» 2020 » 7월

CVE-2020-15919

Posted on 2020년 7월 24일2020년 7월 24일 by admin

CVE-2020-15919

A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.

Source: CVE-2020-15919

CVE-2020-15918

Posted on 2020년 7월 24일2020년 7월 24일 by admin

CVE-2020-15918

Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.

Source: CVE-2020-15918

CVE-2020-15920

Posted on 2020년 7월 24일2020년 7월 24일 by admin

CVE-2020-15920

There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.

Source: CVE-2020-15920

CVE-2020-7515

Posted on 2020년 7월 24일2020년 7월 24일 by admin

CVE-2020-7515

A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to decrypt a password.

Source: CVE-2020-7515

CVE-2020-7520

Posted on 2020년 7월 24일2020년 7월 24일 by admin

CVE-2020-7520

A CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim’s machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker’s possession. A man-in-the-middle attack is then used to complete the exploit.

Source: CVE-2020-7520

CVE-2020-7519

Posted on 2020년 7월 24일2020년 7월 24일 by admin

CVE-2020-7519

A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.

Source: CVE-2020-7519

CVE-2020-7518

Posted on 2020년 7월 24일2020년 7월 24일 by admin

CVE-2020-7518

A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files.

Source: CVE-2020-7518

CVE-2020-15633

Posted on 2020년 7월 24일2020년 7월 24일 by admin

CVE-2020-15633

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835.

Source: CVE-2020-15633

CVE-2020-7516

Posted on 2020년 7월 24일2020년 7월 24일 by admin

CVE-2020-7516

A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to login credentials.

Source: CVE-2020-7516

CVE-2020-7491

Posted on 2020년 7월 24일2020년 7월 24일 by admin

CVE-2020-7491

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.

Source: CVE-2020-7491