CVE-2019-6571

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02). An attacker with network access to port 10005/tcp of the LOGO! device could cause a Denial-of-Service condition by sending specially crafted packets. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Source: CVE-2019-6571

CVE-2019-1064

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka ‘Windows Elevation of Privilege Vulnerability’.

Source: CVE-2019-1064

CVE-2019-1052

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051.

Source: CVE-2019-1052

CVE-2019-10925

A vulnerability has been identified in SIMATIC Ident MV420 family (All versions), SIMATIC Ident MV440 family (All versions). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Valid user credentials, but no user interaction are required. Successful exploitation compromises integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Source: CVE-2019-10925

CVE-2019-10926

A vulnerability has been identified in SIMATIC Ident MV420 family (All versions), SIMATIC Ident MV440 family (All versions). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an attacker in a privileged network position which allows evesdropping the communication between the affected device and the user. The user must invoke a session. Successful exploitation of the vulnerability compromises confidentiality of the data transmitted. At the time of advisory publication no public exploitation of this security vulnerability was known.

Source: CVE-2019-10926

CVE-2019-1080

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1055.

Source: CVE-2019-1080

CVE-2019-1081

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka ‘Microsoft Browser Information Disclosure Vulnerability’.

Source: CVE-2019-1081

CVE-2019-1069

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka ‘Task Scheduler Elevation of Privilege Vulnerability’.

Source: CVE-2019-1069

CVE-2019-1055

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1080.

Source: CVE-2019-1055

CVE-2019-1054

A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW), aka ‘Microsoft Edge Security Feature Bypass Vulnerability’.

Source: CVE-2019-1054