#web

By Waqas The data breach does not include passwords or financial data. This is a post from HackRead.com Read the original post: Samsung Data Breach: Hackers Steal Data of UK Customers

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information.

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). "Observed as a ransomware-as-a-service (RaaS)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Siemens Equipment: Desigo CC product family Vulnerabilities: Buffer Over-Read, Heap-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on the Desigo CC server or create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected by vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime: Desigo CC product family V5.0: All versions Desigo CC product family V5.1: All versions Desigo ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: SIMATIC PCS neo Vulnerabilities: Missing Authentication for Critical Function, SQL Injection, Permissive Cross-domain Policy with Untrusted Domains, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents, execute SQL statements, trick a legitimate user to trigger unwanted behavior, and inject Javascript code into the application that is later executed by another legitimate user. 3. TECHNICAL DETAILS...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Improper Restriction of XML External Entity Reference, Path Traversal, Out-of-bounds Write, Out-of-bounds Read, Integer Overflow or Wraparound, Use After Free, Heap-based Buffer Overflow, Cleartext Transmission of Sensitive Information, Classic Buffer Overflow, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service condition, data infiltration, or perform access control violations. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODU...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC PNI Vulnerabilities: Improper Input Validation, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution, a denial-of-service condition, or perform buffer overflows. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SINEC PNI: Versions prior to V2.0 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 .NET and Visual Studio Information Disclosure Vulnerability. CVE-2022-30184 has been assigned to this vulnera...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Equipment: Sixnet RTU Vulnerabilities: Authentication Bypass using an Alternative Path or Channel, Exposed Dangerous Method or Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to execute commands with high privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Red Lion products are affected: ST-IPm-8460: Firmware 6.0.202 and later ST-IPm-6350: Firmware version 4.9.114 and later VT-mIPm-135-D: Firmware version 4.9.114 and later VT-mIPm-245-D: Firmware version 4.9.114 and later VT-IPm2m-213-D: Firmware version 4.9.114 and later VT-IPm2m-113-D: Firmware version 4.9.114 and later 3.2 Vulnerability Overview 3.2.1 AUTHENTICATION BYPASS USING AN ALTERNATIVE PATH OR CHANNEL CWE-288 Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix 7, Mendix 8, Mendix 9, Mendix 10 Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow authenticated attackers to access or modify objects without proper authorization or escalate privileges in the context of the vulnerable app. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens Mendix Applications, are affected: Mendix Applications using Mendix 7: all versions prior to V7.23.37 Mendix Applications using Mendix 8: all versions prior to V8.18.27 Mendix Applications usi...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: OPC UA Modeling Editor (SiOME) Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary files in the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens OPC UA Modeling Editor (SiOME), are affected: OPC UA Modelling Editor (SiOME): versions prior to V2.8 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 ...