GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressedâ€� MODBUS register can be used to gain unauthorized information. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc. Zafiyet ile ilgili Genel Bilgi, Etki ve…
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective…
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings. Zafiyet ile ilgili…
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the…
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. Devamını Oku
Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını…
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.…