Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling.
For the mGuard Device Manager only the mdm Installer for Windows is affected.
FL MGUARD and TC MGUARD devices are affected by a possible infinite loop within a OpenSSL library method for parsing elliptic curve parameters. This method is used on parsing cryptographic certificates that contain elliptic curve public keys in compressed form, which may occur on:
Attackers could try to exploit the vulnerability from remote.
For the mGuard Device Manager only the mdm Installer for Windows is affected.
UPDATE A: Added FL MGUARD 1102 and FL MGUARD 1105:
On FL MGUARD 1102 and FL MGUARD 1105 with mGuardNT 1.5.2 and older, the device can
be affected through an adapted certificate. This can occur on connection with a remote logging
server, configured for certificate authentication, or an remote authentication server at certificate
based authentication.
PLCnext Control AXC F x152 is certified according to IEC 62443-4-1 and IEC 62443-4-2.
This certification requires that all third-party components used in the firmware are regularly checked for known vulnerabilities.
Firmware components in version 2021.06 had already been updated. For the 2022.0 LTS version more firmware components have been updated implicitly fixing the vulnerabilities listed. The vulnerabilities listed above have not been individually verified in terms of actual impact and/or limitations in combination with the affected products listed. The current LTS release 2022.0 LTS contains updates of integrated third-party libraries, SDKs and other third-party software to address these issues nevertheless.
UPDATE A (April 4th, 2022): Added RFC 4072 (Art. No. 1051328) and fixed affected version of AXC F 3152
Several vulnerabilities have been discovered in the Expat XML parser library (aka libexpat).
This open-source component is widely used in a lot of products worldwide.
A remote, anonymous attacker could use an integer overflow to execute arbitrary program code when loading specially crafted XML files.
Profinet SDK is using XML parser library Expat as reference solution for loading the XML based Profinet network configuration files (IPPNIO or TIC).
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was fixed in SharpZipLib version 1.3.3.
The user management of the FL SWITCH 2xxx family of devices implements access rights based on roles and permission groups. An unprivileged user logged in via the SSH CLI is assigned to the admin role independent of his configured access role enabling full access to the device configuration (CWE-266 - Incorrect Privilege Assignment).
User Management via SSH was first introduced with firmware version 3.00. Firmware versions other than 3.00 are not affected by this vulnerability.
The TCP/IP stack and of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities. Nucleus NET is utilized by BLUEMARK X1 / LED / CLED.
The abovementioned BLUEMARK printers are discontinued and only impacted by a subset of 8 of the 13 discovered vulnerabilities.
Cross-site scripting in web-based management and memory leak in the remote logging function of FL MGUARD 1102 and FL MGUARD 1105.
CVE-2021-34582:
The file upload functionality in the web-based management is affected by a stored cross-site scripting vulnerability (CWE-79: Improper Neutralization of Input During Web Page Generation). An authenticated FL MGUARD user with Admin or Super Admin role can upload a certificate file on the Basic settings > LDAP page, on the Logs > Remote logging page, or through the REST API. The content of this file is embedded into the corresponding web page, and any
HTML code within the file is rendered when the page is viewed by the same or a different authenticated user.
CVE-2021-34598:
The remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active (CWE-770: Allocation of Resources Without Limits or Throttling).