MG Strategy+ - KasperskyThreat Landscape for Industrial Automation Systems H1 2018 – Kaspersky Lab ICS CERT

MG Strategy+

Cybersecurity Data Services

Join Now-Sign Up
Log In

Threat Landscape for Industrial Automation Systems H1 2018 – Kaspersky Lab ICS CERT

Editor Paper Extracts
Editor Picks Articles
Editor Picks Maps
Editor Picks Reports
MGS+ EPCM Workgroup
MGS+ ICS Workgroup
MGS+ Operational Efficiencies Workgroup
MGS+ Partners
Uncategorized

001 MGS Alerts Advisories

CVE-2023-2968 | JFrog proxy HTTP Request socket.remoteAddress undefined values
A vulnerability classified as critical was found in JFrog proxy. This vulnerability affects unknown code of the component HTTP Request Handler. The manipulation of the argument socket.remoteAddress leads to improper ... read more
CVE-2023-33975 | RIOT-OS up to 2023.01 6LoWPAN Frame memory corruption (GHSA-f6ff-g7mh-58q4)
A vulnerability, which was classified as very critical, was found in RIOT-OS up to 2023.01. Affected is an unknown function of the component 6LoWPAN Frame Handler. The manipulation leads to ... read more
CVE-2023-33656 | NanoMQ 0.17.2 message.c resource consumption (Issue 1164)
A vulnerability, which was classified as problematic, has been found in NanoMQ 0.17.2. This issue affects some unknown processing of the file message.c. The manipulation leads to resource consumption. The ... read more
CVE-2023-2836 | CRM Perks Forms Plugin bis 1.1.1 auf WordPress Cross Site Scripting
In CRM Perks Forms Plugin bis 1.1.1 für WordPress wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung. Durch Manipulieren mit unbekannten Daten kann eine Cross Site Scripting-Schwachstelle ausgenutzt ... read more
CVE-2022-48336 | Google Nexus 6 Widevine Trustlet PRDiagParseAndStoreData Pufferüberlauf
Eine kritische Schwachstelle wurde in Google Nexus 6 ausgemacht. Betroffen davon ist die Funktion PRDiagParseAndStoreData der Komponente Widevine Trustlet. Durch das Beeinflussen mit unbekannten Daten kann eine Pufferüberlauf-Schwachstelle ausgenutzt werden. ... read more
CVE-2023-33923 | Multiple Themes Plugin auf WordPress Activation erweiterte Rechte
Es wurde eine kritische Schwachstelle in Multiple Themes Plugin für WordPress ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Activation Handler. Durch das Manipulieren mit unbekannten Daten kann eine ... read more
CVE-2023-24568 | Dell NetWorker autenticazione debole (dsa-2023-059)
Un punto critico di livello critico è stato rilevato in Dell NetWorker. É interessato una funzione sconosciuta. Per causa della manipolazione di un input sconosciuto se causa una vulnerabilità di ... read more
CVE-2023-2547 | Feather Login Page up to 1.1.1 on WordPress authorization
A vulnerability was found in Feather Login Page up to 1.1.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to missing authorization. ... read more
Frontegg launches entitlements engine to streamline access authorization
SaaS-based customer identity and access management (CIAM) provider Frontegg has launched entitlements engine, an authorization management capability aimed at helping app developers and revenue teams streamline access authorization.The new ... read more
Screen recording Android app found to be spying on users
A screen recorder app with over 50,000 downloads on Google Play Store was found to be discreetly recording audio using the device’s microphone and stealing files, suggesting it might ... read more
Upskilling the non-technical: finding cyber certification and training for internal hires
Finding qualified staff to replace vacancies or build out an expanding team can be a nightmare for already overburdened CISOs, especially given there’s a pernicious and ongoing shortage of ... read more
Hackers hold city of Augusta hostage in a ransomware attack
BlackByte group has claimed responsibility for a ransomware attack on the city of Augusta in Georgia. The ransomware group has posted 10GB of sample data for free and claimed they have ... read more
New phishing technique poses as a browser-based file archiver
A new phishing technique can leverage the “file archiver in browser” exploit to emulate an archiving software in the web browser when a victim visits a .zip domain, according ... read more
Insider risk management: Where your program resides shapes its focus
There’s no getting around it, I am long in the tooth and have been dealing with individuals who break trust within their work environment for more than 30 years, ... read more
CVE-2023-30350 | FS S3900-24T4S Privilege Escalation (ID 172124)
Eine Schwachstelle wurde in FS S3900-24T4S entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess. Durch die Manipulation mit unbekannten Daten kann eine Privilege Escalation-Schwachstelle ausgenutzt werden. ... read more
CVE-2023-31874 | Yank Note 3.52.1 File Privilege Escalation (ID 172535)
Es wurde eine Schwachstelle in Yank Note 3.52.1 gefunden. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Komponente File Handler. Durch Manipulation mit unbekannten Daten kann ... read more
Embedding Data In Point on a Graph: The Beauty and Power Of Elliptic Curves
Photo by Isaac Smith on UnsplashFew things protect your online environment like elliptic curvesOne of the most beautiful things in our on-line world is the elliptic curve. It is there whenever you ... read more
Researchers find new ICS malware toolkit designed to cause electric power outages
Over the past few years state-sponsored attackers have been ramping up their capabilities of hitting critical infrastructure like power grids to cause serious disruptions. A new addition to this ... read more
CVE-2022-48480 | Huawei EMUI/Magic UI buffer overflow
Un punto di criticita di livello problematico è stato rilevato in Huawei EMUI and Magic UI. Da questa vulnerabilità è interessato una funzione sconosciuta. La manipolazione di un input sconosciuto ... read more
CVE-2023-31226 | Huawei EMUI/Magic UI MediaPlaybackController Module erweiterte Rechte
Es wurde eine Schwachstelle in Huawei EMUI and Magic UI gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Komponente MediaPlaybackController Module. Mit der Manipulation mit ... read more
CVE-2022-48480 | Huawei EMUI/Magic UI Pufferüberlauf
Eine problematische Schwachstelle wurde in Huawei EMUI and Magic UI ausgemacht. Davon betroffen ist unbekannter Code. Durch das Beeinflussen mit unbekannten Daten kann eine Pufferüberlauf-Schwachstelle ausgenutzt werden. Auf consumer.huawei.com kann ... read more
CVE-2022-48478 | Huawei HarmonyOS Facial Recognition TA Pufferüberlauf
In Huawei HarmonyOS wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Komponente Facial Recognition TA. Dank der Manipulation mit unbekannten Daten kann eine ... read more
CVE-2023-2817 | Craft CMS bis 4.4.11 Entries Page Cross Site Scripting
Eine Schwachstelle wurde in Craft CMS bis 4.4.11 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Komponente Entries Page. Dank Manipulation mit unbekannten Daten kann ... read more
CVE-2023-0116 | Huawei EMUI/Magic UI Reminder Module schwache Authentisierung
Es wurde eine Schwachstelle in Huawei EMUI and Magic UI entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Reminder Module. Durch Beeinflussen mit unbekannten ... read more
Ubuntu Security Notice USN-6054-2
Ubuntu Security Notice 6054-2 - USN-6054-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Moataz Al-Sharida and nawaik discovered ... read more
WBCE CMS 1.6.1 Cross Site Scripting
WBCE CMS version 1.6.1 suffers from a cross site scripting vulnerability. ... read more
Debian Security Advisory 5411-1
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code. ... read more
Laravel 10.11 Database Disclosure / Information Disclosure
Laravel version 10.11 suffers from database disclosure and information leakage vulnerabilities. ... read more
Seagate Central Storage 2015.0916 User Creation / Command Execution
This Metasploit module exploits the broken access control vulnerability in Seagate Central External NAS Storage device. Subject product suffers several critical vulnerabilities such as broken access control. It makes it ... read more
Red Hat Security Advisory 2023-3319-01
Red Hat Security Advisory 2023-3319-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. ... read more
Debian Security Advisory 5413-1
Debian Linux Security Advisory 5413-1 - An issue has been found in sniproxy, a transparent TLS and HTTP layer 4 proxy with SNI support. Due to bad handling of wildcard ... read more
SCM Manager 1.60 Cross Site Scripting
SCM Manager versions 1.2 through 1.60 suffer from a persistent cross site scripting vulnerability. ... read more
Ulicms 2023.1 Create Administrator
Ulicms version 2023.1 create administrator user via mass assignment exploit. ... read more
Red Hat Security Advisory 2023-3326-01
Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which ... read more
Zenphoto 1.6 Cross Site Scripting
Zenphoto version 1.6 suffers from multiple persistent cross site scripting vulnerabilities. ... read more
Red Hat Security Advisory 2023-3325-01
Red Hat Security Advisory 2023-3325-01 - Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based ... read more
Ubuntu Security Notice USN-6109-1
Ubuntu Security Notice 6109-1 - Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A ... read more
Red Hat Security Advisory 2023-3323-01
Red Hat Security Advisory 2023-3323-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. ... read more
The Most Important Area of Cybersecurity? Perhaps Identity and Access Managment?
Photo by Vadim Bogulov on UnsplashMicrosoft EntraWhich area of cybersecurity that is often not talked about, but it is a actually one of the largest areas of development, and is core ... read more
CVE-2023-30615 | Iris fino 2.2.0 cross site scripting (GHSA-gc6j-6276-2m49)
Una vulnerabilità di livello problematico è stata rilevata in Iris fino 2.2.0. Riguarda una funzione sconosciuta. Per causa della manipolazione di un input sconosciuto se causa una vulnerabilità di classe ... read more
CVE-2023-33750 | mipjz 5.0.5 Description cross site scripting (Issue 15)
In mipjz 5.0.5 è stata rilevato un punto critico di livello problematico. Riguarda una funzione sconosciuta del file /index.php?s=/article/ApiAdminArticle/itemAdd. Attraverso l'influenza del parametro Description di un input sconosciuto per mezzo ... read more
CVE-2023-2362 | Bubble Menu Plugin fino 3.0.3 su WordPress page cross site scripting
In Bubble Menu Plugin fino 3.0.3 è stato trovato un punto critico di livello problematico. É interessato una funzione sconosciuta. Per causa della manipolazione del parametro page di un input ... read more
CVE-2023-26215 | TIBCO EBX Add-ons fino 4.5.16 rivelazione di un 'informazione
Un punto di criticita di livello problematico è stato rilevato in TIBCO EBX Add-ons fino 4.5.16. Da questa vulnerabilità è interessato una funzione sconosciuta. Attraverso la manipolazione di un input ... read more
CVE-2023-2900 | NFine Rapid Development Platform 20230511 /Login/CheckLogin crittografia debole
Un punto di criticita di livello problematico è stato rilevato in NFine Rapid Development Platform 20230511. Da questa vulnerabilità è interessato una funzione sconosciuta del file /Login/CheckLogin. Attraverso l'influenza di ... read more
CVE-2023-26216 | EBX Add-ons fino 4.5.16 escalazione di privilegi
Un punto di debole di livello problematico è stato rilevato in EBX Add-ons fino 4.5.16. É interessato una funzione sconosciuta. Mediante la manipolazione di un input sconosciuto conseguenza di una ... read more
CVE-2023-2903 | NFine Rapid Development Platform 20230511 GetGridJson escalazione di privilegi
È stata rilevata una vulnerabilità di livello problematico in NFine Rapid Development Platform 20230511. É interessato una funzione sconosciuta del file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. Mediante la manipolazione di un input sconosciuto conseguenza ... read more
CVE-2023-33192 | ntpd prima 0.3.3 su Rust NTS Cookie Length denial of service
In ntpd stata rilevata una vulnerabilità di livello problematico. Da questa vulnerabilità è interessato una funzione sconosciuta del componente NTS Cookie Length Handler. La manipolazione di un input sconosciuto se ... read more
CVE-2023-33279 | Store Commander scfixmyprestashop Module fino 2023-05-09 su PrestaShop HTTP Request sql injection
In Store Commander scfixmyprestashop Module fino 2023-05-09 stata rilevata una vulnerabilità di livello critico. Da questa vulnerabilità è interessato una funzione sconosciuta del componente HTTP Request Handler. Per causa della ... read more
CVE-2023-2901 | NFine Rapid Development Platform 20230511 GetGridJson escalazione di privilegi
Un punto di debole di livello problematico è stato rilevato in NFine Rapid Development Platform 20230511. É interessato una funzione sconosciuta del file /SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc. La manipolazione di un input sconosciuto ... read more
CVE-2023-2902 | NFine Rapid Development Platform 20230511 GetTreeGridJson escalazione di privilegi
Una vulnerabilità di livello problematico è stata rilevata in NFine Rapid Development Platform 20230511. Riguarda una funzione sconosciuta del file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. Attraverso la manipolazione di un input sconosciuto per mezzo ... read more

MG Strategy+ Industrial Control Systems Group @2019

KAVI MGS iSTRACIN Platform v 02.25 Tuesday, May 30, 2023

Disclaimer |
Terms |
Privacy
About-Services |
Blog-Reports
YouTube
Pinterest
LinkedIn
Twitter
LinkedIn
Twitter
Connect-Contact

Login

Login to integratus systems Exchange Platform Services

Forgot password?

Register Now

Hello

Your Account Type is
Your Mail Id is
Your Username is

PDF Library Search

Security Briefing Search

Kaspersky Search

Reset Password

Reset Password

You have no permission to access this content