βΌ CVE-2022-33316 βΌ
π Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2179 βΌ
π Read
via "National Vulnerability Database".
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33944 βΌ
π Read
via "National Vulnerability Database".
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter Γ’β¬ΕDevice ID,Γ’β¬οΏ½ which accepts arbitrary device IDs.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34047 βΌ
π Read
via "National Vulnerability Database".
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].π Read
via "National Vulnerability Database".
βΌ CVE-2022-33315 βΌ
π Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33318 βΌ
π Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64 server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29834 βΌ
π Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and accessing the monitoring screen.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1264 βΌ
π Read
via "National Vulnerability Database".
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34045 βΌ
π Read
via "National Vulnerability Database".
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34046 βΌ
π Read
via "National Vulnerability Database".
An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].π Read
via "National Vulnerability Database".
βΌ CVE-2022-34150 βΌ
π Read
via "National Vulnerability Database".
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33320 βΌ
π Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a project configuration file including malicious XML codes.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1766 βΌ
π Read
via "National Vulnerability Database".
Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33317 βΌ
π Read
via "National Vulnerability Database".
Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious script codes.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2107 βΌ
π Read
via "National Vulnerability Database".
The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS ownerΓ’β¬β’s mobile number.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33319 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to disclose information on memory or cause a Denial of Service (DoS) condition by sending specially crafted packets to the GENESIS64 server.π Read
via "National Vulnerability Database".
π What is SIEM? How It Works, Best Practices for Implementation & More π
π Read
via "".
Learn about Security Information and Event Management or SIEM, how an organization can get the most out of its SIEM technology and best practices for implementing a solution in this blog.π Read
via "".
Digitalguardian
What is SIEM? How It Works, Best Practices for Implementation & More
Learn about Security Information and Event Management or SIEM, how an organization can get the most out of its SIEM technology and best practices for implementing a solution in this blog.
π΄ Mutare Voice Network Threat Survey Shows Nearly Half of Organizations Experienced Vishing or Social Engineering Attacks in Past Year π΄
π Read
via "Dark Reading".
Unsecured voice traffic, skyrocketing adoption of Teams-centric enterprise collaboration tools widen enterprise cybersecurity gaps and increase risk of breach.π Read
via "Dark Reading".
Dark Reading
Mutare Voice Network Threat Survey Shows Nearly Half of Organizations Experienced Vishing or Social Engineering Attacks in Pastβ¦
Unsecured voice traffic, skyrocketing adoption of Teams-centric enterprise collaboration tools widen enterprise cybersecurity gaps and increase risk of breach.
π΄ What InfoSec Pros Can Teach the Organization About ESG π΄
π Read
via "Dark Reading".
Security pros' experience with transparency and evaluating third-party partners positions them to act as key environmental, social, and governance advisers.π Read
via "Dark Reading".
Dark Reading
What InfoSec Pros Can Teach the Organization About ESG
Security pros' experience with transparency and evaluating third-party partners positions them to act as key environmental, social, and governance advisers.
π΄ Data-Centric Security Market Worth $12.3B by 2027 - Exclusive Report by MarketsandMarketsβ’ π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Data-Centric Security Market Worth $12.3B by 2027 - Exclusive Report by MarketsandMarketsβ’
π΄ Feds Recoup $500K From Maui Ransomware Gang π΄
π Read
via "Dark Reading".
Law enforcement hopes that retuning ransom payments to impacted businesses will demonstrate that working with the feds following a cybersecurity breach is "good business."π Read
via "Dark Reading".
Dark Reading
Feds Recoup $500K From Maui Ransomware Gang
Law enforcement hopes that retuning ransom payments to impacted businesses will demonstrate that working with the feds following a cybersecurity breach is "good business."