The IDAL HTTP server CGI interface contains a URL, which allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. In the IDAL CGI interface, there is a URL (/cgi/loginDefaultUser), which will create a session in an authenticated state and return the session ID along with the username and plaintext password of the user. An attacker can then login with the provided credentials or supply the string 'IDALToken=......' in a cookie which will allow them to perform privileged operations such as restarting the service with /cgi/restart.
2617e6ac047295c7fb8c7aca613dea0e8f19f61ec746d1002bff8329b0e82b21
ABB HMI fails to perform any signature validation checking during two different transmission methods for upgrade.
39d7cecad6807940c328851d93368e198e19bde1cf6dc40359be5823c04e00ba
Debian Linux Security Advisory 4447-2 - DSA 4447-1 shipped updated CPU microcode for most types of Intel CPUs as mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.
a5902e9935ec54ff69e6f1affec6dc016f6d0b7266bea6bb48e254b1709dfc50
The IDAL FTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server.
97f45ac950dcf506a57f347833ae16de5edfa742a6d69f781cb6a6095d7d3ef0
FreeBSD Security Advisory - While processing acknowledgements, the RACK code uses several linked lists to maintain state entries. A malicious attacker can cause the lists to grow unbounded. This can cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service. An attacker with the ability to send specially crafted TCP traffic to a victim system can degrade network performance and/or consume excessive CPU by exploiting the inefficiency of traversing the potentially very large RACK linked lists with relatively small bandwidth cost.
85f2ffcf89eae31c9b0babd62b1d66ae80b60a35fc0e3d2f7a258259db7a0aff
The affected ABB components implement hidden administrative accounts used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI.
641a46252f672912e5381d2076081a87e7c263f215b0495b1012cb8757b1ddd0
Ubuntu Security Notice 3977-3 - USN-3977-1 and USN-3977-2 provided mitigations for Microarchitectural Data Sampling vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for the Intel Sandy Bridge processor family Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Ă–sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
ed317ae7b7c572f26093fb0c8c309ac718b0e8bf9fb78afb3394a3f341283421
The IDAL FTP server fails to ensure that directory change requests do not change to locations outside of the FTP servers root directory. An authenticated attacker can simply traverse outside the server root directory by changing the directory with "cd ..". An authenticated attacker can traverse to arbitrary directories on the hard disk and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker.
00c2ac3a1ecb33776d1003c082f02f6355b49f02e6dd423c518718f20b434e76
Red Hat Security Advisory 2019-1587-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
987b58ef43f8bd96d39fc5779df1da0b6731fee650e8d6f95fdac81291447c8d
ABB HMI uses outdated software components that are statically linked into the firmware files and service binaries. These components have documented vulnerabilities and should be updated and replaced. It was possible to identify severally outdated OpenSSL (version 0.9.8g) and ABYSS HTTP (version 0.4) server components.
cad7c2fbbae341fd60776b4bb48d4026c7c1d00b91347c7ecd5ebdd509988332
This whitepaper details methodologies in relation to threat hunting.
b140c0a2d5b03908ec656abeeecb9c2639808c3de67bc648b07b4db3a813d8de
EA Origin versions prior to 10.5.38 suffer from a remote code execution vulnerability.
f0de366e5349b0d5f1a354e208bc594b56a06754395bb9d4404642b9aa5ddb7c
Slackware Security Advisory - New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a denial-of-service security issue.
c55130c9e5f99421d294ecdbfe9ae5d293d376a1e44de2a7c87a8cdbb44d7f1c
Trinity is a fully chained exploit for the PS Vita consisting of six unique vulnerabilities. It is based on a decade of knowledge and research. This is a long whitepaper detailing everything.
c63808c01ffe59a9a5db479fa0b4fd3ba8e4258c0342c35cd12be895642e85dc
The IDAL FTP server is vulnerable to a buffer overflow where a large string is sent by an authenticated attacker that causes a buffer overflow. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer causing an exception that terminates the server. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker.
e9908b2bf53d554da934fea45c01279a24ea790f35632602c380884910cf6d18