What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
CVE.webp 2023-10-27 20:15:09 CVE-2023-5828 (lien direct) Une vulnérabilité a été trouvée dans Nanning Ontall Longxing Industrial Development Zone Construction et Système de gestion de l'installation jusqu'en 20231026. Il a été déclaré critique.Cette vulnérabilité est une fonctionnalité inconnue du fichier Login.aspx.La manipulation de l'argument tbxusername conduit à l'injection de SQL.L'attaque peut être lancée à distance.L'exploit a été divulgué au public et peut être utilisé.L'identifiant associé de cette vulnérabilité est VDB-243727.
A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727.		 Vulnerability Threat Industrial
CVE.webp 2023-10-13 13:15:11 CVE-2023-29464 (lien direct) FactoryTalk Linx, dans le Rockwell Automation PanelView Plus, permet à un acteur de menace non authentifié de lire les données de la mémoire via des paquets malveillants fabriqués.L'envoi d'une taille supérieure à la taille du tampon entraîne une fuite de données de la mémoire, ce qui entraîne une divulgation d'informations.Si la taille est suffisamment grande, elle fait que les communications sur le protocole industriel commune ne répondent pas à tout type de paquet, entraînant un déni de service à FactoryTalk Linx sur le protocole industriel commun.
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.		 Threat Industrial
CVE.webp 2023-09-06 00:15:07 CVE-2023-4485 (lien direct) Ardeg & acirc; & nbsp ;? Sistema Scada Central Versions 2.203 et antérieure La page de connexion est vulnérable à une attaque d'injection de SQL aveugle non authentifiée.Un attaquant pourrait manipuler la logique de requête SQL de l'application \\ pour extraire des informations sensibles ou effectuer des actions non autorisées dans la base de données.Dans ce cas, la vulnérabilité pourrait permettre à un attaquant d'exécuter des requêtes SQL arbitraires via la page de connexion, conduisant potentiellement à un accès non autorisé, à une fuite de données ou même à la perturbation des processus industriels critiques.
ARDEREG ?Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application\'s SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, the vulnerability could allow an attacker to execute arbitrary SQL queries through the login page, potentially leading to unauthorized access, data leakage, or even disruption of critical industrial processes.		 Vulnerability Industrial
CVE.webp 2023-07-26 18:15:11 CVE-2023-3242 (lien direct) L'allocation des ressources sans limites ou étranglement, une mauvaise vulnérabilité d'initialisation dans l'automatisation industrielle de B & amp;
Allocation of Resources Without Limits or Throttling, Improper Initialization vulnerability in B&R Industrial Automation B&R Automation Runtime allows Flooding, Leveraging Race Conditions.This issue affects B&R Automation Runtime: 		Vulnerability Industrial
CVE.webp 2023-06-21 13:15:09 CVE-2022-3372 (lien direct) Il existe une vulnérabilité CSRF sur NetMan-204 version 02.05.Un attaquant pourrait réussir à modifier les mots de passe de l'administrateur via une contrefaçon de demande de site croisé en raison du manque de validation appropriée sur le jeton CRSF.Cette vulnérabilité pourrait permettre à un attaquant distant d'accéder au panneau administrateur, en mesure de modifier différents paramètres qui sont critiques pour les opérations industrielles.
There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations.		 Vulnerability Industrial
CVE.webp 2023-05-12 14:15:09 CVE-2023-1934 (lien direct) Le système PNPSCADA, un produit de SDG Technologies CC, est affligé par une vulnérabilité d'injection de postgresql non authentifiée non authentifiée.Présent dans le point de terminaison HitLogcsv.JSP, ce défaut de sécurité permet aux attaquants non authentifiés de s'engager avec la base de données sous-jacente de manière transparente et passive.Par conséquent, les acteurs malveillants pourraient accéder à des informations vitales, telles que le système de contrôle industriel (ICS) et les données OT, aux côtés d'autres enregistrements sensibles comme les journaux SMS et SMS.L'accès à la base de données non autorisés expose les systèmes compromis à la manipulation potentielle ou à la violation des données d'infrastructure essentielles, mettant en évidence la gravité de cette vulnérabilité.
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT data, alongside other sensitive records like SMS and SMS Logs. The unauthorized database access exposes compromised systems to potential manipulation or breach of essential infrastructure data, highlighting the severity of this vulnerability.		 Industrial
CVE.webp 2023-04-14 12:15:07 CVE-2023-1617 (lien direct) Vulnérabilité d'authentification incorrecte dans B & amp; r Automatisation industrielle B & amp; r VC4 (modules VNC-Server). & Acirc; & nbsp;Cette vulnérabilité peut permettre à un attaquant basé sur le réseau non authentifié de contourner le mécanisme d'authentification de la visualisation VC4 sur les appareils affectés.L'impact de cette vulnérabilité dépend des fonctionnalités fournies dans la visualisation. Ce problème affecte B & amp; R VC4: de 3. * à 3.96.7, de 4.0 * à 4.06.7, de 4.1 * à 4.16.3, de 4.2 * à 4.26.8, de 4.3 * à 4.34,6, de4.4 * à 4.45.1, de 4,5 * à 4.45.3, de 4,7 * à 4,72,9.
Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules).  This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization. This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.		 Vulnerability Industrial
CVE.webp 2023-02-07 17:15:11 CVE-2022-41312 (lien direct) A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="Switch Description", name "switch_description" Vulnerability Guideline Industrial
CVE.webp 2023-02-07 17:15:11 CVE-2022-41313 (lien direct) A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact" Vulnerability Guideline Industrial
CVE.webp 2023-02-07 17:15:10 CVE-2022-40224 (lien direct) A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Vulnerability Guideline Industrial
CVE.webp 2023-02-07 17:15:10 CVE-2022-41311 (lien direct) A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="webLocationMessage_text" name="webLocationMessage_text" Vulnerability Guideline Industrial
CVE.webp 2023-02-07 17:15:10 CVE-2022-40693 (lien direct) A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. Vulnerability Guideline Industrial
CVE.webp 2023-02-07 17:15:10 CVE-2022-40691 (lien direct) An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. Vulnerability Guideline Industrial
CVE.webp 2023-02-02 06:15:08 CVE-2022-33323 (lien direct) Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section. Vulnerability Industrial
CVE.webp 2023-01-20 07:15:15 CVE-2023-20038 (lien direct) A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director. Vulnerability Industrial
CVE.webp 2023-01-20 07:15:15 CVE-2023-20037 (lien direct) A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by sending requests containing malicious values to the affected system. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Vulnerability Industrial
CVE.webp 2022-12-13 22:15:09 CVE-2022-2660 (lien direct) Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. Industrial
CVE.webp 2022-12-13 16:15:21 CVE-2022-33235 (lien direct) Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Industrial
CVE.webp 2022-12-13 16:15:21 CVE-2022-33268 (lien direct) Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Industrial
CVE.webp 2022-12-13 16:15:21 CVE-2022-33238 (lien direct) Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Industrial
CVE.webp 2022-12-13 16:15:18 CVE-2022-25702 (lien direct) Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables Industrial
CVE.webp 2022-12-13 16:15:18 CVE-2022-25695 (lien direct) Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Industrial
CVE.webp 2022-12-13 16:15:18 CVE-2022-25711 (lien direct) Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables Industrial
CVE.webp 2022-12-13 16:15:18 CVE-2022-25692 (lien direct) Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables Industrial
CVE.webp 2022-12-13 16:15:18 CVE-2022-25685 (lien direct) Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables Industrial
CVE.webp 2022-12-13 16:15:18 CVE-2022-25682 (lien direct) Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Industrial
CVE.webp 2022-12-13 16:15:17 CVE-2022-25677 (lien direct) Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Industrial
CVE.webp 2022-12-13 16:15:17 CVE-2022-25681 (lien direct) Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile Industrial
CVE.webp 2022-12-13 16:15:17 CVE-2022-25675 (lien direct) Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile Industrial
Last update at: 2024-05-18 14:08:02
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter