MG Strategy+

Cybersecurity Data Services

 
  • Join Now-Sign Up
  • Log In

Threat Landscape for Industrial Automation Systems H1 2018 – Kaspersky Lab ICS CERT

  • Editor Paper Extracts
  • Editor Picks Articles
  • Editor Picks Maps
  • Editor Picks Reports
  • MGS+ EPCM Workgroup
  • MGS+ ICS Workgroup
  • MGS+ Operational Efficiencies Workgroup
  • MGS+ Partners
  • Uncategorized

001 MGS Alerts Advisories

  • CVE-2023-2968 | JFrog proxy HTTP Request socket.remoteAddress undefined values
    A vulnerability classified as critical was found in JFrog proxy. This vulnerability affects unknown code of the component HTTP Request Handler. The manipulation of the argument socket.remoteAddress leads to improper ... read more
  • CVE-2023-33975 | RIOT-OS up to 2023.01 6LoWPAN Frame memory corruption (GHSA-f6ff-g7mh-58q4)
    A vulnerability, which was classified as very critical, was found in RIOT-OS up to 2023.01. Affected is an unknown function of the component 6LoWPAN Frame Handler. The manipulation leads to ... read more
  • CVE-2023-33656 | NanoMQ 0.17.2 message.c resource consumption (Issue 1164)
    A vulnerability, which was classified as problematic, has been found in NanoMQ 0.17.2. This issue affects some unknown processing of the file message.c. The manipulation leads to resource consumption. The ... read more
  • CVE-2023-2836 | CRM Perks Forms Plugin bis 1.1.1 auf WordPress Cross Site Scripting
    In CRM Perks Forms Plugin bis 1.1.1 für WordPress wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung. Durch Manipulieren mit unbekannten Daten kann eine Cross Site Scripting-Schwachstelle ausgenutzt ... read more
  • CVE-2022-48336 | Google Nexus 6 Widevine Trustlet PRDiagParseAndStoreData Pufferüberlauf
    Eine kritische Schwachstelle wurde in Google Nexus 6 ausgemacht. Betroffen davon ist die Funktion PRDiagParseAndStoreData der Komponente Widevine Trustlet. Durch das Beeinflussen mit unbekannten Daten kann eine Pufferüberlauf-Schwachstelle ausgenutzt werden. ... read more
  • CVE-2023-33923 | Multiple Themes Plugin auf WordPress Activation erweiterte Rechte
    Es wurde eine kritische Schwachstelle in Multiple Themes Plugin für WordPress ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Activation Handler. Durch das Manipulieren mit unbekannten Daten kann eine ... read more
  • CVE-2023-24568 | Dell NetWorker autenticazione debole (dsa-2023-059)
    Un punto critico di livello critico è stato rilevato in Dell NetWorker. É interessato una funzione sconosciuta. Per causa della manipolazione di un input sconosciuto se causa una vulnerabilità di ... read more
  • CVE-2023-2547 | Feather Login Page up to 1.1.1 on WordPress authorization
    A vulnerability was found in Feather Login Page up to 1.1.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to missing authorization. ... read more
  • Frontegg launches entitlements engine to streamline access authorization
    SaaS-based customer identity and access management (CIAM) provider Frontegg has launched entitlements engine, an authorization management capability aimed at helping app developers and revenue teams streamline access authorization.The new ... read more
  • Screen recording Android app found to be spying on users
    A screen recorder app with over 50,000 downloads on Google Play Store was found to be discreetly recording audio using the device’s microphone and stealing files, suggesting it might ... read more
  • Upskilling the non-technical: finding cyber certification and training for internal hires
    Finding qualified staff to replace vacancies or build out an expanding team can be a nightmare for already overburdened CISOs, especially given there’s a pernicious and ongoing shortage of ... read more
  • Hackers hold city of Augusta hostage in a ransomware attack
    BlackByte group has claimed responsibility for a ransomware attack on the city of Augusta in Georgia. The ransomware group has posted 10GB of sample data for free and claimed they have ... read more
  • New phishing technique poses as a browser-based file archiver
    A new phishing technique can leverage the “file archiver in browser” exploit to emulate an archiving software in the web browser when a victim visits a .zip domain, according ... read more
  • Insider risk management: Where your program resides shapes its focus
    There’s no getting around it, I am long in the tooth and have been dealing with individuals who break trust within their work environment for more than 30 years, ... read more
  • CVE-2023-30350 | FS S3900-24T4S Privilege Escalation (ID 172124)
    Eine Schwachstelle wurde in FS S3900-24T4S entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess. Durch die Manipulation mit unbekannten Daten kann eine Privilege Escalation-Schwachstelle ausgenutzt werden. ... read more
  • CVE-2023-31874 | Yank Note 3.52.1 File Privilege Escalation (ID 172535)
    Es wurde eine Schwachstelle in Yank Note 3.52.1 gefunden. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Komponente File Handler. Durch Manipulation mit unbekannten Daten kann ... read more
  • Embedding Data In Point on a Graph: The Beauty and Power Of Elliptic Curves
    Photo by Isaac Smith on UnsplashFew things protect your online environment like elliptic curvesOne of the most beautiful things in our on-line world is the elliptic curve. It is there whenever you ... read more
  • Researchers find new ICS malware toolkit designed to cause electric power outages
    Over the past few years state-sponsored attackers have been ramping up their capabilities of hitting critical infrastructure like power grids to cause serious disruptions. A new addition to this ... read more
  • CVE-2022-48480 | Huawei EMUI/Magic UI buffer overflow
    Un punto di criticita di livello problematico è stato rilevato in Huawei EMUI and Magic UI. Da questa vulnerabilità è interessato una funzione sconosciuta. La manipolazione di un input sconosciuto ... read more
  • CVE-2023-31226 | Huawei EMUI/Magic UI MediaPlaybackController Module erweiterte Rechte
    Es wurde eine Schwachstelle in Huawei EMUI and Magic UI gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Komponente MediaPlaybackController Module. Mit der Manipulation mit ... read more
  • CVE-2022-48480 | Huawei EMUI/Magic UI Pufferüberlauf
    Eine problematische Schwachstelle wurde in Huawei EMUI and Magic UI ausgemacht. Davon betroffen ist unbekannter Code. Durch das Beeinflussen mit unbekannten Daten kann eine Pufferüberlauf-Schwachstelle ausgenutzt werden. Auf consumer.huawei.com kann ... read more
  • CVE-2022-48478 | Huawei HarmonyOS Facial Recognition TA Pufferüberlauf
    In Huawei HarmonyOS wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Komponente Facial Recognition TA. Dank der Manipulation mit unbekannten Daten kann eine ... read more
  • CVE-2023-2817 | Craft CMS bis 4.4.11 Entries Page Cross Site Scripting
    Eine Schwachstelle wurde in Craft CMS bis 4.4.11 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Komponente Entries Page. Dank Manipulation mit unbekannten Daten kann ... read more
  • CVE-2023-0116 | Huawei EMUI/Magic UI Reminder Module schwache Authentisierung
    Es wurde eine Schwachstelle in Huawei EMUI and Magic UI entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Reminder Module. Durch Beeinflussen mit unbekannten ... read more
  • Ubuntu Security Notice USN-6054-2
    Ubuntu Security Notice 6054-2 - USN-6054-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Moataz Al-Sharida and nawaik discovered ... read more
  • WBCE CMS 1.6.1 Cross Site Scripting
    WBCE CMS version 1.6.1 suffers from a cross site scripting vulnerability. ... read more
  • Debian Security Advisory 5411-1
    Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code. ... read more
  • Laravel 10.11 Database Disclosure / Information Disclosure
    Laravel version 10.11 suffers from database disclosure and information leakage vulnerabilities. ... read more
  • Seagate Central Storage 2015.0916 User Creation / Command Execution
    This Metasploit module exploits the broken access control vulnerability in Seagate Central External NAS Storage device. Subject product suffers several critical vulnerabilities such as broken access control. It makes it ... read more
  • Red Hat Security Advisory 2023-3319-01
    Red Hat Security Advisory 2023-3319-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. ... read more
  • Debian Security Advisory 5413-1
    Debian Linux Security Advisory 5413-1 - An issue has been found in sniproxy, a transparent TLS and HTTP layer 4 proxy with SNI support. Due to bad handling of wildcard ... read more
  • SCM Manager 1.60 Cross Site Scripting
    SCM Manager versions 1.2 through 1.60 suffer from a persistent cross site scripting vulnerability. ... read more
  • Ulicms 2023.1 Create Administrator
    Ulicms version 2023.1 create administrator user via mass assignment exploit. ... read more
  • Red Hat Security Advisory 2023-3326-01
    Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which ... read more
  • Zenphoto 1.6 Cross Site Scripting
    Zenphoto version 1.6 suffers from multiple persistent cross site scripting vulnerabilities. ... read more
  • Red Hat Security Advisory 2023-3325-01
    Red Hat Security Advisory 2023-3325-01 - Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based ... read more
  • Ubuntu Security Notice USN-6109-1
    Ubuntu Security Notice 6109-1 - Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A ... read more
  • Red Hat Security Advisory 2023-3323-01
    Red Hat Security Advisory 2023-3323-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. ... read more
  • The Most Important Area of Cybersecurity? Perhaps Identity and Access Managment?
    Photo by Vadim Bogulov on UnsplashMicrosoft EntraWhich area of cybersecurity that is often not talked about, but it is a actually one of the largest areas of development, and is core ... read more
  • CVE-2023-30615 | Iris fino 2.2.0 cross site scripting (GHSA-gc6j-6276-2m49)
    Una vulnerabilità di livello problematico è stata rilevata in Iris fino 2.2.0. Riguarda una funzione sconosciuta. Per causa della manipolazione di un input sconosciuto se causa una vulnerabilità di classe ... read more
  • CVE-2023-33750 | mipjz 5.0.5 Description cross site scripting (Issue 15)
    In mipjz 5.0.5 è stata rilevato un punto critico di livello problematico. Riguarda una funzione sconosciuta del file /index.php?s=/article/ApiAdminArticle/itemAdd. Attraverso l'influenza del parametro Description di un input sconosciuto per mezzo ... read more
  • CVE-2023-2362 | Bubble Menu Plugin fino 3.0.3 su WordPress page cross site scripting
    In Bubble Menu Plugin fino 3.0.3 è stato trovato un punto critico di livello problematico. É interessato una funzione sconosciuta. Per causa della manipolazione del parametro page di un input ... read more
  • CVE-2023-26215 | TIBCO EBX Add-ons fino 4.5.16 rivelazione di un 'informazione
    Un punto di criticita di livello problematico è stato rilevato in TIBCO EBX Add-ons fino 4.5.16. Da questa vulnerabilità è interessato una funzione sconosciuta. Attraverso la manipolazione di un input ... read more
  • CVE-2023-2900 | NFine Rapid Development Platform 20230511 /Login/CheckLogin crittografia debole
    Un punto di criticita di livello problematico è stato rilevato in NFine Rapid Development Platform 20230511. Da questa vulnerabilità è interessato una funzione sconosciuta del file /Login/CheckLogin. Attraverso l'influenza di ... read more
  • CVE-2023-26216 | EBX Add-ons fino 4.5.16 escalazione di privilegi
    Un punto di debole di livello problematico è stato rilevato in EBX Add-ons fino 4.5.16. É interessato una funzione sconosciuta. Mediante la manipolazione di un input sconosciuto conseguenza di una ... read more
  • CVE-2023-2903 | NFine Rapid Development Platform 20230511 GetGridJson escalazione di privilegi
    È stata rilevata una vulnerabilità di livello problematico in NFine Rapid Development Platform 20230511. É interessato una funzione sconosciuta del file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. Mediante la manipolazione di un input sconosciuto conseguenza ... read more
  • CVE-2023-33192 | ntpd prima 0.3.3 su Rust NTS Cookie Length denial of service
    In ntpd stata rilevata una vulnerabilità di livello problematico. Da questa vulnerabilità è interessato una funzione sconosciuta del componente NTS Cookie Length Handler. La manipolazione di un input sconosciuto se ... read more
  • CVE-2023-33279 | Store Commander scfixmyprestashop Module fino 2023-05-09 su PrestaShop HTTP Request sql injection
    In Store Commander scfixmyprestashop Module fino 2023-05-09 stata rilevata una vulnerabilità di livello critico. Da questa vulnerabilità è interessato una funzione sconosciuta del componente HTTP Request Handler. Per causa della ... read more
  • CVE-2023-2901 | NFine Rapid Development Platform 20230511 GetGridJson escalazione di privilegi
    Un punto di debole di livello problematico è stato rilevato in NFine Rapid Development Platform 20230511. É interessato una funzione sconosciuta del file /SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc. La manipolazione di un input sconosciuto ... read more
  • CVE-2023-2902 | NFine Rapid Development Platform 20230511 GetTreeGridJson escalazione di privilegi
    Una vulnerabilità di livello problematico è stata rilevata in NFine Rapid Development Platform 20230511. Riguarda una funzione sconosciuta del file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. Attraverso la manipolazione di un input sconosciuto per mezzo ... read more

MG Strategy+ Industrial Control Systems Group @2019

KAVI MGS iSTRACIN Platform v 02.25 Tuesday, May 30, 2023

  • Disclaimer |
  • Terms |
  • Privacy
  • About-Services |
  • Blog-Reports
  • YouTube
  • Pinterest
  • LinkedIn
  • Twitter
  • LinkedIn
  • Twitter
  • Connect-Contact

Login

Login to integratus systems Exchange Platform Services

Forgot password?
Register Now

Hello

  • Your Account Type is
  • Your Mail Id is
  • Your Username is

PDF Library Search

Security Briefing Search

Kaspersky Search

Reset Password

Reset Password

You have no permission to access this content