Tag
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Accutech Manager Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation could allow an attacker to cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric Accutech Manager: Versions 2.08.01 and prior 3.2 Vulnerability Overview 3.2.1 BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120 A Classic Buffer Overflow vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP. CVE-2024-6918 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 3.3 BACKGROUND ...
KEY SUMMARY POINTS The FBI has issued a Private Industry Notification (PIN) to highlight new malware campaigns targeting…
KEY SUMMARY POINTS The FBI has issued a Private Industry Notification (PIN) to highlight new malware campaigns targeting…
Many professionals juggle multiple document formats, leading to confusion and wasted time. Imagine a streamlined process that simplifies…
Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe.
Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness.
SUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified…
Cybercriminals are targeting YouTube creators with sophisticated phishing attacks disguised as brand collaborations. Learn how to identify these scams, protect your data, and safeguard your online presence
Plus: The US indicts North Koreans in fake IT worker scheme, file-sharing firm Cleo warns customers to patch a vulnerability amid live attacks, and more.
Another day, another healthcare database misconfiguration exposing sensitive patient information.