ABB HMI uses outdated software components that are statically linked into the firmware files and service binaries. These components have documented vulnerabilities and should be updated and replaced. It was possible to identify severally outdated OpenSSL (version 0.9.8g) and ABYSS HTTP (version 0.4) server components.
cad7c2fbbae341fd60776b4bb48d4026c7c1d00b91347c7ecd5ebdd509988332Gentoo Linux Security Advisory 201110-1 - Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks. Multiple vulnerabilities have been discovered in OpenSSL. Versions less than 1.0.0e are affected.
78e15ee61820730d1253f4cc3bcd9cf1a8a40d489e3ec6052c11cab2891af755Red Hat Security Advisory 2011-0896-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.
afb754e948ecb997661a2640f0ff3042c01bce970a3e081cc14ecea1dd6901bcUbuntu Security Notice 1003-1 - It was discovered that OpenSSL incorrectly handled return codes from the bn_wexpand function calls. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. It was discovered that OpenSSL incorrectly handled certain private keys with an invalid prime. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
b2e715ef6350c014f2ef81d22da60aa3be6b6ec9f0721564b45fce3833ccb3a8VMware Security Advisory 2010-0015 - ESX 4.0 Console OS (COS) updates for NSS_db, OpenLDAP, cURL, sudo OpenSSL, GnuTLS, NSS and NSPR packages.
fdad8c6c91e0eabfe81a21d19d5f5d5ed52fdc1c4de978eea683eae1e3131b79HP Security Bulletin - Potential security vulnerabilities have been identified with HP SSL for OpenVMS. The vulnerabilities could be remotely exploited resulting in unauthorized data injection or a Denial of Service (DoS).
4962704cafb19e0d8b33b253acee33bdfbeb5b80d6189aecbbfce46eafb25462Mandriva Linux Security Advisory 2010-076 - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection. OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors. The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash). Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Packages for 2009.0 are provided due to the Extended Maintenance Program.
11172d56889cc352548682b796e598baf6508870d7731f05c4647b445fbd3c72Mandriva Linux Security Advisory 2010-076 - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection. OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors. The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash). Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.
1b59ceccf86720022917393ba8d2460f6083ecf14b3020ddf7d6270d3d69d8efHP Security Bulletin - Potential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS).
c857682698953533dc63f2a6dcb131ef084d3854fb472410abd958573610c961
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed