CyberAlerts

CVE-2021-35534

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Vulnerability: Improper Handling of Insufficient Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow anyone with user credentials to bypass the security controls enforced by the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports the following products are affected: Relion 670/650 series: Version 2.2.0 all revisions Relion 670/650/SAM600-IO series: Version 2.2.1 all revisions up to but not including version 2.2.1.8. Relion 670 series: Version 2.2.2 all revisions up to but not including 2.2.2.5 Relion 670 series: Version 2.2.3 revisions up to 2.2.3.4 Relion 670/650 series Version 2.2.4 all revisions up to but not including version 2.2.4.3. Relion 670/650/SAM600-IO series: Version 2.2.5 up to revision 2.2.5.1 Relion 670/650 series: Version 2.1 all revisions up to but not including version 2.1.0.5 Relion 670 series: Version 2.0 all revisions up to but not including version 2.0.0.14. Relion 650 series: Version 1.3 all revisions up to but not including version 1.3.0.8. Relion 650 series: Version 1.2 all revisions Relion 650 series: Version 1.1 all revisions Relion 650 series: Version 1.0 all revisions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER HANDLING OF INSUFFICIENT PRIVILEGES CWE-274 A vulnerability exists in the database schema inside the product. An attacker ...

CVSS: HIGH (7.2)

Source: All CISA Advisories

March 6th, 2025 (4 months ago)

CVE-2023-0286

Hitachi Energy PCU400

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: PCU400, PCULogger Vulnerabilities: Access of Resource Using Incompatible Type ('Type Confusion'), NULL Pointer Dereference, Use After Free, Double Free, Observable Discrepancy, Out-of-bounds Read 2. RISK EVALUATION Exploitation of these vulnerabilities could allow an attacker to access or decrypt sensitive data, crash the device application, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: PCU400: Version 6.5 K and prior PCU400: Version 9.4.1 and prior PCULogger: Version 1.1.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843 There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial-of-service. In most cases, the attack ...

CVSS: HIGH (7.4)

Source: All CISA Advisories

March 6th, 2025 (4 months ago)

CVE-2025-24864

Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability...

Description: Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.

CVSS: HIGH (7.8)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE

March 6th, 2025 (4 months ago)

CVE-2025-22447

Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability...

Description: Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.

CVSS: HIGH (7.8)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE

March 6th, 2025 (4 months ago)

CVE-2024-13893

Shared credentials in Smartwares cameras

Description: Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the inserted SD card needs to have a folder with a specific name created. Two products were tested, but since the vendor has not replied to reports, patching status remains unknown, as well as groups of devices and firmware ranges in which the same password is shared. Newer firmware versions might be vulnerable as well.

CVSS: HIGH (7.5)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE

March 6th, 2025 (4 months ago)

CVE-2024-13892

Command Injection in Smartwares cameras

Description: Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. During the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly sanitized, what allows for command injection. The vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well.

CVSS: HIGH (7.7)

EPSS Score: 0.71%

SSVC Exploitation: none

Source: CVE

March 6th, 2025 (4 months ago)

CVE-2024-12146

SQLi in Finder Fire Safety's Finder ERP/CRM (New System)

Description: Improper Validation of Syntactic Correctness of Input vulnerability in Finder Fire Safety Finder ERP/CRM (New System) allows SQL Injection.This issue affects Finder ERP/CRM (New System): before 18.12.2024.

CVSS: HIGH (7.5)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE

March 6th, 2025 (4 months ago)

CVE-2024-7872

Sensetive Data Exposure in ExtremePACS' Extreme XDS

Description: Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data.This issue affects Extreme XDS: before 3933.

CVSS: HIGH (7.6)

EPSS Score: 0.02%

Source: CVE

March 6th, 2025 (4 months ago)

CVE-2024-50250

Linux Distros Unpatched Vulnerability : CVE-2024-50250

Description: Nessus Plugin ID 230429 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fsdax: dax_unshare_iter needs to copy entire blocks The code that copies data from srcmap to iomap in dax_unshare_iter is very very broken, which bfoster's recent fsx changes have exposed. If the pos and len passed to dax_file_unshare are not aligned to an fsblock boundary, the iter pos and length in the _iter function will reflect this unalignment. dax_iomap_direct_access always returns a pointer to the start of the kmapped fsdax page, even if its pos argument is in the middle of that page. This is catastrophic for data integrity when iter->pos is not aligned to a page, because daddr/saddr do not point to the same byte in the file as iter->pos. Hence we corrupt user data by copying it to the wrong place. If iter->pos + iomap_length() in the _iter function not aligned to a page, then we fail to copy a full block, and only partially populate the destination block. This is catastrophic for data confidentiality because we expose stale pmem contents. Fix both of these issues by aligning copy_pos/copy_len to a page boundary ...

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: Tenable Plugins

March 6th, 2025 (4 months ago)

CVE-2024-55605

Linux Distros Unpatched Vulnerability : CVE-2024-55605

Description: Nessus Plugin ID 230457 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in Suricata 7.0.8. (CVE-2024-55605)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/230457

CVSS: HIGH (7.5)

Source: Tenable Plugins

March 6th, 2025 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2021-35534	Hitachi Energy Relion 670/650/SAM600-IO Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Vulnerability: Improper Handling of Insufficient Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow anyone with user credentials to bypass the security controls enforced by the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports the following products are affected: Relion 670/650 series: Version 2.2.0 all revisions Relion 670/650/SAM600-IO series: Version 2.2.1 all revisions up to but not including version 2.2.1.8. Relion 670 series: Version 2.2.2 all revisions up to but not including 2.2.2.5 Relion 670 series: Version 2.2.3 revisions up to 2.2.3.4 Relion 670/650 series Version 2.2.4 all revisions up to but not including version 2.2.4.3. Relion 670/650/SAM600-IO series: Version 2.2.5 up to revision 2.2.5.1 Relion 670/650 series: Version 2.1 all revisions up to but not including version 2.1.0.5 Relion 670 series: Version 2.0 all revisions up to but not including version 2.0.0.14. Relion 650 series: Version 1.3 all revisions up to but not including version 1.3.0.8. Relion 650 series: Version 1.2 all revisions Relion 650 series: Version 1.1 all revisions Relion 650 series: Version 1.0 all revisions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER HANDLING OF INSUFFICIENT PRIVILEGES CWE-274 A vulnerability exists in the database schema inside the product. An attacker ... CVSS: HIGH (7.2) Source: All CISA Advisories March 6th, 2025 (4 months ago)
CVE-2023-0286	Hitachi Energy PCU400 Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: PCU400, PCULogger Vulnerabilities: Access of Resource Using Incompatible Type ('Type Confusion'), NULL Pointer Dereference, Use After Free, Double Free, Observable Discrepancy, Out-of-bounds Read 2. RISK EVALUATION Exploitation of these vulnerabilities could allow an attacker to access or decrypt sensitive data, crash the device application, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: PCU400: Version 6.5 K and prior PCU400: Version 9.4.1 and prior PCULogger: Version 1.1.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843 There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial-of-service. In most cases, the attack ... CVSS: HIGH (7.4) Source: All CISA Advisories March 6th, 2025 (4 months ago)
CVE-2025-24864	Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability... Description: Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege. CVSS: HIGH (7.8) EPSS Score: 0.01% SSVC Exploitation: none Source: CVE March 6th, 2025 (4 months ago)
CVE-2025-22447	Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability... Description: Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege. CVSS: HIGH (7.8) EPSS Score: 0.01% SSVC Exploitation: none Source: CVE March 6th, 2025 (4 months ago)
CVE-2024-13893	Shared credentials in Smartwares cameras Description: Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the inserted SD card needs to have a folder with a specific name created. Two products were tested, but since the vendor has not replied to reports, patching status remains unknown, as well as groups of devices and firmware ranges in which the same password is shared. Newer firmware versions might be vulnerable as well. CVSS: HIGH (7.5) EPSS Score: 0.02% SSVC Exploitation: none Source: CVE March 6th, 2025 (4 months ago)
CVE-2024-13892	Command Injection in Smartwares cameras Description: Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. During the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly sanitized, what allows for command injection. The vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well. CVSS: HIGH (7.7) EPSS Score: 0.71% SSVC Exploitation: none Source: CVE March 6th, 2025 (4 months ago)
CVE-2024-12146	SQLi in Finder Fire Safety's Finder ERP/CRM (New System) Description: Improper Validation of Syntactic Correctness of Input vulnerability in Finder Fire Safety Finder ERP/CRM (New System) allows SQL Injection.This issue affects Finder ERP/CRM (New System): before 18.12.2024. CVSS: HIGH (7.5) EPSS Score: 0.06% SSVC Exploitation: none Source: CVE March 6th, 2025 (4 months ago)
CVE-2024-7872	Sensetive Data Exposure in ExtremePACS' Extreme XDS Description: Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data.This issue affects Extreme XDS: before 3933. CVSS: HIGH (7.6) EPSS Score: 0.02% Source: CVE March 6th, 2025 (4 months ago)
CVE-2024-50250	Linux Distros Unpatched Vulnerability : CVE-2024-50250 Description: Nessus Plugin ID 230429 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fsdax: dax_unshare_iter needs to copy entire blocks The code that copies data from srcmap to iomap in dax_unshare_iter is very very broken, which bfoster's recent fsx changes have exposed. If the pos and len passed to dax_file_unshare are not aligned to an fsblock boundary, the iter pos and length in the _iter function will reflect this unalignment. dax_iomap_direct_access always returns a pointer to the start of the kmapped fsdax page, even if its pos argument is in the middle of that page. This is catastrophic for data integrity when iter->pos is not aligned to a page, because daddr/saddr do not point to the same byte in the file as iter->pos. Hence we corrupt user data by copying it to the wrong place. If iter->pos + iomap_length() in the _iter function not aligned to a page, then we fail to copy a full block, and only partially populate the destination block. This is catastrophic for data confidentiality because we expose stale pmem contents. Fix both of these issues by aligning copy_pos/copy_len to a page boundary ... CVSS: HIGH (7.1) EPSS Score: 0.02% Source: Tenable Plugins March 6th, 2025 (4 months ago)
CVE-2024-55605	Linux Distros Unpatched Vulnerability : CVE-2024-55605 Description: Nessus Plugin ID 230457 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in Suricata 7.0.8. (CVE-2024-55605)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/230457 CVSS: HIGH (7.5) Source: Tenable Plugins March 6th, 2025 (4 months ago)