This could allow an authenticated low privileged user to achieve privilege escalation. The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.Ī vulnerability has been identified in SINEC NMS (All versions). ![]() The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. related ET200 CPUs and SIPLUS variants) (All versions = 4.2). SIPLUS variants) (All versions >= V4.2), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (All versions >= 4.2), SIMATIC S7-1500 CPU family (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. Was ZDI-CAN-16777.Ī vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0), SIMATIC CP 1543-1 (All versions = V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 1543-1 (All versions = V2.0), SIMATIC CP 1543-1 (All versions = V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 1543-1 (All versions = V2.0), SIMATIC CP 1543-1 (All versions = V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 1543-1 (All versions = V9.11 = V3.3.0 = V3.3.0 = V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. ![]() The specific flaw exists within the handling of Annotation objects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.7. The specific flaw exists within the handling of Doc objects. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.5. ![]() The specific flaw exists within the handling of ADBC objects. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |