#dos

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Transaction Manager Vulnerability: Uncontrolled Resource Consumption. 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the application to crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The user would need to restart the application to recover from the denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports this vulnerability affects the following FactoryTalk Transaction Manager products: FactoryTalk Transaction Manager: versions 13.10 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 A denial-of-service vulnerability exists in the affected products. A threat actor could send a modified packet to port 400 exploit this vulnerability. If exploited, the application could crash or experience a h...

A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.

**Is the update for YARP 2.0 currently available?** The security update for YARP 2.0 is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** The attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.

**How do I get the update for a Windows App?** The Microsoft Store will automatically update affected customers. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: Get updates for apps and games in Microsoft Store. Note that Process Monitor is only available as part of an MSIX package called Sysinternals Suite.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** The attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

**How do I get the update for a Windows App?** The Microsoft Store will automatically update affected customers. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: Get updates for apps and games in Microsoft Store. Note that Process Monitor is only available as part of an MSIX package called Sysinternals Suite.

**Is the update for YARP 2.0 currently available?** The security update for YARP 2.0 is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.