   Kunden
        *   Besucher
        *   Event management
        *   Bewerber
        *   Externe Öffentlichkeitsarbeit
        *   Website, Cookies und Links
    
*   Branchen
    
    *   Additive Fertigung
        *   Technologievorteile
        *   Lifecycle-Management
        *   Automatisierte Nachbearbeitung
        *   Automatisierungspartner
        *   Referenzen
    *   Automobil
        *   Maschinen und Linien
        *   B&R hat die richtige Lösung für...
    *   Batterie
    *   Druck
    *   Energie
        *   BHKW und KWK
        *   Konventionelle Kraftwerke
        *   Solarenergie
        *   Wellen- und Gezeitenkraftwerke
        *   Windenergie
        *   Öl und Gas
    *   Halbleiter / Elektronik
    *   Kunststoff
        *   Automatisierungslösungen für die Kunststoffindustrie
        *   Referenzen
        *   Applikationsberichte
    *   Maritim & Offshore
    *   Medical Device Assembly
    *   Metallverarbeitung
        *   Referenzen
    *   Mobile Automation
    *   Nahrungsmittel & Getränke
        *   Technologielösungen
        *   Prozessoptimierung
        *   Sicherheit & Qualität
        *   Service & Support
    *   Textil
        *   Maschinen und Prozesse
        *   B&R hat die richtige Lösung für...
        *   Referenzen
    *   Umwelt- und Recyclingtechnik
    *   Verpackung
        *   Referenzen
    
*   Technologie
    
    *   Adaptive Manufacturing
        *   Schlüsseltechnologien der adaptiven Fertigung
        *   Adaptive Fertigungslösungen
    *   exOS
        *   Kundenvorteile
        *   Anwendungsbeispiele - exOS in der Praxis
        *   Lösungsportfolio für jeden Anwendungsfall
        *   Integrierte Funktionen
    *   Industrial IoT
        *   IIoT-Lösungen
    *   mapp Technology
    *   OPC UA
        *   OPC UA over TSN
        *   FAQs zu OPC UA over TSN
        *   Geschichte
        *   B&R-Lösungen mit OPC UA
        *   B&R-Lösungen mit OPC UA over TSN
    *   openSAFETY
    *   POWERLINK
    *   reACTION Technology
        *   Programmierung in IEC 61131-3
        *   Anwendungsbeispiele
    *   Redundanz
    *   Sicherheitstechnik
    
*   Produkte
    
    *   Industrie PCs
        *   Automation PC 3100
        *   Automation PC 3100 mobile
        *   Automation PC 2200
        *   Automation PC 2100
        *   Automation PC 910
        *   Panel PC 3100 Multitouch
        *   Panel PC 3100 Singletouch
        *   Panel PC 2200 Multitouch
        *   Panel PC 2200 Singletouch
        *   Panel PC 2100 Multitouch
        *   Panel PC 2100 Singletouch
        *   Panel PC 1200
        *   Panel PC 900 Multitouch
        *   Panel PC 900 Singletouch
        *   Panel PC 2200 (AP5000) Tragarm Multitouch
        *   Panel PC 2200 (AP5000) Tragarm Singletouch
        *   Panel PC 2100 (AP5000) Tragarm Multitouch
        *   Panel PC 2100 (AP5000) Tragarm Singletouch
        *   Panel PC Hygienedesign Edelstahl
        *   Panel PC Hygienedesign Edelstahl, Tragarm
        *   Smart Display Link 3
        *   Smart Display Link 4
    *   Visualisieren und Bedienen
        *   Automation Panel 5000 Tragarm Multitouch
        *   Automation Panel 5000 Tragarm Singletouch
        *   Automation Panel Multitouch
        *   Automation Panel Singletouch
        *   Automation Panel Hygienedesign Edelstahl
        *   Automation Panel Hygienedesign Edelstahl, Tragarm
        *   Smart Display Link 3
        *   Smart Display Link 4
        *   Mobile Panel 7200
        *   Mobile Panel 7100
        *   Power Panel T-/C-Series
        *   Tastenmodule
        *   PANELWARE
        *   Panel Designer
    *   Steuerungssysteme
        *   X20 System
        *   X20 System coated
        *   X90 mobile Steuerungssystem
    *   I/O Systeme
        *   X20 System
        *   X20 System coated
        *   X67 System
        *   XV System
    *   Vision Systeme
        *   Kamera
        *   Beleuchtung
        *   Zubehör
        *   Applikationen
    *   Sicherheitstechnik
        *   X20 System
        *   X20 System coated
        *   X67 System
        *   ACOPOS
        *   ACOPOS P3
        *   ACOPOSmulti
        *   ACOPOSremote
        *   ACOPOSmotor
    *   Antriebstechnik
        *   Neuheiten
        *   ACOPOSmicro
        *   ACOPOS
        *   ACOPOS P3
        *   ACOPOSmulti
        *   ACOPOSremote
        *   ACOPOSmotor
        *   ACOPOSmotor Compact
        *   ACOPOSinverter
        *   Servomotoren 8WSA
        *   Getriebemotoren 8WSB
        *   Synchronmotoren 8LVA
        *   Getriebemotoren 8LVB
        *   Synchronmotoren 8LWA
        *   Synchronmotoren 8LS
        *   Synchronmotoren 8LSN
        *   Synchronmotoren 8JSA
        *   Edelstahlservomotoren 8JS
        *   Synchronmotoren 8KS
        *   Torque Motoren 8LT
        *   Schrittmotoren 80MP
        *   Standard Planetengetriebe 8G
        *   Premium Planetengetriebe 8G
        *   Economy Planetengetriebe 8G
    *   Mechatronische Systeme
        *   Neuheiten
        *   ACOPOS 6D
        *   ACOPOStrak
        *   SuperTrak
        *   Tutorials
    *   Robotik
        *   Neuheiten
        *   Roboterportfolio
        *   Integration ohne Kompromisse
        *   mapp Robotics
    *   Mobile Automation
        *   Automation PC 3100 mobile
        *   Power Panel T50 mobile
        *   ISOBUS
    *   Netzwerke und Feldbus Module
    *   Software
        *   Automation Software
        *   mapp Technology
        *   Modellierung und Simulation
        *   Betriebssysteme
        *   Fernwartung
        *   Sonstiges
        *   Utilities / Tools
    *   Prozessleittechnik
        *   APROL APC
        *   APROL ConMon
        *   APROL EnMon
        *   APROL PDA
        *   APROL Hardware
        *   APROL Software
    *   Zubehör
    *   Lern- und Lehrmaterial
        *   ETA Systemfamilie
    
*   Service
    
    *   MyPortal
    *   Supportportal
    *   Material Return Portal
    *   Material Compliance
    *   Engineering Sample Regulations
    *   Software-Registrierung
    *   Remote Access
    *   Persönliche Uploads
    *   Online meeting
    *   Lieferanten
    *   Virtual Marking
    *   Cyber Security
    

*   **International**
*   **Europe**
*   **Asia**
*   **North America**
*   **South America**

*   **deutsch**
*   **english**
*   **español**

*   **Belgium** nederlands français
*   **Česká republika** český
*   **Danmark** dansk
*   **Deutschland** deutsch
*   **España** español
*   **France** français
*   **Italia** italiano
*   **Nederland** nederlands
*   **Österreich** deutsch
*   **Polska** polski
*   **Россия** русский
*   **Sverige** svenska
*   **Switzerland** deutsch français
*   **Türkiye** türkçe
*   **United Kingdom** english

*   **中国** 中文
*   **India** english
*   **日本** 日本語

*   **Canada** english
*   **México** español
*   **USA** english

*   **Brasil** português

*    Home
*   Service
*   Cyber Security

****Kontakt zum B&R Cyber Security Team****

Haben Sie eine Frage zur Cyber-Sicherheit von B&R-Produkten?  
Möchten Sie eine Schwachstelle oder ein Sicherheitsproblem in einem B&R-Produkt melden?  
Bitte senden Sie eine verschlüsselte E-Mail an _cybersecurity@br-automation.com_ unter Verwendung unseres PGP Schlüssels

****Anonymer Kontakt****

Sollte jemand eine Schwachstelle in Verbindung mit einem B&R Produkt entdecken und B&R nicht direkt kontaktieren wollen, empfehlen wir ICS CERT (https://www.kb.cert.org/vuls/report/), jede andere nationale CERT oder eine andere koordinierende Organisation zu kontaktieren.

**Cyber Security Guidelines**

**Cyber Security Advisories and Notices**

**Code Signing Certificates**

B&R Industrial Automation signiert die zur Verfügung gestellten Software-Entwicklungen. Damit kann sichergestellt werden, dass nur Produkte, welche gemäß unserer hohen Qualitäts- und Sicherheitsansprüchen geprüft wurden mit unserem Namen versehen sind. Die unten angeführten Code Signing Zertifikate für von B&R freigegebene Produkte ermöglichen es unseren Kunden, die Integrität und Authentizität der Software Entwicklungen zu verifizieren.

Valid from

Valid to

Fingerprint

Keyfile

01.07.2015

05.08.2016

2a2839fe1affb03e619e0e3f33e91ebc4fef3b62

Download file

26.07.2016

27.07.2018

b4d11977baae8827c8ff1d466969fd5f1b91bfe7

Download file

23.05.2018

23.05.2020

748aa0d710e6877921d2b67ceda9f7c4cafaf9ed

Download file

16.10.2018

23.05.2020

934b742c32b34e856370cc0f62251b3c64cc666e

Download file

29.04.2020

23.06.2022

d095488a2b2efb0440714f6b5baaa5e60e0c5604

Download file

15.04.2021

23.06.2022

13dd07b5d864ad8723fc3549e5eb0c01331e5734

Download file

06.05.2021

12.05.2022

58176987f97e357d0643013ca3900b74ecbb7630

Download file

22.10.2021

23.10.2022

48030051866e5e41022e123de6f00345cc5b83bb

Download file

21.10.2022

22.10.2023

8c5d6238f1698dfb1bc6e46576a447d3c2a19c99

Download file

Service

*   MyPortal
*   Supportportal
*   Material Return Portal
*   Material Compliance
*   Engineering Sample Regulations
*   Software-Registrierung
*   Remote Access
*   Persönliche Uploads
*   Online meeting
*   Lieferanten
*   Virtual Marking
*   **Cyber Security**

CVE-2022-4286: Cyber Security | B&R Industrial Automation

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

**Vaikutus**

Medium

**Tiedot**

**Proprietary Code CVEs**

**Description**

**More Information**

CVE-2023-24572

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 

See NVD (http://nvd.nist.gov/)  for additional details.

**Proprietary Code CVEs**

**Description**

**More Information**

CVE-2023-24572

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 

See NVD (http://nvd.nist.gov/)  for additional details.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2023-24572

Dell Command | Integration Suite for System Center

Versions prior to 6.4.0  
 

6.4.0

https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=T9HK2  
 

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2023-24572

Dell Command | Integration Suite for System Center

Versions prior to 6.4.0  
 

6.4.0

https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=T9HK2  
 

**Kiitokset**

**CVE-2023-24573**: Dell Technologies would like to thank ycdxsb for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2023-02-07

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Dell Command | Integration Suite for Microsoft System Center, Product Security Information

08 helmik. 2023

Tag

#dell