ESB-2021.2305 – [RedHat] OpenShift Container Platform 4.5.41: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2305
OpenShift Container Platform 4.5.41 security update
2 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: OpenShift Container Platform 4.5.41
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Increased Privileges — Existing Account
Create Arbitrary Files — Existing Account
Delete Arbitrary Files — Remote with User Interaction
Denial of Service — Remote/Unauthenticated
Cross-site Request Forgery — Remote with User Interaction
Access Confidential Data — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-21645 CVE-2021-21644 CVE-2021-21643
CVE-2021-21642 CVE-2020-27223 CVE-2020-27218
CVE-2020-27216

Reference: ASB-2021.0095
ASB-2021.0086
ESB-2021.2286
ESB-2021.2275

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:2431

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: OpenShift Container Platform 4.5.41 security update
Advisory ID: RHSA-2021:2431-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2431
Issue date: 2021-07-01
CVE Names: CVE-2020-27216 CVE-2020-27218 CVE-2020-27223
CVE-2021-21642 CVE-2021-21643 CVE-2021-21644
CVE-2021-21645
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.5.41 is now available with
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact
of [[Important]]. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.5 – noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.5.41. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHSA-2021:2430

Security Fix(es):

* jenkins-2-plugins/config-file-provider: Does not configure its XML parser
to prevent XML external entity (XXE) attacks. (CVE-2021-21642)

* jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)

* jetty: buffer not correctly recycled in Gzip Request inflation
(CVE-2020-27218)

* jetty: request containing multiple Accept headers with a large number of
“quality” parameters may lead to DoS (CVE-2020-27223)

* jenkins-2-plugins/config-file-provider: Does not correctly perform
permission checks in several HTTP endpoints. (CVE-2021-21643)

* jenkins-2-plugins/config-file-provider: does not require POST requests
for an HTTP endpoint, resulting in a cross-site request forgery (CSRF)
vulnerability. (CVE-2021-21644)

* jenkins-2-plugins/config-file-provider: Does not perform permission
checks in several HTTP endpoints. (CVE-2021-21645)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* Placeholder bug for OCP 4.5.41 rpm release (BZ#1972114)

4. Solution:

For OpenShift Container Platform 4.5 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel
ease-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.5/updating/updating-cluster
– – -cli.html

5. Bugs fixed (https://bugzilla.redhat.com/):

1891132 – CVE-2020-27216 jetty: local temporary directory hijacking vulnerability
1902826 – CVE-2020-27218 jetty: buffer not correctly recycled in Gzip Request inflation
1934116 – CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of “quality” parameters may lead to DoS
1952146 – CVE-2021-21642 jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.
1952148 – CVE-2021-21643 jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.
1952151 – CVE-2021-21644 jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
1952152 – CVE-2021-21645 jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.
1972114 – Placeholder bug for OCP 4.5.z rpm release

6. Package List:

Red Hat OpenShift Container Platform 4.5:

Source:
atomic-openshift-service-idler-4.5.0-202106011407.p0.git.39cfc66.el7.src.rpm
jenkins-2-plugins-4.5.1623326336-1.el7.src.rpm
jenkins-2.277.3.1623846768-1.el7.src.rpm
openshift-4.5.0-202106011407.p0.git.d8ef5ad.el7.src.rpm
openshift-ansible-4.5.0-202106011407.p0.git.83db419.el7.src.rpm
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el7.src.rpm

noarch:
jenkins-2-plugins-4.5.1623326336-1.el7.noarch.rpm
jenkins-2.277.3.1623846768-1.el7.noarch.rpm
openshift-ansible-4.5.0-202106011407.p0.git.83db419.el7.noarch.rpm
openshift-ansible-test-4.5.0-202106011407.p0.git.83db419.el7.noarch.rpm

ppc64le:
atomic-openshift-service-idler-4.5.0-202106011407.p0.git.39cfc66.el7.ppc64le.rpm
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el7.ppc64le.rpm
openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el7.ppc64le.rpm

s390x:
atomic-openshift-service-idler-4.5.0-202106011407.p0.git.39cfc66.el7.s390x.rpm
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el7.s390x.rpm
openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el7.s390x.rpm

x86_64:
atomic-openshift-service-idler-4.5.0-202106011407.p0.git.39cfc66.el7.x86_64.rpm
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el7.x86_64.rpm
openshift-clients-redistributable-4.5.0-202106011407.p0.git.297a4ac.el7.x86_64.rpm
openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el7.x86_64.rpm

Red Hat OpenShift Container Platform 4.5:

Source:
machine-config-daemon-4.5.0-202106011407.p0.git.f003424.el8.src.rpm
openshift-4.5.0-202106011407.p0.git.d8ef5ad.el8.src.rpm
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el8.src.rpm
openshift-kuryr-4.5.0-202106011407.p0.git.75cc301.el8.src.rpm

noarch:
openshift-kuryr-cni-4.5.0-202106011407.p0.git.75cc301.el8.noarch.rpm
openshift-kuryr-common-4.5.0-202106011407.p0.git.75cc301.el8.noarch.rpm
openshift-kuryr-controller-4.5.0-202106011407.p0.git.75cc301.el8.noarch.rpm
python3-kuryr-kubernetes-4.5.0-202106011407.p0.git.75cc301.el8.noarch.rpm

ppc64le:
machine-config-daemon-4.5.0-202106011407.p0.git.f003424.el8.ppc64le.rpm
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el8.ppc64le.rpm
openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el8.ppc64le.rpm

s390x:
machine-config-daemon-4.5.0-202106011407.p0.git.f003424.el8.s390x.rpm
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el8.s390x.rpm
openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el8.s390x.rpm

x86_64:
machine-config-daemon-4.5.0-202106011407.p0.git.f003424.el8.x86_64.rpm
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el8.x86_64.rpm
openshift-clients-redistributable-4.5.0-202106011407.p0.git.297a4ac.el8.x86_64.rpm
openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-27216
https://access.redhat.com/security/cve/CVE-2020-27218
https://access.redhat.com/security/cve/CVE-2020-27223
https://access.redhat.com/security/cve/CVE-2021-21642
https://access.redhat.com/security/cve/CVE-2021-21643
https://access.redhat.com/security/cve/CVE-2021-21644
https://access.redhat.com/security/cve/CVE-2021-21645
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
– —–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBYN5b/9zjgjWX9erEAQjtjg/+JEO2d7HX5jficHJcpP4XaWHbKR9ueJeY
4TB8ZiZavg+Y6Ni2pgq9rIXUNahq+0kNovYnP5203CJKL1pzXBkOUwoBE6An0t1D
jRwSUMo/bBlxgGogjnQOwI8O0NFYdihpFq1wcsQVQivLtlN/a0rlgapDvj2C4Hlk
nwmPTZr3aptKWwwwGW8nrhrcg6fU/mwJPK0Xi66pDe954+s/ZhgsHI0m9Um4vaAY
wV8A8NJrwKrkVSuEE7dk54+H+IzNa6roVwnl1/K0ohZAgWQEE9SlCiJdwkae9qLu
O/H0kSc9tlFbDs5P7KSM5Q2BiJJQPdqfCJMzDyVFxanSmCunjv+aRgeXEKMJUcuF
ZHbO16uRxt/0dpZ5MDj37BkOPcMmm86ju4LBwSreWwkVMWueHoCPt2bhuumOQ7Yk
QLab4uzWsV9mIclMlk05VdvpHmvslL/kfud/7Uo0Q5bmDKOB5zYI6w0Dkw/LRAsH
mOA2G438DchzRuELVsyw+fj+ERtWxtEy52WyuLrwIxUS1GkZZgHT+PV9x68kWJQa
5kbFT36IXvged0C+47FOzjp9h1ElE4v9D/6hCOpkYHddpF4l0P1Ko8AzfB9scEev
066oSydapTgVscMVsVsVlYVssAkU1yaXiY0bCtJGHjbIgEvXC2SqglNxl+XH1KEo
9IgjqT+OWcU=
=ujtL
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYN5whONLKJtyKPYoAQjGkA/+LK8jRY4hhnOhD2SUu1mGu/KdV/32/rr5
KToOYbyJA6d7S7Pzy3qeGzdlTaI516ccLyvJQeKt5LUYdrCneCzJzjIb6TuDUR2M
gd/yz6zlKMFQy4Av4SMBFzTwC98iGSvXV8IWTVCsPvTrIUXzDoSr8qISbKgNlXW1
NO7aYNBHy2xwuXdS03uZln2gYlg7C0k0gMkNHYIH6kkqWHFToihWRs4DZl5WGx9q
4HIy0vqJvzTy63KoHpURSNhtuOqhWOCj41xrTLt9NGh6W5etGlCY0xTmVvtZ1Whq
ACKs54Pii3u8MGtzBUCNbr0QSrypmhikm9khttIzGgO3ONWsByAnWN9rhChMjuO8
DyHo+h9ahKdO7XobwRg3h5v/qYZyCYO1gw0ECbyAUcVmAnDfvIK/d7qThYr/D04L
IX/7iVb41XnW+pexnUgJoqBCCob4rftWI93PK7WODsJ/He2A8sdk53gi2YeNMMQk
F4+ykHW18VEbRl0ddObW7O1oCngTbGE/wlT1y17ZlkraQaOLttmaLkviSY5UYAsg
3OWC20Rcfh9bBjHdTjUvsZc1gks6Uk72zqYxMzw9r4CjwVASVkonmR3uDEpco8aC
IJpo3NrRn1iyZrcApOgMSvbkgaMkGrNGaErzUkpj7eZWCG+A6MrePbs94EeSZoP6
2r/ZoNRhznA=
=7WM6
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.2305 – [RedHat] OpenShift Container Platform 4.5.41: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/02/esb-2021-2305-redhat-openshift-container-platform-4-5-41-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2305-redhat-openshift-container-platform-4-5-41-multiple-vulnerabilities

ESB-2021.2299 – GitLab Community Edition and GitLab Enterprise Edition: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2299
GitLab Security Release 14.0.2, 13.12.6, and 13.11.6
2 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: GitLab Community Edition
GitLab Enterprise Edition
Publisher: GitLab
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Virtualisation
Impact/Access: Cross-site Request Forgery — Remote with User Interaction
Cross-site Scripting — Remote with User Interaction
Denial of Service — Existing Account
Provide Misleading Information — Remote with User Interaction
Access Confidential Data — Remote/Unauthenticated
Unauthorised Access — Existing Account
Reduced Security — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-22223

Original Bulletin:
https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/

– ————————–BEGIN INCLUDED TEXT——————–

Jul 1, 2021 – Costel Maxim

GitLab Security Release: 14.0.2, 13.12.6, and 13.11.6

Learn more about GitLab Security Release: 14.0.2, 13.12.6, and 13.11.6 for
GitLab Community Edition (CE) and Enterprise Edition (EE).

Today we are releasing versions 14.0.2, 13.12.6, and 13.11.6 for GitLab
Community Edition (CE) and Enterprise Edition (EE).

These versions contain important security fixes, and we strongly recommend that
all GitLab installations be upgraded to one of these versions immediately.

GitLab releases patches for vulnerabilities in dedicated security releases.
There are two types of security releases: a monthly, scheduled security
release, released a week after the feature release (which deploys on the 22nd
of each month), and ad-hoc security releases for critical vulnerabilities. For
more information, you can visit our security FAQ. You can see all of our
regular and security release blog posts here. In addition, the issues detailing
each vulnerability are made public on our issue tracker 30 days after the
release in which they were patched.

We are dedicated to ensuring all aspects of GitLab that are exposed to
customers or that host customer data are held to the highest security
standards. As part of maintaining good security hygiene, it is highly
recommended that all customers upgrade to the latest security release for their
supported version. You can read more best practices in securing your GitLab
instance in our blog post.

Table of Fixes

Title Severity
DoS using Webhook connections high
CSRF on GraphQL API allows executing mutations through GET requests high
Private projects information disclosure medium
Denial of service of user profile page medium
Single sign-on users not getting blocked medium
Some users can push to Protected Branch with Deploy keys medium
A deactivated user can access data through GraphQL medium
Reflected XSS in release edit page medium
Clipboard DOM-based XSS medium
Stored XSS on Audit Log medium
Forks of public projects by project members could leak codebase medium
Improper text rendering medium
HTML Injection in full name field low
Update Nokogiri low
Update Mattermost medium
Update Redis medium
Update Rdoc medium
Update libxml2 medium
Update Rails gem medium

DoS using Webhook connections

A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6,
13.11.6. GitLab Webhook feature could be abused to perform denial of service
attacks. This is a high severity issue (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/
I:N/A:H, 7.7). We have requested a CVE ID and will update this blog post when
it is assigned.

Thanks afewgoats for reporting this vulnerability through our HackerOne bug
bounty program.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

CSRF on GraphQL API allows executing mutations through GET requests

A cross-site request forgery vulnerability in the GraphQL API in GitLab since
version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to
call mutations as the victim. This is a high severity issue (CVSS:3.0/AV:N/AC:L
/PR:N/UI:R/S:U/C:L/I:H/A:N, 7.1). We have requested a CVE ID and will update
this blog post when it is assigned.

Thanks 0xn3va for reporting this vulnerability through our HackerOne bug bounty
program.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Private projects information disclosure

An information disclosure vulnerability was found in GitLab EE versions 13.10
and later allowed a user to read project details. This is a medium severity
issue (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, 4.3). We have requested a
CVE ID and will update this blog post when it is assigned.

Thanks 0xn3va for reporting this vulnerability through our HackerOne bug bounty
program.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Denial of service of user profile page

A denial of service in user’s profile page is found starting with GitLab CE/EE
8.0 that allows attacker to reject access to their profile page via using a
specially crafted username. This is a medium severity issue (CVSS:3.0/AV:N/AC:L
/PR:L/UI:N/S:U/C:N/I:N/A:L, 4.3). We have requested a CVE ID and will update
this blog post when it is assigned.

Thanks maruthi12 for reporting this vulnerability through our HackerOne bug
bounty program.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Single sign-on users not getting blocked

Improper access control in GitLab EE before versions 13.11.6, 13.12.6, and
14.0.2 allowed users to be created via single sign on despite user cap being
enabled. This is a medium severity issue (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/
I:L/A:N, 4.2). We have requested a CVE ID and will update this blog post when
it is assigned.

Thanks bingomzan for reporting this vulnerability through our HackerOne bug
bounty program.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Some users can push to Protected Branch with Deploy keys

Under certain conditions, some users were able to push to protected branches
that were restricted to deploy keys in GitLab CE/EE since version 13.9. This is
a medium severity issue (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N, 6.5). We
have requested a CVE ID and will update this blog post when it is assigned.

This vulnerability has been discovered internally by the GitLab team.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

A deactivated user can access data through GraphQL

An issue has been discovered in GitLab affecting all versions. Improper access
control allows unauthorised users to access project details using Graphql. This
is a medium severity issue (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, 6.5).
We have requested a CVE ID and will update this blog post when it is assigned.

Thanks joaxcar for reporting this vulnerability through our HackerOne bug
bounty program.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Reflected XSS in release edit page

A reflected cross-site scripting vulnerability in GitLab before versions
13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a
victim and trigger actions on their behalf if they clicked it. This is a medium
severity issue (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, 6.1). We have
requested a CVE ID and will update this blog post when it is assigned.

Thanks ashish_r_padelkar for reporting this vulnerability through our HackerOne
bug bounty program.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Clipboard DOM-based XSS

Improper input sanitization in markdown in GitLab CE/EE version 13.11 and up
allowed an attacker to exploit a stored cross-site scripting vulnerability via
a specially-crafted input. This is a medium severity issue (CVSS:3.0/AV:N/AC:H/
PR:N/UI:R/S:C/C:L/I:L/A:N, 4.7). We have requested a CVE ID and will update
this blog post when it is assigned.

Thanks vovohelofor reporting this vulnerability through our HackerOne bug
bounty program.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Stored XSS on Audit Log

Client-Side code injection through Feature Flag name starting with GitLab CE/EE
11.9 allows a specially crafted feature flag name to PUT requests on behalf of
other users via clicking on a link. This is a medium severity issue (CVSS:3.0/
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, 6.1). It is now mitigated in the latest
release and is assigned CVE-2021-22223.

Thanks yvvdwf for reporting this vulnerability through our HackerOne bug bounty
program.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Forks of public projects by project members could leak codebase

An issue has been discovered in GitLab CE/EE affecting all versions starting
with 12.8. Under a special condition it was possible to access data of an
internal repository through project fork done by a project member. This is a
medium severity issue (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, 5.9). We
have requested a CVE ID and will update this blog post when it is assigned.

This vulnerability has been discovered internally by the GitLab team.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Improper text rendering

Improper text rendering while rendering merge requests could be exploited to
submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later
through 13.11.6, 13.12.6, and 14.0.2. This is a medium severity issue (CVSS:3.0
/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N, 4.9). We have requested a CVE ID and will
update this blog post when it is assigned.

This vulnerability has been discovered internally by the GitLab team.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

HTML Injection in full name field

HTML injection was possible via the full name field before versions 13.11.6,
13.12.6, and 14.0.2 in GitLab CE. This is a high severity issue (CVSS:3.0/AV:N/
AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N, 3.5). We have requested a CVE ID and will
update this blog post when it is assigned.

Thanks andor404 for reporting this vulnerability through our HackerOne bug
bounty program.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Update Nokogiri

Nokogiri has been upgraded to 1.11.4 in order to mitigate security concerns.

Versions affected

Affects all versions.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Update Mattermost

Mattermost has been upgraded to 5.33.5 in order to mitigate security concerns.

Versions affected

Affects versions 13.10 and later.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Update Redis

Redis has been upgraded to 6.0.14 in order to mitigate security concerns.

Versions affected

Affects versions 13.9 and later.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Update Rdoc

Rdoc has been upgraded to 6.3.1 in order to mitigate security concerns.

Versions affected

Affects all versions.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Update libxml2

libxml2 has been upgraded to 2.9.11 in order to mitigate security concerns.

Versions affected

Affects all versions.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Update Rails gem

The Rails gem has been upgraded to 6.0.3.7 in order to mitigate security
concerns.

Versions affected

Affects all versions.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Updating

To update GitLab, see the Update page. To update Gitlab Runner, see the
Updating the Runner page.

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYN5Y4eNLKJtyKPYoAQjxxQ/+MblS4JYaHDlJIuYBWy8/IpQRUbASDiGi
9yfnQPAN25mHuHZwBIQG3D01vswASloAlWORE2GUNk8fSWe9JaT4h60Xpwp7eGFq
FUnkSJPp+2IgCtlLNhWlVFkjy22+atquC1j75jzmLkKg/g5BxLpTzO5K4RCbJPwa
xkVtpWmFlT2gQuNrGdrnnRvv4xBO1ggOoGVXEhdI7xgAdIiIXgHQtsdN0f8XaIul
/xDrdZNp5F52Efke8I0QDTFsaklXrhZr7Gdw1YNLA0zsgRMCjR173d8c0d0LMzlE
0UXn0FiaIBc2uhmns+4xD5xfpkP+a791otj8f4/uZa2aUKQ4xR1bBfOEi47z3chE
uJwmr5Ldekaz/dOKHsqIJ4ImSR4sNOYz5VSIlZ+LMyfaVY3j8a75nvlp0Y+5vfo/
WljVpnEdsdKIAlCmFtCQSrQU5PqYr2HfGhxo59rGOWRUIstATgRisPtpQ2H6gCpu
TSka6neeEprbGvCrRgteOXS3Kl6keSqOLiACol/FK5RpZ/qf05xJKCYfmBaplrRt
c0MBtcI5AkFVhjxWJy6EE2eOYfz0PkjrcExAEAn7BekmK3fN/KHBFctVaEISvE6b
mNTErAWYqQNKf4C7C8eLHi6ExVXHWq58I9vpsJrZzV6dlO4FNCTB49eMI7tEk8GP
nHjevJ7jwCA=
=e7oo
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.2299 – GitLab Community Edition and GitLab Enterprise Edition: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/02/esb-2021-2299-gitlab-community-edition-and-gitlab-enterprise-edition-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2299-gitlab-community-edition-and-gitlab-enterprise-edition-multiple-vulnerabilities

ESB-2021.2300 – [Appliance] Mitsubishi Electric Air Conditioning System Products: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2300
Advisories (icsa-21-182-04 and icsa-21-182-05) Mitsubishi
Electric Air Conditioning System
2 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Mitsubishi Electric Air Conditioning System Products
Publisher: ICS-CERT
Operating System: Network Appliance
Impact/Access: Increased Privileges — Existing Account
Modify Arbitrary Files — Existing Account
Provide Misleading Information — Existing Account
Unauthorised Access — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-20595 CVE-2021-20593

Original Bulletin:
https://us-cert.cisa.gov/ics/advisories/icsa-21-182-04
https://us-cert.cisa.gov/ics/advisories/icsa-21-182-05

Comment: This bulletin contains two (2) ICS-CERT security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

ICS Advisory (ICSA-21-182-04)

Mitsubishi Electric Air Conditioning System

Original release date: July 01, 2021

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
“as is” for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .

1. EXECUTIVE SUMMARY

o CVSS v3 7.1
o ATTENTION: Exploitable remotely
o Vendor: Mitsubishi Electric
o Equipment: Multiple Air Conditioning Systems
o Vulnerability: Incorrect Implementation of Authentication Algorithm

2. RISK EVALUATION

An attacker could exploit this vulnerability by impersonating administrators to
disclose configuration information of the air conditioning system in order to
tamper with operation information and system configuration.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Mitsubishi Electric reports this vulnerability affects the following air
conditioning systems:

o Air Conditioning System / Centralized Controllers affected:
G-50A: Version 2.50 to Version 3.35
GB-50A: Version 2.50 to Version 3.35
AG-150A-A: Versions 3.20 and prior
AG-150A-J: Versions 3.20 and prior
GB-50ADA-A: Versions 3.20 and prior
GB-50ADA-J: Versions 3.20 and prior
EB-50GU-A: Versions 7.09 and prior
EB-50GU-J: Versions 7.09 and prior
AE-200A: Versions 7.93 and prior
AE-200E: Versions 7.93 and prior
AE-50A: Versions 7.93 and prior
AE-50E: Versions 7.93 and prior
EW-50A: Versions 7.93 and prior
EW-50E: Versions 7.93 and prior
TE-200A: Versions 7.93 and prior
TE-50A: Versions 7.93 and prior
TW-50A: Versions 7.93 and prior
CMS-RMD-J: Versions 1.30 and prior
o Air Conditioning System / Expansion Controllers are affected:
PAC-YG50ECA: Versions 2.20 and prior

To learn how to determine the version number of equipment, please see
publication number 2021-004 from Mitsubishi Electric.

3.2 VULNERABILITY OVERVIEW

3.2.1 INCORRECT IMPLEMENTATION OF AUTHENTICATION ALGORITHM CWE-303

Web functions of Mitsubishi Electric air conditioning systems have a privilege
escalation vulnerability due to incorrect implementation of the authentication
algorithm. This vulnerability may allow an attacker to impersonate an
administrator and tamper with information (e.g., operation information and
configuration of the air conditioning system).

CVE-2021-20593 has been assigned to this vulnerability. A CVSS v3 base score of
7.1 has been assigned; the CVSS vector string is ( AV:N/AC:H/PR:L/UI:N/S:C/C:L/
I:H/A:N ).

3.3 BACKGROUND

o CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities
o COUNTRIES/AREAS DEPLOYED: Worldwide
o COMPANY HEADQUARTERS LOCATION: Japan

3.4 RESEARCHER

Chizuru Toyama of TXOne IoT/ICS Security Research Labs, working with Trend
Micro’s Zero Day Initiative, reported this vulnerability to CISA.

4. MITIGATIONS

Mitsubishi Electric has created the following versions to address the issue,
and recommends users update to one of the following versions below or newer:

o Air Conditioning System/Centralized Controllers:
G-50A: Version 3.37 or later
GB-50A: Version 3.37 or later
AG-150A-A: Version 3.21 or later
AG-150A-J: Version 3.21 or later
GB-50ADA-A: Version 3.21 or later
GB-50ADA-J: Version 3.21 or later
EB-50GU-A: Version 7.10 or later
EB-50GU-J: Version 7.10 or later
AE-200A: Version 7.95 or later
AE-200E: Version 7.95 or later
AE-50A: Version 7.95 or later
AE-50E: Version 7.95 or later
EW-50A: Version 7.95 or later
EW-50E: Version 7.95 or later
TE-200A: Version 7.95 or later
TE-50A: Version 7.95 or later
TW-50A: Version 7.95 or later
CMS-RMD-J: Version 1.40 or later
o Air Conditioning System / Expansion Controllers:
PAC-YG50ECA: Version 2.21 or later

Mitsubishi Electric recommends users take the following mitigation measures to
minimize the risks associated with this vulnerability:

o Use a VPN router, etc. when connecting the air conditioning system to the
Internet.
o Use an antivirus software computer on systems used to connect conditioning
systems.
o Restrict the access to air conditioning systems from untrusted networks and
hosts.
o Change default usernames and passwords.

Please contact a distributor or Mitsubishi Electric representative for
available updates.

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

o Minimize network exposure for all control system devices and/or systems,
and ensure that they are not accessible from the Internet .
o Locate control system networks and remote devices behind firewalls, and
isolate them from the business network.
o When remote access is required, use secure methods, such as Virtual Private
Networks (VPNs), recognizing VPNs may have vulnerabilities and should be
updated to the most current version available. Also recognize VPN is only
as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target this vulnerability. This
vulnerability has a high attack complexity.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

– ——————————————————————————–

ICS Advisory (ICSA-21-182-05)

Mitsubishi Electric Air Conditioning Systems

Original release date: July 01, 2021

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
“as is” for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .

1. EXECUTIVE SUMMARY

o CVSS v3 9.3
o ATTENTION: Exploitable remotely/low attack complexity
o Vendor: Mitsubishi Electric
o Equipment: Multiple Air Conditioning Systems
o Vulnerability: Improper Restriction of XML External Entity Reference

2. RISK EVALUATION

Successful exploitation of this vulnerability may allow an attacker to disclose
some of the data in the air conditioning system or cause a denial-of-service
condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Mitsubishi Electric reports this vulnerability affects the following air
conditioning systems:

o Air Conditioning System/Centralized Controllers:
G-50A: Versions 3.35 and prior
GB-50A: Versions 3.35 and prior
GB-24A: Versions 9.11 and prior
AG-150A-A: Versions 3.20 and prior
AG-150A-J: Versions 3.20 and prior
GB-50ADA-A: Versions 3.20 and prior
GB-50ADA-J: Versions 3.20 and prior
EB-50GU-A: Versions 7.09 and prior
EB-50GU-J: Versions 7.09 and prior
AE-200A: Versions 7.93 and prior
AE-200E: Versions 7.93 and prior
AE-50A: Versions 7.93 and prior
AE-50E: Versions 7.93 and prior
EW-50A: Versions 7.93 and prior
EW-50E: Versions 7.93 and prior
TE-200A: Versions 7.93 and prior
TE-50A: Versions 7.93 and prior
TW-50A: Versions 7.93 and prior
CMS-RMD-J: Versions 1.30 and prior
o Air Conditioning System/Expansion Controllers:
PAC-YG50ECA: Versions 2.20 and prior
o Air Conditioning System/BM adapter:
BAC-HD150: Versions 2.21 and prior

To learn how to determine the version number of equipment, please see
publication number 2021-005 from Mitsubishi Electric.

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611

The affected product does not properly restrict XML external entity references.

CVE-2021-20595 has been assigned to this vulnerability. A CVSS v3 base score of
9.3 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:C/
C:L/I:N/A:H ).

3.3 BACKGROUND

o CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities
o COUNTRIES/AREAS DEPLOYED: Worldwide
o COMPANY HEADQUARTERS LOCATION: Japan

3.4 RESEARCHER

Howard McGreehan of Aon’s Cyber Solutions reported this vulnerability to
Mitsubishi Electric.

4. MITIGATIONS

Mitsubishi Electric has created the following versions to address the issue,
and recommends users update to one of the following versions below or newer:

o Air Conditioning System/Centralized Controllers:
G-50A: Version 3.37 or later
GB-50A: Version 3.37 or later
GB-24A: Version 9.12 or later
AG-150A-A: Version 3.21 or later
AG-150A-J: Version 3.21 or later
GB-50ADA-A: Version 3.21 or later
GB-50ADA-J: Version 3.21 or later
EB-50GU-A: Version 7.10 or later
EB-50GU-J: Version 7.10 or later
AE-200A: Version 7.95 or later
AE-200E: Version 7.95 or later
AE-50A: Version 7.95 or later
AE-50E: Version 7.95 or later
EW-50A: Version 7.95 or later
EW-50E: Version 7.95 or later
TE-200A: Version 7.95 or later
TE-50A: Version 7.95 or later
TW-50A: Version 7.95 or later
CMS-RMD-J: Version 1.40 or later
o Air Conditioning System/Expansion Controllers:
PAC-YG50ECA: Version 2.21 or later
o Air Conditioning System/BM adapter:
BAC-HD150: Version 2.22 or later

Mitsubishi Electric recommends taking the following mitigation measures to
minimize the risk of exploiting this vulnerability:

o Use a VPN router, etc. when you connect air conditioning systems to the
Internet.
o Use anti-virus software on computers connected to air conditioning systems.
o Restrict the access to air conditioning systems from untrusted networks and
hosts.

Please refer to the Mitsubishi Electric website for additional details about
this issue.

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. CISA reminds organizations to perform
proper impact analysis and risk assessment prior to deploying defensive
measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves
from social engineering attacks:

o Do not click web links or open unsolicited attachments in email messages.
o Refer to Recognizing and Avoiding Email Scams for more information on
avoiding email scams.
o Refer to Avoiding Social Engineering and Phishing Attacks for more
information on social engineering attacks.

No known public exploits specifically target this vulnerability.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYN5cw+NLKJtyKPYoAQgI/w//YoDy7eC2DaW9p674MCXIsh/qe+YLgOT7
X5RGefJJqnKIPvSG3jWB0xXdERTulSCqzCF7sKdDMP3zgUFHEHHzocR3gZvv3jsh
AcKI5gOEIQgFbuPAI7Yu95p/CaBSzv+34BbWOYNvX6uYA4OBdjmBd1Y+z8C9qBB7
2sZ5kYXG5cxswH1293qVT+SYl4s8EqEexnpohevknoGtpD0RPhObOdm+hpv4Gqq2
M8PpZHCC3mE3Y3veDxhtNU1Ah++ncRN76zRVB1nUu1hw2+UgWMNkWKPM8OkS1HY+
ePD843/Nm5JuMg7XCf2gGlLYjjzkmuVA5rHDBkirARMO0aXD+TyNtmxixYRhXOTM
RY+26iCqtCdsVB/9Z2wjVpAUJA9fHzL8OPaOPVbI1FHAMP+s7bOvRLl4WPlhDSjG
h3B7BTUO5yJxrjyjkPjUT5DOaI7uNKSzyopajmciu33uQSBiZh2kepXOqHyPqqry
6560J+REBxaPwKysnPZe81U1CE+fiaSNfe8bLmiXhUjchaYxNLG9Bwg4hCvFXmMT
hhYRNkB7QMlp5U89Y79oY+CPIDRtDPhSGB+r17ZTp9KiVOl3YA+RMn4tN/opzvxg
bWakVeDHHPEw7Ph6tb31NtgAo1Dx8PaKjFavWcnWwoIgpy38Tq4hrGuCHL7cxc1p
7fi8BzcOGOs=
=xl8P
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.2300 – [Appliance] Mitsubishi Electric Air Conditioning System Products: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/02/esb-2021-2300-appliance-mitsubishi-electric-air-conditioning-system-products-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2300-appliance-mitsubishi-electric-air-conditioning-system-products-multiple-vulnerabilities

ESB-2021.2301 – [Appliance] Bachmann M1 System Processor Products: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2301
Advisory (icsa-21-026-01-0) All Bachmann M1 System Processor Modules
2 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Bachmann M1 System Processor Products
Publisher: ICS-CERT
Operating System: Network Appliance
Impact/Access: Access Privileged Data — Existing Account
Reduced Security — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-16231

Original Bulletin:
https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01-0

– ————————–BEGIN INCLUDED TEXT——————–

ICS Advisory (ICSA-21-026-01)

All Bachmann M1 System Processor Modules

Original release date: July 01, 2021

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
“as is” for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .

1. EXECUTIVE SUMMARY

o CVSS v3 7.2
o ATTENTION: Exploitable remotely/low attack complexity
o Vendor: Bachmann Electronic, GmbH
o Equipment: All M-Base Controllers
o Vulnerability : Use of Password Hash with Insufficient Computational Effort

2. REPOSTED INFORMATION

This updated advisory is a follow-up to the advisory titled ICSA-21-026-01P All
Bachmann M1 System Processor Modules, posted to the HSIN ICS library on January
26, 2021. This advisory is now being released to the ICS webpage on
us-cert.cisa.gov.

3. RISK EVALUATION

Successful exploitation of this vulnerability could allow an unauthenticated
remote attacker to gain access to the password hashes of the controller if
Security Level 4 is not in use as recommended. In the recommended Security
Level 4 setting, an authenticated remote attacker could get access to user
credentials.

4. TECHNICAL DETAILS

4.1 AFFECTED PRODUCTS

o All M-Base Operating Systems and Middleware versions since MSYS v1.06.14
are affected, which include the following M1 Hardware Controllers:
MX207, MX213, MX220, MC206, MC212, MC220, MH230. This list indicates
actively supported controllers.
o MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270,
MPC293, MPE270, CPC210. This list indicates End-of-Life controllers.

4.2 VULNERABILITY OVERVIEW

4.2.1 USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916

The affected M-Base Controllers use weak cryptography to protect device
passwords. Security Level 0 is set at default from the manufacturer, which
could allow an unauthenticated remote attacker to gain access to the password
hashes. Security Level 4 is susceptible if an authenticated remote attacker or
an unauthenticated person with physical access to the device reads and decrypts
the password to conduct further attacks.

CVE-2020-16231 has been assigned to this vulnerability. A CVSS v3 base score of
7.2 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:H/UI:N/S:U/
C:H/I:H/A:H ).

4.3 BACKGROUND

o CRITICAL INFRASTRUCTURE SECTORS: Energy, Transportation Systems
o COUNTRIES/AREAS DEPLOYED: Worldwide
o COMPANY HEADQUARTERS LOCATION: Austria

4.4 RESEARCHER

5. MITIGATIONS

Bachmann recommends its direct users and original equipment manufacturers (OEM)
update to Version 4.49-P1, which is available under item number 00036634-90. To
obtain Version 3.95R-P8 the end user is required to contact their key account
manager or technical support agent at Bachmann. Asset owners should contact
their OEM or reseller for patches. Bachmann does not provide support directly
to asset owners. Please refer to the Bachmann Customer Information Note for
more details. The password “_pC5#3fS@Y8s” is required to access.

If asset owners are unable to update to the latest version or a patch is not
available from the OEM or reseller, Bachmann recommends the following
mitigations to be put in place:

o Update the default username and password in the default Bachmann login
handler for field operations.
o Direct users or OEMs may utilize their own login handler (e.g., LDAP,
Radius, etc.) to circumvent the default authentication handler. Security
Level 4 is still recommended for field operations.
o Restrict physical access to the device to authorized personnel only.

Default Security Level 0 within Bachmann controllers is inherently insecure and
should not be used in field operations. Security Levels 1, 2, and 3 are also
not recommended for field operations. The use of Telnet, FTP, and Console
access during field operations may result in the exploitation of inherent
vulnerabilities such as unauthenticated access or exposure of sensitive
information. Bachmann strongly recommends users apply Security Level 4, where
communication with the device is limited to TLS protected services and all
insecure services are disabled.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target this vulnerability.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYN5c3eNLKJtyKPYoAQjDJA/7BQKeWPKKI+a/ZQdMnzz4PBxhRXKE/pZR
eSwgnSofspRSh5JGJupmggBDJ5La0R38V+sUVmVYE8aFJWNScESNWF1NbEL0RXsR
yMgAzGihB9aqX2h2uDMSIpiN48mMN+mGdaUV9XZGQRhk7SR9AVEILQdxvEf8tAcJ
ztamJ41sS/dwIlyIB8m7acbhE8cl8MrwnHvR5ixRWGos9SgARBoJhydYF1LA7GHc
DiE3kmvODFWdzGOV5tRMTFbcpomqndNILHQqboDsCzJjKC0AQO/2F4C1owCUbAex
vvkIdX+G7NKswYuPO17vuZqZqRV35f0zZnHEq1ZUBB6jiWJrXCcPnJlbA1DPdZMs
3qWY7d6nD1iRg0v2eOkNZs28qIaMeAeQRJcpJUTZLqyYm+foL17oK6zDjEoyg53w
/M11DIboCacEdYqLV/ZcXY68MkgK94RFPS6r4kcja0sNhT2GD1IxUnnSrt7WbIiK
Q99EsFuGAa/8G3Qtj7mke1lYsilNvoEHVMD3zppcI6pQJZIhdaCpc9Y+xqvNnD0z
enafdRneIU6uzlrsJTZ8gi5KPatQ4Oz9o5yQp72FCB/kk5AindOmL2hqzk3uC5Ge
CdfEGwoCOJdrTWvElwD0I4GuUxJ9Rb3kAr2nPOK+3lj/GR/lj8e5gg4RqgQ0J84u
9BoCNjpNDHo=
=0x0q
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.2301 – [Appliance] Bachmann M1 System Processor Products: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/02/esb-2021-2301-appliance-bachmann-m1-system-processor-products-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2301-appliance-bachmann-m1-system-processor-products-multiple-vulnerabilities

ESB-2021.2302 – [Win] Sensormatic Electronics C-CURE 9000: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2302
Advisory (icsa-21-182-02) Sensormatic Electronics C-CURE 9000
2 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Sensormatic Electronics C-CURE 9000
Publisher: ICS-CERT
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Reduced Security — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-27660

Original Bulletin:
https://us-cert.cisa.gov/ics/advisories/icsa-21-182-02

– ————————–BEGIN INCLUDED TEXT——————–

ICS Advisory (ICSA-21-182-02)

Sensormatic Electronics C-CURE 9000

Original release date: July 01, 2021

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
“as is” for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .

1. EXECUTIVE SUMMARY

o CVSS v3 8.8
o ATTENTION: Exploitable remotely/low attack complexity
o Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls
o Equipment: C-CURE 9000
o Vulnerability: Improper Input Validation

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow remote execution of
lower privileged Windows programs.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Johnson Controls reports the vulnerability affects the following product:

o C-CURE 9000: All versions prior to 2.80

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER INPUT VALIDATION CWE-20

An insecure client automatic update feature in C-CURE 9000 can allow remote
execution of lower privileged Windows programs.

CVE-2021-27660 has been assigned to this vulnerability. A CVSS v3 base score of
8.8 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:L/UI:N/S:U/
C:H/I:H/A:H ).

3.3 BACKGROUND

o CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
o COUNTRIES/AREAS DEPLOYED: Worldwide
o COMPANY HEADQUARTERS LOCATION: Ireland

3.4 RESEARCHER

Johnson Controls, Inc., reported this vulnerability to CISA.

4. MITIGATIONS

Johnson Controls recommends users upgrade to Version 2.80 or later. If this is
not possible, Johnson Controls recommends following the published instructions
for disabling the auto update feature (search for document
SWH-TAB-nID-000006545).

For more detailed mitigation instructions, please see Johnson Controls Product
Security Advisory JCI-PSA-2021-10 v1

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

o Minimize network exposure for all control system devices and/or systems,
and ensure that they are not accessible from the Internet .
o Locate control system networks and remote devices behind firewalls, and
isolate them from the business network.
o When remote access is required, use secure methods, such as Virtual Private
Networks (VPNs), recognizing VPNs may have vulnerabilities and should be
updated to the most current version available. Also recognize VPN is only
as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target this vulnerability.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYN5eg+NLKJtyKPYoAQgPlg//S48cIxb/cp21Vi2axXAx14HXMh/3nD/W
hkWoeZ558AndE4P6S0XlKUzEEro2Ri63KtIK7XNDLlO8xJtq90fq2/ChpiBwhV6r
4BRDB9nuMATBz3r2tAJPSRUD9eB4y+Dw84rm+EZzl0QmHjVTHrMydJ3LwoHBgya7
mVh1qY0iQOy9t/TubP5GvFvTQ4sOxVowyIujDEbCQlWSZyrCKyAjQwpwby0xe0t7
IuxuKCe3lH/SPoKlLeDBudqeE6B8PR4TNhdxTfnN7goJ66o1kvdhks8tmlzYJ/de
OuvlnEX5qGDs1SGN18RXdX+wtzmGzFCq8Od4Mi7DmlGeLylDReEGLD+9jcZqEJyA
A5ylCO+mDRjEslNfZvZJC5Qghqa2mWAp5mK2TPMgxFPILKShfYQ7cuQQsjVqxlv8
OY+hUxMsKdQssqps6UiwDd9Tplrij20XFFEK6ep5Tn1snBPEYiamO0QGAXLdMZDU
AgfVFMsf2seN6/p1H1qe4QUHKT35gBbN7m7CqNIa6G/zRfFKutAmcDdFiZO0qFjT
E5pmiWwkT328ZZAlApLPIqmR28C8atLAXFzYpdXMJMdiKcpkAgha+6Y+Qd8TCyT4
Zr35my4L6c994TVMoR17+g92ZqlmPBFJbBnP7SXjLupWJjrH7hNbBSSHycGippRS
5HsBN9RMh9I=
=Pnvf
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.2302 – [Win] Sensormatic Electronics C-CURE 9000: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/02/esb-2021-2302-win-sensormatic-electronics-c-cure-9000-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2302-win-sensormatic-electronics-c-cure-9000-multiple-vulnerabilities

ESB-2021.2303 – [Appliance] Johnson Facility Explorer SNC Series Supervisory Controller: Version 11: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2303
Advisory (icsa-21-182-01) Johnson Controls Facility Explorer
2 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Johnson Facility Explorer SNC Series Supervisory Controller: Version 11
Publisher: ICS-CERT
Operating System: Network Appliance
Impact/Access: Modify Arbitrary Files — Existing Account
Unauthorised Access — Existing Account
Reduced Security — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-27661

Original Bulletin:
https://us-cert.cisa.gov/ics/advisories/icsa-21-182-01

– ————————–BEGIN INCLUDED TEXT——————–

ICS Advisory (ICSA-21-182-01)

Johnson Controls Facility Explorer

Original release date: July 01, 2021

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
“as is” for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .

1. EXECUTIVE SUMMARY

o CVSS v3 8.8
o ATTENTION: Exploitable remotely/low attack complexity
o Vendor: Johnson Controls
o Equipment: Facility Explorer
o Vulnerability: Improper Privilege Management

2. RISK EVALUATION

Successful exploitation of this vulnerability could give an authenticated user
an unintended level of access to the controller’s file system.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Johnson Controls reports this vulnerability affects the following product:

o Facility Explorer SNC Series Supervisory Controller: Version 11

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269

Sending specifically crafted web messages to the Facility Explorer SNC Series
Supervisory Controller (F4-SNC) could give an authenticated F4-SNC user
unintended access to the controller’s file system, which may allow an attacker
to access or modify system files.

CVE-2021-27661 has been assigned to this vulnerability. A CVSS v3 base score of
8.8 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:L/UI:N/S:U/
C:H/I:H/A:H ).

3.3 BACKGROUND

o CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
o COUNTRIES/AREAS DEPLOYED: Worldwide
o COMPANY HEADQUARTERS LOCATION: Ireland

3.4 RESEARCHER

Johnson Controls, Inc. reported this vulnerability to CISA.

4. MITIGATIONS

Johnson Controls recommends users apply a patch to the Facility Explorer SNC
Series Supervisory Controllers (F4-SNC).

For more detailed mitigation instructions, please see Johnson Controls Product
Security Advisory JCI-PSA-2021-11 v1

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

o Minimize network exposure for all control system devices and/or systems,
and ensure that they are not accessible from the Internet .
o Locate control system networks and remote devices behind firewalls, and
isolate them from the business network.
o When remote access is required, use secure methods, such as Virtual Private
Networks (VPNs), recognizing VPNs may have vulnerabilities and should be
updated to the most current version available. Also recognize VPN is only
as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target this vulnerability.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYN5emONLKJtyKPYoAQg8qw//boxY1PD6qFFqw7ny1D898u5hJoLHhfHA
icvkIDr29vd9VLMdqWhZYbPvkUnlNUb0jCF4Rc4bJX3pheLg8W+APyzH73NY4nFu
B+TnMECgJOJtfWM9NusPM0LgjsLpKs9GeKAIOOrKdq/a0EJ3SKITUm/vrHoV2KKL
yeWOJoRfebLkLUJJ8dqRxUAonuTaT6XGlP06hZXwL0W+T9i5TYC2G/QHViXBWyym
5x9hHuoENk5WTSJVRxXOWPE+68KVdFDvifRAz/jxN25nY8hcrqswMBy/8h9kFOFB
1jWJ6rsZGZg2zZQWT+TojRcWn7GS3cmUpPV54jGF8EC77eM4F1Rfn28o5pb0WyFv
hv5X2sL0Zmh50CzXgrKCxA+zeFtzBgyTmDiy3lbVA7yus9pQMleKEXqP90z4Z6zi
GyCcpZ5+BywcZsMcVhXEgnNaB+mu1UEZ+AAFw7741+WYF2g2KOchXogGQaZlcg/R
B5EOEjdzAVz7rEcGeQP2ezNRY5OK6G9JQL1VXoJsFdZK8tHXSJPLKOFEy8nCgXsg
Tygj7r4BBD+KBJTOtKcikWPDlJ7IqzPuCKWNAbUrWx5NnZQC2Ll2vhMcJ73VIZBx
CWk0unGdbz++nMlCeht7DAyv3VHjX7YralrQgMKG9C7A9S1PqxUIz49QbVVtgTbM
bWD6MmWvGeE=
=/Bz6
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.2303 – [Appliance] Johnson Facility Explorer SNC Series Supervisory Controller: Version 11: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/02/esb-2021-2303-appliance-johnson-facility-explorer-snc-series-supervisory-controller-version-11-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2303-appliance-johnson-facility-explorer-snc-series-supervisory-controller-version-11-multiple-vulnerabilities

ESB-2021.2304 – [Appliance] Delta Electronics DOPSoft Version 4.0.10.17 and prior: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2304
Advisory (icsa-21-182-03) Delta Electronics DOPSoft
2 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Delta Electronics DOPSoft Version 4.0.10.17 and prior
Publisher: ICS-CERT
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Access Confidential Data — Existing Account
Reduced Security — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-27455 CVE-2021-27412

Original Bulletin:
https://us-cert.cisa.gov/ics/advisories/icsa-21-182-03

– ————————–BEGIN INCLUDED TEXT——————–

ICS Advisory (ICSA-21-182-03)

Delta Electronics DOPSoft

Original release date: July 01, 2021

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
“as is” for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .

1. EXECUTIVE SUMMARY

o CVSS v3 7.8
o ATTENTION: Low attack complexity
o Vendor: Delta Electronics
o Equipment: DOPSoft
o Vulnerabilities: Out-of-bounds Read

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow arbitrary code
execution and disclose information.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of DOPSoft, a software supporting the DOP-100 series HMI
screens, are affected:

o DOPSoft Version 4.0.10.17 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 OUT-OF-BOUNDS READ CWE-125

The affected product is vulnerable to an out-of-bounds read while processing
project files, which may allow an attacker to disclose information.

CVE-2021-27455 has been assigned to this vulnerability. A CVSS v3 base score of
3.3 has been calculated; the CVSS vector string is ( AV:L/AC:L/PR:L/UI:N/S:U/
C:L/I:N/A:N ).

3.2.2 OUT-OF-BOUNDS READ CWE-125

The affected product is vulnerable to an out-of-bounds read, which may allow an
attacker to execute arbitrary code.

CVE-2021-27412 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.3 BACKGROUND

o CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
o COUNTRIES/AREAS DEPLOYED: Worldwide
o COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

Natnael Samson (@NattiSamson), working with Trend Micro’s Zero Day Initiative,
reported these vulnerabilities to CISA.

4. MITIGATIONS

Delta Electronics has released an updated version of DOPSoft and recommends
users install this update on all affected systems.

CISA recommends users take defensive measures to minimize the risk of
exploitation of these vulnerabilities. CISA also recommends users take the
following measures to protect themselves from social engineering attacks:

o Do not click web links or open unsolicited attachments in email messages.
o Refer to Recognizing and Avoiding Email Scams for more information on
avoiding email scams.
o Refer to Avoiding Social Engineering and Phishing Attacks for more
information on social engineering attacks.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target these vulnerabilities. These
vulnerabilities are not exploitable remotely.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYN5kdeNLKJtyKPYoAQh0GRAAmEXtwsKB1QASu3q9/aXi9xbLpowd7BFf
z8MzB6KYLcjP8jMukKNYk4eTrZCdR0Yw8qB265rj4cTAkl0rKGos2QkJT64X0YiC
YWVTc+2rWLan+cjw2kGOZoPe00BhcMzuAH3yAAg855C/H9GRESc9xTJMZBGafeEm
8BV8xUD9CpOl0oISlnrB4h9soM/fw8XeLUOC7ARr3hHuPexICEE1lX8FZgAW41Zx
ExoKWt7IvJnzcxNG6ZWryZHt22h9h7tV2vj1l4X+M3LduF2ufPiDmCY/ZKTL3eyu
diL7ZhEpvsU7CuiHtlI0wdWC7d22elj3VhR0OQLhh5k8Fde22pIfyJeUV22pmjkh
hoxRRZsu7oBFUUoI/P3aHWFuQcb0a3OK5b7k0QEHC/x3de85uH5wMuQTpEW3Lyk8
moqbPutpVhU2zZymBMKHj3GC0nTE7Rt2Nbz4FW9BClpOPM9ulc0BAT41/OiRfksU
hMe+H8isi8bSe1k3DhlNSTzQXpHue6E1bQiGOFCpX9+rebEtBdxIO9d097e8jgH7
kPvBHMTvLkj6iItrfDlfr9gnXxDTXYboIOMbXTbs7ayO+epqQ6qymzQcZA7bvsVq
7F4NNapnMiquLh7vZBwP/QfUV2A2PbwPAGSIQoq3ZSMpfNUgdluN/OnScHm9Wwxk
cAWJ5Oo5r2g=
=oCo/
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.2304 – [Appliance] Delta Electronics DOPSoft Version 4.0.10.17 and prior: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/02/esb-2021-2304-appliance-delta-electronics-dopsoft-version-4-0-10-17-and-prior-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2304-appliance-delta-electronics-dopsoft-version-4-0-10-17-and-prior-multiple-vulnerabilities

ESB-2021.2298 – go-toolset-1.15 and go-toolset-1.15-golang: Denial of service – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2298
go-toolset-1.15 and go-toolset-1.15-golang security and bug fix update
2 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: go-toolset-1.15
go-toolset-1.15-golang
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Denial of Service — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-33196

Reference: ESB-2021.2293
ESB-2021.2255

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:2634

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: go-toolset-1.15 and go-toolset-1.15-golang security and bug fix update
Advisory ID: RHSA-2021:2634-01
Product: Red Hat Developer Tools
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2634
Issue date: 2021-07-01
CVE Names: CVE-2021-33196
=====================================================================

1. Summary:

An update for go-toolset-1.15 and go-toolset-1.15-golang is now available
for Red Hat Developer Tools.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) – noarch, ppc64le, s390x, x86_64
Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) – noarch, x86_64

3. Description:

Go Toolset provides the Go programming language tools and libraries. Go is
alternatively known as golang.

Security Fix(es):

* golang: archive/zip: Malformed archive may cause panic or memory
exhaustion (CVE-2021-33196)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* Memory consumption (container_memory_rss) steadily growing for
/system.slice/kubelet.service when FIPS enabled [devtools-2021.2-z]
(BZ#1975394)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1965503 – CVE-2021-33196 golang: archive/zip: Malformed archive may cause panic or memory exhaustion

6. Package List:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):

Source:
go-toolset-1.15-1.15.13-1.el7_9.src.rpm
go-toolset-1.15-golang-1.15.13-1.el7_9.src.rpm

noarch:
go-toolset-1.15-golang-docs-1.15.13-1.el7_9.noarch.rpm

ppc64le:
go-toolset-1.15-1.15.13-1.el7_9.ppc64le.rpm
go-toolset-1.15-build-1.15.13-1.el7_9.ppc64le.rpm
go-toolset-1.15-golang-1.15.13-1.el7_9.ppc64le.rpm
go-toolset-1.15-golang-bin-1.15.13-1.el7_9.ppc64le.rpm
go-toolset-1.15-golang-misc-1.15.13-1.el7_9.ppc64le.rpm
go-toolset-1.15-golang-src-1.15.13-1.el7_9.ppc64le.rpm
go-toolset-1.15-golang-tests-1.15.13-1.el7_9.ppc64le.rpm
go-toolset-1.15-runtime-1.15.13-1.el7_9.ppc64le.rpm
go-toolset-1.15-scldevel-1.15.13-1.el7_9.ppc64le.rpm

s390x:
go-toolset-1.15-1.15.13-1.el7_9.s390x.rpm
go-toolset-1.15-build-1.15.13-1.el7_9.s390x.rpm
go-toolset-1.15-golang-1.15.13-1.el7_9.s390x.rpm
go-toolset-1.15-golang-bin-1.15.13-1.el7_9.s390x.rpm
go-toolset-1.15-golang-misc-1.15.13-1.el7_9.s390x.rpm
go-toolset-1.15-golang-src-1.15.13-1.el7_9.s390x.rpm
go-toolset-1.15-golang-tests-1.15.13-1.el7_9.s390x.rpm
go-toolset-1.15-runtime-1.15.13-1.el7_9.s390x.rpm
go-toolset-1.15-scldevel-1.15.13-1.el7_9.s390x.rpm

x86_64:
go-toolset-1.15-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-build-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-bin-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-misc-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-race-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-src-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-tests-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-runtime-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-scldevel-1.15.13-1.el7_9.x86_64.rpm

Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7):

Source:
go-toolset-1.15-1.15.13-1.el7_9.src.rpm
go-toolset-1.15-golang-1.15.13-1.el7_9.src.rpm

noarch:
go-toolset-1.15-golang-docs-1.15.13-1.el7_9.noarch.rpm

x86_64:
go-toolset-1.15-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-build-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-bin-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-misc-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-race-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-src-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-tests-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-runtime-1.15.13-1.el7_9.x86_64.rpm
go-toolset-1.15-scldevel-1.15.13-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-33196
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_developer_tools/1/html/using_go_1.15.7_toolset

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
– —–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBYN3fE9zjgjWX9erEAQiFMRAAjFY2wyd2f0sno23Wh+GOglHLrVTdV6oP
IGclbLc3g92Eq1vfyS3RBGkUECj3TeGvXBj+5ynMghspuHdetnUQubF2G87lkwOt
FZlzj4cvxAUQF0+cx2h3hvHK4aDg5wntn88EdkWfFx0XXb4XFfAveDYrzTHX0XNr
JM/Vwj6kORWSqwqznF3ivA3XwrCxXKuKyGDrWNJhg0HTLn18HRy7Uh+a2b/HT+ma
KNw6kqw3iNfbEXU/3xxRv5FXwx2MMzQMu0GHSY7arfqg9Rh3vBRI6waQYL7OYVVy
Va4RgRGbPvMJMFE0MSqee7BMev3DKRJulIt96wQEbZDH46uiqnpuEGmUh1ZNwde8
4Tbj8beB+iHB7OL937r57TR1BykSjpiVqeESKguSz8AjEGzQ+4jnnwmfIWHst54L
w8vsz2kJ0AE02RNPEZtfN9PD39oN+mPFzlC6cyTby1Rvdo5vMfu8c5uPQHB9hOHL
Wi9ERB3Udbq1RcoGR9YZrJBdH4540BDvbRO1r047cetYEO25ZQ96NCbyFYG5p9cs
lRjSk6sTVzCQG037jvgEwUSVnW8ZXg8YAPYPTyLE8f4kh+E2mO/Q5JVTFNwcLR2S
e2d+UbqJASUV3+wiC5CNcHdajZrxUutN8JwXQiyBzkqghAiNVuTSYygcNjCdmkX8
6XUpobUFxv4=
=GxBc
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYN5WCeNLKJtyKPYoAQhn5hAAmnuXCqWjY/fwM4CCmtG73JMV3FB6eIV2
td07pBN+12bSWEGpQLEjQdVWPOfNKoN2xrqKGq0iet5ZBNjOlSK+ozLZNC5pQxOQ
3vvhP+uuooImAo5VacS4o9G7UfivigKIq1JJpIXF1ggBSKbGuyiARyjCxYjlcF6T
5lvZu3qxS8C26QId9kANE+Qy3iKvrwN1pg9DeJa5gwG8z/6lJKQFXvA3Jlt3N15w
yuuL1sAVqVpK2s/LtEN54J7jFTOxvXeQ5qKnz57PUSltTpzOw6v7lnqarz+osudO
qDLdaoMOFqd1TpJtADK7LegpjIhXomR9rxhBnMbiSDl3po2xmEVyIDGvGTiCqBih
jtNqI8l51tTtVcDMt68dC/QTexeNAHQ7fftgdM0+OlXUyNFtkK+1D6BXiKxBATBh
adNLBaZmqFYiqDNq3BgdSSGfegFIMa7vQ8kURAVgvWxiSDMehlWli4VKM4Fba7KQ
ihnc+PGSLCmD9oKOi5wRiiY5/CxfSGZ2X8zJnfQ/a6VJlXLZLq7mJngBYcFXUvfh
xFaO2Zs4Y6BTQeB9Ly0vGFs1B1afwPYRNRxTvsLHf9fsSWh0HtNiRKZWe+5azrpr
HOoxGcDIi6W2ySNz6nKpeYt40Yzxtzmd9pCi4ERxCUlBYQ+OzjBZkFzYkC52TYJ1
QQIeXDLY5UQ=
=9nwO
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.2298 – go-toolset-1.15 and go-toolset-1.15-golang: Denial of service – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/07/02/esb-2021-2298-go-toolset-1-15-and-go-toolset-1-15-golang-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2298-go-toolset-1-15-and-go-toolset-1-15-golang-denial-of-service-existing-account

The Rise of Sim Swapping – Haseeb Awan – PSW #701

80% of SIM-Swap attacks are successful. This could lead to greater financial loss and loss of social status since this is where hackers latch onto. The statistics are true and spreading like a wildfire.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw701

The post The Rise of Sim Swapping – Haseeb Awan – PSW #701 appeared first on Malware Devil.

https://malwaredevil.com/2021/07/02/the-rise-of-sim-swapping-haseeb-awan-psw-701/?utm_source=rss&utm_medium=rss&utm_campaign=the-rise-of-sim-swapping-haseeb-awan-psw-701

New Security Threats Stemming from PII Online – Rob Shavell – PSW #701

Deep dive on the data broker industry, and how new threats are stemming from the widespread availability of employee/personal information publicly for sale at data broker websites.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw701

The post New Security Threats Stemming from PII Online – Rob Shavell – PSW #701 appeared first on Malware Devil.

https://malwaredevil.com/2021/07/02/new-security-threats-stemming-from-pii-online-rob-shavell-psw-701/?utm_source=rss&utm_medium=rss&utm_campaign=new-security-threats-stemming-from-pii-online-rob-shavell-psw-701

Researchers Briefly Posted PoC for Windows Print Spooler RCE Flaw

File this under “Oops” (or maybe a stronger language equivalent) – for a brief period of time last month researchers at Sangfor published on GitHub a proof of concept (PoC) for a remote code execution (RCE) vulnerability affecting Windows Print Spooler. Fortunately, Microsoft released a patch for CVE-2021-1675 as part of its June 8, 2021..

The post Researchers Briefly Posted PoC for Windows Print Spooler RCE Flaw appeared first on Security Boulevard.

Read More

The post Researchers Briefly Posted PoC for Windows Print Spooler RCE Flaw appeared first on Malware Devil.

https://malwaredevil.com/2021/07/01/researchers-briefly-posted-poc-for-windows-print-spooler-rce-flaw/?utm_source=rss&utm_medium=rss&utm_campaign=researchers-briefly-posted-poc-for-windows-print-spooler-rce-flaw

Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices

Criminals behind the potent REvil ransomware have ported the malware to Linux for targeted attacks.
Read More

The post Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices appeared first on Malware Devil.

https://malwaredevil.com/2021/07/01/linux-variant-of-revil-ransomware-targets-vmwares-esxi-nas-devices/?utm_source=rss&utm_medium=rss&utm_campaign=linux-variant-of-revil-ransomware-targets-vmwares-esxi-nas-devices