βΌ CVE-2023-23447 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivilegedremote attacker to influence the availability of the webserver by invocing several open file requests viathe REST interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47378 βΌ
π Read
via "National Vulnerability Database".
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22508 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23448 βΌ
π Read
via "National Vulnerability Database".
Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows aremote attacker to gain information about valid usernames via analysis of source code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31409 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22684 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Subscribers.Com Subscribers plugin <=Γ 1.5.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47390 βΌ
π Read
via "National Vulnerability Database".
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can leadΓ to a denial-of-service condition, memory overwriting, or remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47393 βΌ
π Read
via "National Vulnerability Database".
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23445 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remoteattacker to gain unauthorized access to data fields by using a therefore unpriviledged account via theREST interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47388 βΌ
π Read
via "National Vulnerability Database".
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can leadΓ to a denial-of-service condition, memory overwriting, or remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47385 βΌ
π Read
via "National Vulnerability Database".
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can leadΓ to a denial-of-service condition, memory overwriting, or remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47381 βΌ
π Read
via "National Vulnerability Database".
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can leadΓ to a denial-of-service condition, memory overwriting, or remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31408 βΌ
π Read
via "National Vulnerability Database".
Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR withPartnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remoteattacker to potentially steal user credentials that are stored in the userΓ’β¬β’s browsers local storage viacross-site-scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47391 βΌ
π Read
via "National Vulnerability Database".
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47386 βΌ
π Read
via "National Vulnerability Database".
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can leadΓ to a denial-of-service condition, memory overwriting, or remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47383 βΌ
π Read
via "National Vulnerability Database".
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can leadΓ to a denial-of-service condition, memory overwriting, or remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47379 βΌ
π Read
via "National Vulnerability Database".
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can leadΓ to a denial-of-service condition, memory overwriting, or remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4048 βΌ
π Read
via "National Vulnerability Database".
Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.π Read
via "National Vulnerability Database".
π’ Breach at US Transportation Department exposes 240,000 employee records π’
π Read
via "ITPro".
An investigation is underway into the breach, which affected former and current employee data π Read
via "ITPro".
IT Pro
Breach at US Transportation Department exposes 240,000 employee records
An investigation is underway into the breach, which affected former and current employee data
π΄ Microsoft Advisories Are Getting Worse π΄
π Read
via "Dark Reading".
A predictable patch cadence is nice, but the software giant can do more.π Read
via "Dark Reading".
Dark Reading
Microsoft Advisories Are Getting Worse
A predictable patch cadence is nice, but the software giant can do more.
π΄ TSA Official: Feds Improved Cybersecurity Response Post-Colonial Pipeline π΄
π Read
via "Dark Reading".
US Transportation Security Agency (TSA) administrator reflects on how the Colonial Pipeline incident has moved the needle in public-private cooperation.π Read
via "Dark Reading".
Dark Reading
TSA Official: Feds Improved Cybersecurity Response Post-Colonial Pipeline
US Transportation Security Agency (TSA) administrator reflects on how the Colonial Pipeline incident has moved the needle in public-private cooperation.