Total
261 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-30262 | 1 Emerson | 4 Controlwave Micro, Controlwave Micro Firmware, Controlwave Pac and 1 more | 2022-08-19 | N/A | 7.8 HIGH |
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks. | |||||
CVE-2022-31813 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2022-08-19 | 7.5 HIGH | 9.8 CRITICAL |
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. | |||||
CVE-2022-30264 | 1 Emerson | 10 Dl8000, Dl8000 Firmware, Fb3000 Rtu and 7 more | 2022-08-17 | N/A | 9.8 CRITICAL |
The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the flash filesystem and carrying out arbitrary file and directory read, write, and delete operations. | |||||
CVE-2020-1755 | 1 Moodle | 1 Moodle | 2022-08-17 | N/A | 5.3 MEDIUM |
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks. | |||||
CVE-2022-37008 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-08-15 | N/A | 7.5 HIGH |
The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability. | |||||
CVE-2022-29958 | 1 Jtekt | 34 Nano 10gx Tuc-1157, Nano 10gx Tuc-1157 Firmware, Nano Cpu Tuc-6941 and 31 more | 2022-08-03 | N/A | 9.8 CRITICAL |
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory address and a blob of machine code. The logic that is downloaded to the PLC is not cryptographically authenticated, allowing an attacker to execute arbitrary machine code on the PLC's CPU module in the context of the runtime. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, a processor without MPU or MMU is used and this no memory protection or privilege-separation capabilities are available, giving an attacker full control over the CPU. | |||||
CVE-2021-29462 | 1 Pupnp Project | 1 Pupnp | 2022-08-03 | 7.5 HIGH | 9.8 CRITICAL |
The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later. | |||||
CVE-2022-30272 | 1 Motorola | 2 Ace1000, Ace1000 Firmware | 2022-08-02 | N/A | 7.2 HIGH |
The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kernel, package, bundle, or application images can be installed. Firmware updates for the Front End Processor (FEP) module are performed via access to the SSH interface (22/TCP), where a .hex file image is transferred and a bootloader script invoked. File system, kernel, package, and bundle updates are supplied as RPM (RPM Package Manager) files while FEP updates are supplied as S-rec files. In all cases, firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks. | |||||
CVE-2022-30269 | 1 Motorola | 2 Ace1000, Ace1000 Firmware | 2022-08-02 | N/A | 8.8 HIGH |
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images (as PLX/DAT/APP/CRC files) are uploaded via the Web UI. In case of the C toolkit, they are transferred and installed using SFTP/SSH. In each case, application images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks. | |||||
CVE-2021-26608 | 2 Handysoft, Microsoft | 2 Hshell, Windows | 2022-08-02 | 7.5 HIGH | 9.8 CRITICAL |
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash. | |||||
CVE-2022-34763 | 1 Schneider-electric | 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more | 2022-07-27 | N/A | 7.5 HIGH |
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior) | |||||
CVE-2022-31598 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2022-07-15 | 4.9 MEDIUM | 5.4 MEDIUM |
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | |||||
CVE-2015-5236 | 1 Icedtea-web Project | 1 Icedtea-web | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value. | |||||
CVE-2021-37188 | 1 Digi | 17 Transport Dr64, Transport Dr64 Firmware, Transport Sr44 and 14 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway. | |||||
CVE-2021-33840 | 1 Luca-app | 1 Luca | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature. | |||||
CVE-2021-39689 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 6.7 MEDIUM |
In multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206090748 | |||||
CVE-2021-29655 | 1 Pexip | 1 Infinity Connect | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute. | |||||
CVE-2021-30005 | 1 Jetbrains | 1 Pycharm | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS. | |||||
CVE-2021-37421 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass. | |||||
CVE-2022-31801 | 2 Phoenixcontact, Phoenixcontact-software | 3 Multiprog, Proconos, Proconos Eclr | 2022-06-28 | 10.0 HIGH | 9.8 CRITICAL |
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. |