Bulletins

1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure IT Data Center Expert Vulnerabilities : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Insufficient Entropy, Improper Control of Generation of Code ('Code Injection'), Server-Side Request …

1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Low attack complexity Vendor : Lantronix Equipment : Provisioning Manager Vulnerability : Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a cross-site scripting attack, which could result in remote …

1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : DuraComm Corporation Equipment : SPM-500 DP-10iN-100-MU Vulnerabilities : Cleartext Transmission of Sensitive Information, Missing Authentication for a Critical Function, Improper Neutralization of Input During Web Page Generation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could …

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : Schneider Electric Equipment : EcoStruxure Power Operation Vulnerabilities : Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'), Integer Overflow to Buffer Overflow, Improper Handling of Highly Compressed Data (Data …

1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) Vulnerability : Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could provide other authenticated users with …

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect …

A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The integrated ICMP services in the underlying TCP/IP stack is vulnerable to a denial of service attack through specially crafted ICMP packets. A successful attack will impact the availability …