#vulnerability

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE 1808 Vulnerabilities: Stack-based Buffer Overflow, Use of Password Hash With Insufficient Computational Effort, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute unauthorized code or commands via specially crafted CLI commands and access to decrypting the CLI backup file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: Siemens RUGGEDCOM APE1808: All versions with Fortinet NGFW 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFF...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE, RUGGEDCOM, SIPLUS, and SINEC Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow on-path attackers to gain access to the network with the attackers desired authorization without needing legitimate credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: RUGGEDCOM CROSSBOW: All versions RUGGEDCOM i800: All versions RUGGEDCOM i800NC: All versions RUGGEDCOM i801: All versions RUGGEDCOM i801NC: Al...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Teamcenter Visualization, JT2Go Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: Siemens JT2Go: Versions prior to v14.3.0.8 Siemens Teamcenter Visualization V14.1: Versions prior to v14.1.0.14 Siemens Teamcenter Visualization V14.2: Versions prior to v14.2.0.10 Siemens Teamcenter Visualization V14.3: Versions prior to v14.3.0.8 Siemens Teamcenter Visualizatio...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Incorrect Privilege Assignment, Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK EVALUATION Successful exploitation could allow an attacker to obtain user credentials, the MACSEC key, or create a remote shell to the affected system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: RUGGEDCOM i800: Versions prior to V4.3.10 (CVE-2023-52237) RUGGEDCOM i800NC: Versions prior to V4.3.10 (CVE-2023-52...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Remote Connect Server Vulnerabilities: Incorrect User Management, Unrestricted Upload of File with Dangerous Type, Forced Browsing, Improper Check for Unusual or Exceptional Conditions, Client-Side Enforcement of Server-Side Security, Incorrect Authorization, Creation of Temporary File With Insecure Permissions, Improper Restriction of Excessive Authentication Attempts, Incorrect Permission Assignment for Critical Resource, Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Simcenter Femap Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Type Confusion, Improper Restriction of Operations within the Bounds of a Memory Buffer, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: Simcenter Femap: Versions prior to V2406 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS READ CWE-125 The affected applications contain an out of bounds read...

Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory responsibilities, whereas smaller entities often underestimated their attractiveness to hackers. However, this assumption is precarious, as cybercriminals frequently exploit

**Why is the Red Hat Inc. the assigning CNA (CVE Numbering Authority)?** CVE-2024-6387 is regarding a vulnerability in OppenSSH's server (sshd). Red Hat created this CVE on its behalf.

At the Microsoft Security Response Center, we are committed to continuously improving the security and performance of our services to meet the evolving needs of our customers. We are excited to announce the rollout of the latest version of our Common Vulnerability Reporting (CVRF) API. This update brings improvements in both security and performance, without requiring any changes to your existing invocation methods.

Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. It