#web

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Solid Edge Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause an out-of-bounds read past the end of an allocated structure while parsing specially crafted files, resulting in code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens Solid Edge, a product development tool, are affected: Solid Edge: Versions prior to V223.0.11 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS READ CWE-125 Solid Edge is affected by an out-of-bounds read vulnerability that could be tr...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerabilities: Heap-based Buffer Overflow, External Control of File Name or Path, Improper Privilege Management, Uncontrolled Resource Consumption, Improper Certificate Validation, Out-of-bounds Write, Use of Externally-Controlled Format String 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute elevated actions, cause a denial-of-service, or execute arbitrary commands or code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens RUGGEDCOM APE1808, an applicati...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family Vulnerabilities: Use of Hard-coded Cryptographic Key, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to cause a denial-of-service condition or extract configuration information from a configuration backup file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SCALANCE XB205-3 (SC, PN) (6GK5205-3BB00-2AB2): All versions SCALANCE XB205-3 (ST, E/IP) (6GK5205-3BB00-2TB2): A...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 devices Vulnerabilities: Improper Certificate Validation, Cleartext Transmission of Sensitive Information, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Cross-site Scripting, Permissive List of Allowed Inputs, Relative Path Traversal, Improper Restriction of Excessive Authentication Attempts, Use of Externally-Controlled Format String, Access of Uninitialized Pointer, Out-of-bounds Write, Open Redirect, Improper Input Validation, Insertion of Sensitive Information into Log File, Heap-based Buffer Overflow, ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Cross-site Scripting, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code via the 'options' element or obtain access to unauthorized resources. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SINEMA Remote Connect Server, a remote management platform, are affected: SINEMA Remote Connect Server: Versions prior to V3.2 SINEMA Remote Connect Server: Versions prior to V3.1 3.2 Vulnerability...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Low attack complexity Vendor: Softing Equipment: edgeConnector Vulnerabilities: Cleartext Transmission of Sensitive Information, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create conditions that may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Softing edgeConnector are affected: Softing edgeConnector: Version 3.60 Softing edgeAggregator: Version 3.60 3.2 Vulnerability Overview 3.2.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22 The affected product is vulnerable to an absolute path traversal vulnerability, which may allow an attacker with admin privileges to write to a file or overwrite a file in the filesystem. CVE-2023-38126 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.2.2 CLEARTEXT...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Siveillance Control Vulnerability: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to gain write privileges for objects where they only have read privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: Siveillance Control: Versions V2.8 and after until V3.1.1 3.2 Vulnerability Overview 3.2.1 INCORRECT AUTHORIZATION CWE-863 The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locall...

Artificial intelligence (AI) has been evolving as one of the top priorities for organizations because of the increasing volume of data being generated from core data centers to the edge. Similarly, the adoption of Kubernetes in the past 10 years has resulted in improved scalability, reliability and business resilience.While Kubernetes has resulted in immense benefits, operational management and security continue to be challenging. Managing software supply chain integrity, monitoring the security of container images and runtime environments and enforcing compliance policies can be overwhelming.

Malwarebytes Premium for Windows detected and blocked 100% of the malware samples used in AVLab's January evaluation.

By Deeba Ahmed Mikhail Vasiliev, a Russian-Canadian citizen faces four years in a Canadian prison and is likely to be extradited to the US after completing his sentence. This is a post from HackRead.com Read the original post: LockBit Affiliate Sentenced to 4 Years in Canada, Faces Extradition