Skip to main content

CND News and Blog

Categories
Teams
Archives
Categories:   All Categories
Suggested keywords
x

New Vulnerabilities Thursday 23 June

Vulnerabilities 979 Hits 0 Comments


New Alerts for SMA Technologies, IBM, Hikvision, Bosch, CODESYS, and Linux.


SMA Technologies 

SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An attacker with access to the private key can gain root access on affected systems.
More info.

IBM 

IBM CICS TX Advanced could allow a remote attacker to execute arbitrary commands. CVSSv3 score of 9.8
More info. And here.

Security vulnerabilities in third-party software have been addressed in IBM Cognos Analytics. Highest CVSSv3 score of 9.8
More info.

Hikvision 

The web module in some Hikvision Hybrid SAN/Cluster Storage products have insufficient input validation security vulnerabilities, allowing a remote attacker to execute restricted commands or cause a XSS attack. Highest CVSSv3 score of 7.5
More info.

Bosch 

Multiple vulnerabilities were found in the PRA-ES8P2S Ethernet-Switch including an Improper Input Validation, an Improper Privilege Management and an Execution with Unnecessary Privileges vulnerability. These vulnerabilities can give root access and/or administrator privilege to the switch from the network. Note the CVEs identified date back to 2006, although only the 3 most recent CVEs are patched. Highest CVSSv3 score of 9.8
More info.

CODESYS 

CODESYS Gateway Server contains security vulnerabilities that allow an unauthenticated attacker to send crafted requests to cause the Server to allocate excessive memory or consume all available TCP client connections. Also, passwords are insufficiently checked during login. Highest CVSSv3 score of 9.8
More info.

CODESYS V2 products and CODESYS V3 products that communicate with V2 clients are affected by Unprotected Transport of Credentials and Insecure Default Initialization of Resource security vulnerabilities. The CODESYS V2 communication protocol transmits passwords unprotected. Also, password protection is not activated by default for the CODESYS Control runtime system V2. Highest CVSSv3 score of 9.8
More info.

Linux 

SUSE has updated the kernel and fwupdate. More info.
Red Hat has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.

Security Wizardry Cyber Threat Intelligence - The Radar Page


https://radar.securitywizardry.com/

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/mobile-radar.htm

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts
Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

About the author

michele654

michele654

Subscribe to updates from author Unsubscribe to updates from author michele654
Author's recent posts
More posts from author
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, 20 April 2024

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/