• 1
  • 2
  • 3 (current)
  • 4

Critical vulnerability has been discovered in the utilized component 499ES EtherNet/IP Stack by Real Time Automation (RTA).



A critical vulnerability has been discovered in the fdtCONTAINER component by M&M Software GmbH used by PACTware.
While de-serializing PACTware 5 project files (loading PW5 files) the vulnerability can be exploited to execute arbitrary code.



Several critical vulnerabilities within Firmware have been identified. Please consult the CVEs for details.



Several vulnerabilities have been discovered in the utilized component WIBU-SYSTEMS CodeMeter Runtime.

For detailed information please refer to WIBU-SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html



PACTware passwords are stored in a recoverable format (CVE-2020-9403)

PACTware passwords may be modified without knowing the current password (CVE-2020-9404)



Security researchers at ESET have reported a vulnerability called Kr00k (CVE-2019- 15126) which affects encrypted WiFi traffic for devices using Broadcom or Cypress chipsets. The vulnerability may allow an attacker to decrypt some WPA2- Personal/Enterprise traffic by forcing an AP/client to start utilizing an all-zero encryption key (similar to KRACK vulnerability).



A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre- authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system.

To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.

See details on Microsoft's advisories:

CVE-2019-0708 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708)
CVE-2019-1181 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181)
CVE-2019-1182 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182)

Update A, 07.10.2019

  • Added CVE-2019-1181 + CVE-2019-1182 to Summary
  • Removed line "VisuNet RM Shell 5 devices and VisuNet PC devices running Windows 10 are not affected by this vulnerability." from Impact.
  • Added "RM Shell 5 devices" info to Solution



  • 1
  • 2
  • 3 (current)
  • 4

Feeds

Nach Hersteller

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0