One Article Review
| Source |  SecurityWeek |
|---|---|
| Identifiant | 512180 |
| Date de publication | 2018-03-14 03:00:02 (vue: 2018-03-14 03:00:02) |
| Titre | SAP Patches Decade-Old Flaws With March 2018 Patches |
| Texte | SAP this week released its March 2018 set of security patches to address High and Medium priority vulnerabilities in its products. A total of 10 Security Notes were included in the SAP Security Patch Day this month, three rated High priority and 7 considered Medium priority. Two of the Notes were updates for previously released Security Notes. SAP this month included 17 Support Package Notes in the Security Patch Day, for a total of 17 Security Notes, ERPScan (a company that specializes in securing Oracle and SAP applications) reports. 11 of the Notes were released after the second Tuesday of the last month and before the second Tuesday of this month. The most severe of the Security Notes addresses three vulnerabilities in SAP Internet Graphics Server (IGS) and carries a High priority rating (CVSS Base Score: 8.8). The bugs include CVE-2004-1308 (memory corruption), CVE-2005-2974 (denial of service), and CVE-2005-3350 (remot |
| Notes | |
| Envoyé | Oui |
| Condensat | 2018 addressed all april arghire arghire:sap async attacks attackscritical backdoor bay campaign certificatesnew ciso columns com/js/plusone conference correspondent createelement cyber cyberespionage day decade distrust document february flaws forum function getelementsbytagname google half high https://apis ics industry insertbefore international ionut january light linked links march moon muddywater new news oceanlotus oct old parentnode patch patches previous publishes recent register related: resolves risk root sap script securenvoy security securityweek securmailfirefox singapore spies sponsored src symantec tags: text/javascript true; tweet type usa use var vulnerabilities |
| Tags | |
| Stories | APT 32 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ressemble à 2 autre(s) article(s):
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
|
2018-03-14 16:39:02 | (Déjà vu) Microsoft Patches Remote Code Execution Flaw in CredSSP (lien direct) | A vulnerability (CVE-2018-0886) patched by Microsoft with its March 2018 security patches was a remote code execution flaw in the Credential Security Support Provider protocol (CredSSP) used by Remote Desktop Protocol (RDP) and Windows Remote Management (WinRM). This vulnerability can be exploited by an attacker to relay user credentials to execute code on a target system. The authentication provider, Microsoft explains, processes authentication requests for other applications, meaning that the vulnerability puts all applications that depend on CredSSP at risk. Preempt, which discovered the bug, explains | APT 32 | ||
|
2018-03-29 05:54:04 | (Déjà vu) Severe Vulnerabilities Expose MicroLogix PLCs to Attacks (lien direct) | >Rockwell Automation has released patches and mitigations for several potentially serious vulnerabilities discovered by Cisco Talos researchers in its Allen-Bradley MicroLogix 1400 programmable logic controllers (PLCs).
According to Cisco Talos, the vulnerabilities can be exploited for denial-of-service (DoS) attacks, modifying a device's configuration and ladder logic, and writing or removing data on its memory module.
Since these controllers are typically used in industrial environments, including in critical infrastructure organizations, exploitation of the flaws could result in significant damage, Talos said.
The most serious of the flaws, based on their CVSS score of 10, are a series of access control issues that have been assigned a dozen CVE identifiers. A remote and unauthenticated attacker can exploit these vulnerabilities to obtain sensitive information, modify a device's settings, or change its ladder logic – all by sending specially crafted packets.
While exploiting many of these flaws requires that the controller's keyswitch is in REMOTE or PROG position, reading the master password and the master ladder logic works regardless of the keyswitch setting.
Learn More at SecurityWeek's ICS Cyber Security Conference
Another potentially serious flaw is CVE-2017-12088, which allows a remote attacker to cause the controller to enter a fault state and potentially delete ladder logic by sending specially crafted packets to the Ethernet port.
DoS vulnerabilities also exist in the device's program download and firmware update functionality, but these have been assigned only a “medium severity” rating.
Other issues considered less serious include a file-write vulnerability affecting a memory module, and a DoS flaw related to the session connection functionality.
While a CVE identifier has been assigned to the session communication bug, Rockwell says the system actually works as intended and no patches or mitigations are required.
Rockwell Automation has released firmware updates that address some of these flaws. The company has also proposed a series of mitigations that include migrating to more recent series of the MicroLogix 1400 controller, setting the keyswitch to “Hard Run” to prevent unauthorized changes to the device, and disabling impacted services.
Cisco has publi |