#perl

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPUs Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain knowledge about actual and configured maximum cycle times and communication load of the CPU. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0): Versions prior to V3.1.4 SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): Versions prior to V3....

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 and S7-1200 CPUs Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to make the web server of affected devices redirect a legitimate user to an attacker-chosen URL. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following SIMATIC S7-1500 and S7-1200 CPUs are affected: SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0): versions prior to V3.1.4 SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): versions prior to V3.1.4 SIMATIC ET 200SP ...

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

The `heap-buffer-overflow` is triggered in the `strlen()` function when handling the `c_chars_to_str` function in the dbn crate. This vulnerability occurs because the `CStr::from_ptr()` function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars array passed to the c_chars_to_str function is properly null-terminated. If the chars array does not contain a null byte (\0), strlen() will continue to read beyond the bounds of the buffer in search of a null terminator. This results in an out-of-bounds memory read and can lead to a heap-buffer-overflow, potentially causing memory corruption or exposing sensitive information.

Ubuntu Security Notice 7058-1 - Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code execution. This vulnerability only impacted Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that .NET components designed to process malicious input were susceptible to hash flooding attacks. An attacker could possibly use this issue to cause a denial of service, resulting in a crash.

Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access — a situation no organization wants as

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based

ABB Cylon Aspect version 3.08.01 suffers from an arbitrary file deletion vulnerability. Input passed to the file parameter in calendarFileDelete.php is not properly sanitized before being used to delete calendar files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.

The BMS/BAS controller suffers from an arbitrary file deletion vulnerability. Input passed to the 'file' parameter in calendarFileDelete.php is not properly sanitised before being used to delete calendar files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.