
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.



%PDF-1.5 %���� 345 0 obj << /Length 1846 /Filter /FlateDecode >> stream xڽY\[S�F~�W�Q���{\_m��R�P�$�I� lJe˱e�}�^d$\[D�V��w.{η7�8xw@�?H��@R�@�������"�jf{�>mSL)R��f\\"Q��O�$8\*��?�eT叕�X!� " )�q�^�% G��\`��- JRS<�4�j��>8�p��4\\\\H�Vj�����(����|��tp��6�sC�c%@ˀb�J���X,W�gHQ�/O߾�ET�����E��p\`�BDAQ��e:\\�zaV޻�l^@%�7C�<� 8ښ\`L,����S8\\�t�#8L��<+�t����+�9�u��E� �R�cI��)ʃ��r���xP�E�Q,e Dl�W��C���@���Yt#�������A�9����b�NJ���ћ^$��FSa�y�K7�n���Gq�gä� o�QR�� 0��-\`P�𷟎��H�������+7�N:e��\_z��7\*e��GB\_��;\[� �Q�T�t���Ĵ��\[\*^�d����6+W�m��z�b\*�!^�c�YH�B1HC�^���8��og��)��K�����9�Exm�XLF��ؤ�"/�i����Z�B�\]k�A�M:(�\[;�����\_�Ԉ�ˆi@������5ڶ�Ӽ��tJ5hs�̴(M�&y�U����,�f

CVE-2023-31409

Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.

%PDF-1.7 %���� 1 0 obj <>/Metadata 358 0 R/ViewerPreferences 359 0 R>> endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/Font<>/ProcSet\[/PDF/Text/ImageB/ImageC/ImageI\] >>/MediaBox\[ 0 0 595.32 841.92\] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>> endobj 4 0 obj <> stream x��Wmo�F���؏�J^�ݻ�)�$�SO��4�):E8\`JL�����Θ�����\\������<3;t����6���s\\���k>"W�A����/��E6�̳rR�;��ĩ�l�/�\]r���yj���������s� 0N���xä!N�Y��֯?�y��0����\_�í#�Y��y?�ƹ!�����{���ջ^>��d�� ♷dp�n�ʆ �2�I����'cXz�� >'���%�2��n��6�1k��GpG�CO��,f�>=+��ѧ�&��;� ���ʔs�w=�$�2^ѿ��v-m�Z�����O�(��Q�i N??�Hz���E�� �Ł�� �cV>Y

CVE-2022-4048

Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.

%PDF-1.7 %���� 1 0 obj <>/Metadata 375 0 R/ViewerPreferences 376 0 R>> endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/Font<>/ProcSet\[/PDF/Text/ImageB/ImageC/ImageI\] >>/MediaBox\[ 0 0 595.32 841.92\] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>> endobj 4 0 obj <> stream x��WmoG���؏{�no�\_"��M�(���"Y8\*�Q|��O��́S�p� Gk�\`w��yf��g��e1�MG9;K΋"}��d��ŧd�Ȓ��d:O�i>O�������l�鐋^�$�}K&�����g��w�@�q� �IC����ڭ\_ �vk3���\_��֓Ѭ�J^��IfH/'?o�^�d�6�'�^\`� �K��(m�,����d8����~(�sr�n )�>���v��9�,�%�o!�ȋ"�U��\*ϋo1=�Yϸ��0�ɵ�Ly����\*���6�FC����\] @��և�Y��9zŚ�#���o-ņ^/��<�t��H�\[t�3+��,��K���+!\*� ���-�!�oJ�4���|���\]����c$�/�9�m�u���t>!4�ǿ����� �q�Q��3Υ�\\Ù5���m��x�S��P@W�N,�6m�9&�\[h��,ԣ�a�Vי\]3��@�D�7�\]) �Tm����.�ϩ��l�ѻE�h�B����FQ,�j9�<-@�X�\`(�Z�Q<�;Y֣�0'\_�Ȁ�@����q���њ�e��8��ΑM>8%�e~G��HG�o3��PW8kZ����R\\r\_�����M�i��r��8���2G�}�~��|7�G�|Ar�\_A��O���I�K) �b��4̓����x��w0hm��7%���+x��C�8���� �w���R�e���%s5(�T5oWp�U��1�\_ ̫�� l+ہ|f�4� G�d��'��I�����lU�n"��X�b��t��}��t ڕGq��W�=��̄:(��9Ҩe��(���c�x�桎�����o��0�i��x�e�H�����Y;�

CVE-2022-22508

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

%PDF-1.7 %���� 1 0 obj <>/Metadata 365 0 R/ViewerPreferences 366 0 R>> endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/Font<>/ProcSet\[/PDF/Text/ImageB/ImageC/ImageI\] >>/MediaBox\[ 0 0 595.32 841.92\] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>> endobj 4 0 obj <> stream x��W�n�6�o�������U�cV4��EP���b�S�ny��ee�b�Lj9 dQ�{ν�������ܤ���\*}���7,f�{ÇYֻHo'yZM��7��\\ׯY:���Cr|�'��!����?����Ys�v�xBt����\*N�&e����ɻ�e?���\[|Ì%�i��{?Mo3MN ������R��&�ɼ�C|z�IBC�7��mp" ��ĉ�B�!0r��烤���y�s��3���b�ט�Xr��hp�qQUŴ٧gEQ�|�j��2��,�4�TZ��.�J"�PZ���\*����(���U�M��$���0R� �,��j�0��y��E��9�َ�����F<Y�Yn,�Gs+9o�ɿn�86u48���CS�E3\]���|����� fi���������i~K�,���?'!8�n��MxS�1�5����\\���?4�$\\�G.#q�l��\]¹��kK?Z�Z6k���b�Y����}SHy!�kh-��b�\\��Љ��ڜ���i�4�d�0����6���H��!��l�GZ��,L�7S�$�H9x����8|Z��2�:!��G���RcuT�.��@����xX񙢧~})��O�|W�1�C>��ӕ�"w�g�J�~\[�ڦ�lL�7��5v��l\]SBo����������s��|վ,83T־\]��+۷+8�}f��f4f��:+3e����\]�8�t���ר^�߸B��4K�< \`�}���kwZ��+�������,�V�\*�¶d�2���)�I,�0��g;�j��\_2U���s\*81(�j$q��-+��-�K�-/�6�nݣ�Aь��e\]>;5�{��D�1ƭV��Zw3�"�H���z���gR5���;���D��I�,��}�X\*g%�������P�V���,���F�\_�եk!e�I�U�x��v (�\\��N��6{7\`l�ѝ�p�,�����0K��G�b9���ef5���42��8A��=�b��܁-�-g\*���k��m��j�$��tK������eF\`��5u��WV��u����Q\] �g��iс��<� ��G�X�t��戛����e�r?��J ?ɏ�� endstream endobj 5 0 obj <> stream ����JFIF\`\`��JExifMM\*2:(\`\`��XICC\_PROFILEHLinomntrRGB XYZ � 1acspMSFTIEC sRGB���-HP cprtP3desc�lwtpt�bkptrXYZgXYZ,bXYZ@dmndTpdmdd��vuedL�view�$lumi�meas$tech0rTRC<gTRC<bTRC<textCopyright (c) 1998 Hewlett-Packard CompanydescsRGB IEC61966-2.1sRGB IEC61966-2.1XYZ �Q�XYZ XYZ o�8��XYZ b����XYZ $����descIEC http://www.iec.chIEC http://www.iec.chdesc.IEC 61966-2.1 Default RGB colour space - sRGB.IEC 61966-2.1 Default RGB colour space - sRGBdesc,Reference Viewing Condition in IEC61966-2.1,Reference Viewing Condition in IEC61966-2.1view��\_.���\\�XYZ L VPW�meas�sig CRT curv #(-27;@EJOTY^chmrw|������������������������� %+28>ELRY\`gnu|����������������&/8AKT\]gqz������������!-8COZfr~���������� -;HUcq~��������� +:IXgw��������'7HYj{�������+=Oat�������2FZn�������  % : O d y � � � � � �  ' = T j � � � � � �"9Qi������\*C\\u����� & @ Z t � � � � �.Id���� %A^z���� &Ca~����1Om����&Ed����#Cc����'Ij����4Vx���&Il����Ae����@e���� Ek���\*Qw���;c���\*R{���Gp���@j���>i���  A l � � �!!H!u!�!�!�"'"U"�"�"�# #8#f#�#�#�$$M$|$�$�% %8%h%�%�%�&'&W&�&�&�''I'z'�'�( (?(q(�(�))8)k)�)�\*\*5\*h\*�\*�++6+i+�+�,,9,n,�,�--A-v-�-�..L.�.�.�/$/Z/�/�/�050l0�0�11J1�1�1�2\*2c2�2�3 3F33�3�4+4e4�4�55M5�5�5�676r6�6�7$7\`7�7�88P8�8�99B99�9�:6:t:�:�;-;k;�;�<'

CVE-2022-47391

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

%PDF-1.7 %���� 1 0 obj <>/Metadata 373 0 R/ViewerPreferences 374 0 R>> endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/Font<>/ProcSet\[/PDF/Text/ImageB/ImageC/ImageI\] >>/MediaBox\[ 0 0 595.32 841.92\] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>> endobj 4 0 obj <> stream x��Wmo�6�n���>RD�\]dH�$밢�u(�"Pm%�\`K�"o�Oڿ�Qv�,�L���@6ES���{t읗��.�Tpv�;��t�9��Mo\\,?�Əˬ�.���i5+��h���S?f�4+�}��w=2p������0���� '�;�NS��\*N��2�v~��ng3���\[?Ì�ɢ��^����a�l�^�+E��O���Wu�w��mp��Z��T(����z�j�����G���\\�6/1�k�� ��!�EU��^E�5�/v�R�v8�5M��W\*�����\*�hBi �� ��\[�n��^�7d�v%�2�E��\_GŚ\\��k)��ky$�-:pf�OA��f�\_�jn%�K9��wMSg�����\*,�ź>���y�3��c�-������X��4������(���;�Fo��cB1��f���~�^�A��&1x�e?g�����-�\\\[��h9k٬Q!��2���<�:��+�����-�цr����Љ�!�\[��J�s��F�$�Y��Ȓ ��1��IV˩���7Y�ֳw��(!�(9x��~p9��њ�e�!5.�H���N��,�H����8C��9 ��yz/߭>�g>��}j��0����3C�aa���SA��s�N���� ��n��L�Z;������ǡ�o������o|����p.��@����ZFm�� �nm�t�!;�@3G�|���m�p;THG �)O T���3�V \*}�V͇'Ω�\`��b�щ���JiKf(�E;��ڎ�qP4�څ�l��H������s\\㫕nW�q��42���p}Br�cR5��ww��$��s$HZeQ���b�t!<޶%�%�G�!�8��ğ<�\`1�m�m�0�����d�F1v�������N�+�~H�9a�Qی�ʧ۫�Ot>�y�i��AG�s��0˭��\`����#G�z\*�\`

CVE-2022-47390

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

2023-05-15 10:00 (CEST) VDE-2023-007  

**WAGO: Unauthenticated command execution via Web-based-management**  
Share: Email | Twitter  

**Published**

2023-05-15 10:00 (CEST)

**Last update**

2023-05-08 16:11 (CEST)

**Vendor(s)**

WAGO GmbH & Co. KG  

**Product(s)**

Article No°

Product Name

Affected Version(s)

751-9301

Compact Controller CC100

FW20 <= FW22

751-9301

Compact Controller CC100

\= FW23

752-8303/8000-002

Edge Controller

\= FW22

750-81xx/xxx-xxx

PFC100

FW20 <= FW22

750-81xx/xxx-xxx

PFC100

\= FW23

750-82xx/xxx-xxx

PFC200

FW20 <= FW22

750-82xx/xxx-xxx

PFC200

\= FW23

762-5xxx

Touch Panel 600 Advanced Line

\= FW22

762-6xxx

Touch Panel 600 Marine Line

\= FW22

762-4xxx

Touch Panel 600 Standard Line

\= FW22

**Summary**

The “legal information” plugin of web-based-management contained a vulnerability which allowed execution of arbitrary commands with privileges of www user.

**CVE ID**

**Last Update:**

May 4, 2023, 9:18 a.m.

**Severity**

**Weakness**

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')  (CWE-78) 

**Summary**

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

**Details**

**Impact**

Exploiting the vulnerability provides arbitrary command execution with privileges of the 'www' user. Via this flaw an attacker can change device configuration, create users or even take over the system.

**Solution**

**Mitigation**

As general security measures strongly WAGO recommends:

1.  Use general security best practices to protect systems from local and network attacks.
2.  Do not allow direct access to the device from untrusted networks.
3.  Update to the latest firmware according to the table in chapter solutions.
4.  Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy.

The BSI provides general information on securing ICS in the ICS Compendium (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security\_compendium.pdf).

**Remediation**

Wago recommends all effected users to update to the firmware version listed below:

Article No°

Product Name

Fixed Version

751-9301

Compact Controller CC100

FW24

752-8303/8000-002

Edge Controller

FW22 Patch 1 or higher patch level

752-8303/8000-002

Edge Controller

FW24

750-81xx/xxx-xxx

PFC100

FW22 Patch 1 or higher patch level

750-81xx/xxx-xxx

PFC100

FW24

750-82xx/xxx-xxx

PFC200

FW22 Patch 1 or higher patch level

750-82xx/xxx-xxx

PFC200

FW24

762-5xxx

Touch Panel 600 Advanced Line

FW22 Patch 1 or higher patch level

762-5xxx

Touch Panel 600 Advanced Line

FW24

762-6xxx

Touch Panel 600 Marine Line

FW22 Patch 1 or higher patch level

762-6xxx

Touch Panel 600 Marine Line

FW24

762-4xxx

Touch Panel 600 Standard Line

FW22 Patch 1 or higher patch level

762-4xxx

Touch Panel 600 Standard Line

FW24

**Reported by**

The vulnerability was reported by Quentin Kaiser from ONEKEY.  
Coordination done by CERT@VDE.

CVE-2023-1698: VDE-2023-007 | CERT@VDE

One long-awaited security move caused a ripple effect in the cybercrime ecosystem.

Ever since Microsoft decided to block Office macros by default, threat actors have been forced to evolve, adopting new methods for delivering malware at an unprecedented rate.

For a long time, threat actors have used malicious Microsoft Office macros to get a hook inside of their target's computers. It was for that reason that, in 2022, Microsoft finally — though unevenly — began blocking macros by default on files downloaded from the Internet.

Now, without their favorite toy, hackers are having to come up with new ways to get their malware where they want it to go.

"In a lot of ways, they're just kind of throwing spaghetti at the wall to see what sticks," says Selena Larson, author of a new report on the trend. "The energy that they're spending to create new attack chains is really unique," and cyber defenders are going to have to keep up.

**How Attackers Have Adjusted**

Rarely has such a simple policy change made such a big difference in the cybercrime landscape. In 2021, the year of Microsoft's announcement, researchers from Proofpoint tracked well beyond a thousand malicious campaigns utilizing macros.

In 2022 — the year the policy change took effect — macro-enabled attacks plummeted 66%. Thus far in 2023, macros have all but disappeared in cyberattacks.

In their place, hackers need some other solution. Container files emerged as a popular alternative last year, allowing attackers to bypass Microsoft's "mark-of-the-Web" tag for files downloaded from the Internet. Once Microsoft addressed that workaround, however, such files went the way of the macro.

Since then, hackers have been searching for their new golden goose.

For example, in H2 2022, Proofpoint researchers observed a significant rise in HTML smuggling — slipping an encoded script through an HTML attachment. In 2023, good ol' PDFs have proven a popular file format for attackers. And last December, some malicious campaigns began utilizing Microsoft's notes-taking app OneNote as a means for delivering their malware. By January, dozens of threat actors piled onto the trend, and, in recent months, over 120 campaigns have made use of OneNote.

Nothing has stuck, though. "We haven't seen anything that has the same type of durability as the macro-enabled attachment," Larson says.

**What This Means for Security Teams**

"Attackers are having to be more creative now, which presents more opportunities for them to screw up or make mistakes," Larson says.

Still, forcing cybercriminals out of their comfort zone comes with a cost. "The speed and the rate and scope of the changes that they're making — all the different attack chains that they're experimenting with — stands out," she says.

And so, cyber defenders will have to move equally fast to keep up. "We're having to be proactive to threat actor behavior and come up with new detections and rules and such, because threat actors are trying different ways to bypass existing detections," she says.

Organizations, too, will need to keep up-to-date with the latest trends. Take security trainings: "I know that a lot of the time, people are trained on macro-enabled documents. Now you have to make your users aware of the new PDF methods and use real-world examples of potential threats to incorporate into security training," she says.

"But from an overall, holistic security viewpoint, I don't think there's anything that needs to drastically change, as long as you are ensuring that users are aware," Larson says. "Just being, like, 'Hey, look out for this type of thing!'"

How Cybercriminals Adapted to Microsoft Blocking Macros by Default

Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2023-23169: GitHub - S4nshine/CVE-2023-23169

 In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.




CVE-2023-2664: A stack-overflow in xpdf4.04 - forum.xpdfreader.com

In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.




**Description**  
There exists FPE in ImageStream::ImageStream(Stream\*, int, int, int) at xpdf-4.04/xpdf/Stream.cc:370:23.It's a division-by-zero error.  
**My test program**  
pdfimages  
**Command and argument**  
./pdfimages poc-file /dev/null

poc-file is attached.  
**ASAN Info**

Code: Select all

    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==2894348==ERROR: AddressSanitizer: FPE on unknown address 0x000000798907 (pc 0x000000798907 bp 0x0c0c000005a7 sp 0x7ffd7d2a6b50 T0)
        #0 0x798907 in ImageStream::ImageStream(Stream*, int, int, int) /root/target/latest/20230404/xpdf-4.04/xpdf/Stream.cc:370:23
        #1 0x4f8e3c in ImageOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, int*, int, int) /root/target/latest/20230404/xpdf-4.04/xpdf/ImageOutputDev.cc:324:18
        #2 0x604d02 in Gfx::doImage(Object*, Stream*, int) /root/target/latest/20230404/xpdf-4.04/xpdf/Gfx.cc:4621:7
        #3 0x5aff8e in Gfx::opXObject(Object*, int) /root/target/latest/20230404/xpdf-4.04/xpdf/Gfx.cc:4104:2
        #4 0x5d7c8b in Gfx::execOp(Object*, Object*, int) /root/target/latest/20230404/xpdf-4.04/xpdf/Gfx.cc:862:3
        #5 0x5d6c68 in Gfx::go(int) /root/target/latest/20230404/xpdf-4.04/xpdf/Gfx.cc:747:12
        #6 0x5d5598 in Gfx::display(Object*, int) /root/target/latest/20230404/xpdf-4.04/xpdf/Gfx.cc:669:3
        #7 0x77583e in Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, int (*)(void*), void*) /root/target/latest/20230404/xpdf-4.04/xpdf/Page.cc:422:10
        #8 0x774d48 in Page::display(OutputDev*, double, double, int, int, int, int, int (*)(void*), void*) /root/target/latest/20230404/xpdf-4.04/xpdf/Page.cc:368:3
        #9 0x7890a1 in PDFDoc::displayPage(OutputDev*, int, double, double, int, int, int, int, int (*)(void*), void*) /root/target/latest/20230404/xpdf-4.04/xpdf/PDFDoc.cc:442:27
        #10 0x7892d8 in PDFDoc::displayPages(OutputDev*, int, int, double, double, int, int, int, int, int (*)(void*), void*) /root/target/latest/20230404/xpdf-4.04/xpdf/PDFDoc.cc:460:5
        #11 0x4fc0e4 in main /root/target/latest/20230404/xpdf-4.04/xpdf/pdfimages.cc:156:10
        #12 0x7f4cb41b0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
        #13 0x44b69d in _start (/root/target/latest/20230404/xpdf-4.04/install_map16/bin/pdfimages+0x44b69d)
    
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: FPE /root/target/latest/20230404/xpdf-4.04/xpdf/Stream.cc:370:23 in ImageStream::ImageStream(Stream*, int, int, int)
    ==2894348==ABORTING

**Source Code**

Code: Select all

    ImageStream::ImageStream(Stream *strA, int widthA, int nCompsA, int nBitsA) {
      int imgLineSize;
    
      str = strA;
      width = widthA;
      nComps = nCompsA;
      nBits = nBitsA;
    
      nVals = width * nComps;
      inputLineSize = (nVals * nBits + 7) >> 3;
      if (width > INT_MAX / nComps ||
          nVals > (INT_MAX - 7) / nBits) {
        // force a call to gmallocn(-1,...), which will throw an exception
        inputLineSize = -1;
      }
      ......
    Omit remaining code
      ......
    }

**Version**  
xpdf:4.04

Tag

#pdf