#web

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack

A logo is more than just a visual element—it’s the cornerstone of your brand identity. It communicates your…

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Monitouch V-SFT Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Fuji Electric's Monitouch V-SFT, a screen configuration software, is affected: Monitouch V-SFT: Version 6.2.3.0 and prior. 3.2 Vulnerability Overview 3.2.1 Out-of-bounds Write CWE-787 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage thi...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS VS5Sim is a simulator of V-SFT Ver5 packaged with Fuji Electric Tellus Lite V-Simulator, a remote monitoring and operation software. The following versions are affected: Tellus Lite: Version 4.0.20.0 3.2 Vulnerability Overview 3.2.1 Out-of-bounds Write CWE-787 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64 Product Suite and Mitsubishi Electric MC Works64 Vulnerabilities: Uncontrolled Search Path Element, Dead Code 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ICONICS reports that the following versions of ICONICS and Mitsubishi Electric products are affected: GENESIS64 AlarmWorX Multimedia (AlarmWorX64 MMX): Versions prior to 10.97.3 (CVE-2024-8299 and CVE-2024-9852) GENESIS64: Version 10.97.2, 10.97.2 CFR1, 10.97.2 CFR2, and 10.97.3 (CVE-2024-8300) Mitsubishi Electric MC Works64: all versions (CVE-2024-8299, CVE-2024-9852) 3.2 Vulnerability Overview 3.2.1 Uncontrolled Search Path Element CWE-427 An uncontrolled search path element in the AlarmWorX64 MMX Phone agent can provide the potential for DLL hijacking and malicious code execution. CVE-202...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Open Automation Software Equipment: Open Automation Software Vulnerability: Incorrect Execution-Assigned Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker executing code with escalated privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Open Automation Software, an HMI, SCADA, and IoT solution, are affected: Open Automation Software: prior to V20.00.0076 3.2 Vulnerability Overview 3.2.1 INCORRECT EXECUTION-ASSIGNED PERMISSIONS CWE-279 A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation. CVE-2024-11220 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVS...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerabilities: Missing Authentication for Critical Function, NULL Pointer Dereference, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain access to the management web interface or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: RUGGEDCOM APE1808: all ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Ruijie Equipment: Reyee OS Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Exposure of Private Personal Information to an Unauthorized Actor, Premature Release of Resource During Expected Lifetime, Insecure Storage of Sensitive Information, Use of Weak Credentials, Improper Neutralization of Wildcards or Matching Symbols, Improper Handling of Insufficient Permissions or Privileges, Server-Side Request Forgery (SSRF), Use of Inherently Dangerous Function, Resource Leak 2. RISK EVALUATION Successful exploitation of this vulnerabilities could allow attackers to take near full control over the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Ruijie product is affected: Reyee OS: Versions 2.206.x up to but not including 2.320.x 3.2 Vulnerability Overview 3.2.1 Weak Password Recovery Mechanism for Forgotten Password CWE-640 Ruijie Reyee OS version...

## Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. * Versions affected: 1.6.0 * Not affected: < 1.6.0 * Fixed versions: 1.6.1 ## Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way: - the "noscript" element is explicitly allowed Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor) and [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor) for more information on these configuration options. The default configuration is to disallow all of these element...

### Summary: A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. ### Details: The loading endpoint accepts and uses an unvalidated "next" parameter for redirects: ### PoC: Visit: `/loading?next=https://google.com` while authenticated. The page will redirect to google.com. ### Impact: This vulnerability could be used in phishing attacks by redirecting users from a legitimate application URL to malicious sites.