#dos

Red Hat Security Advisory 2024-7868-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution and denial of service vulnerabilities.

Red Hat Security Advisory 2024-7867-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-7856-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2024-7854-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include bypass and denial of service vulnerabilities.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: PSS SINCAL Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or kernel memory corruption on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected if WibuKey dongles are used: PSS SINCAL: All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119 An issue was discovered in WibuKey64.sys in WIB...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Sentron Powercenter 1000 Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: SENTRON Powercenter 1000 (7KN1110-0MC00): All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754 Prior to v7.4.0, Ember ZNet is vulnerable to a denial-of-service attack throug...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.0 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerability: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a limited denial-of-service condition, data loss, or information disclosure. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products with Nozomi Guardian / CMC before 24.3.1 are affected: RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0): All versions RUGGEDCOM APE1808LNX CC (6GK6015-0AL20-0GH1): All versions 3.2 Vulnerability Overview 3.2.1 INCORRECT AUTHORIZATION CWE-863 An access control vulnerability was disco...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Zelio Soft 2 Vulnerabilities: Use After Free, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to achieve arbitrary code execution, cause a denial-of-service condition, or loss of confidentiality and integrity. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Schneider Electric Zelio Soft 2 are affected: Zelio Soft 2: Versions prior to 5.4.2.2 3.2 Vulnerability Overview 3.2.1 USE AFTER FREE CWE-416 A Use After Free vulnerability exists that could cause arbitrary code execution, denial-of-service and loss of confidentiality & integrity if an application user opens a malicious Zelio Soft 2 project file. CVE-2024-8422 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Compact GuardLogix, CompactLogix, ControlLogix, GuardLogix, 1756-EN4TR Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service on the affected products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation Logix Controllers, are affected: CompactLogix 5380: All versions later than v33.011 up to v33.015 Compact GuardLogix 5380: All versions later than v33.011 up to v33.015 CompactLogix 5480: All versions later than v33.011 up to v33.015 ControlLogix 5580: All versions later than v33.011 up to v33.015 GuardLogix 5580: All versions later than v33.011 up to v33.015 1756-EN4TR: Version v3.002 3.2 Vulnerability Overview 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 Due to a memory leak, a denial-of-service vulne...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send a specially crafted CIP message and cause a denial-of-service condition on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: ControlLogix 5580: Versions prior to V33.017, V34.014, V35.013, V36.011 ControlLogix 5580 Process: Versions prior to V33.017, V34.014, V35.013, V36.011 GuardLogix 5580: Versions prior to V33.017, V34.014, V35.013, V36.011 CompactLogix 5380: Versions prior to V33.017, V34.014, V35.013, V36.011 Compact GuardLogix 5380 SIL 2: Versions prior to V33.017, V34.014, V35.013, V36.011 Compact GuardLogix 5380 SIL 3: Versions prior to V33.017, V34.014, V35.013, V36.011 CompactLogix 5480: Versions prior to V33.017, V34.014, ...