Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 159818 entries
IDDescriptionPriorityModified date
CVE-2022-30287 Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. -- Jul 29, 2022
CVE-2022-30276 The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication (MDLC) networks (potentially over a variety of serial, RF and/or Ethernet links) and TCP/IP networks. Communication with RTUs behind the gateway is done by means of the proprietary IPGW protocol (5001/TCP). This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality. -- Jul 27, 2022
CVE-2022-30275 The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file. -- Jul 27, 2022
CVE-2022-30274 The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm (TEA) in ECB mode using a hardcoded key. Similarly, the ACE1000 RTU can route MDLC traffic over Extended Command and Management Protocol (XCMP) and Network Layer (XNL) networks via the MDLC driver. Authentication to the XNL port is protected by TEA in ECB mode using a hardcoded key. -- Jul 27, 2022
CVE-2022-30273 The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers. -- Jul 27, 2022
CVE-2022-30272 The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kernel, package, bundle, or application images can be installed. Firmware updates for the Front End Processor (FEP) module are performed via access to the SSH interface (22/TCP), where a .hex file image is transferred and a bootloader script invoked. File system, kernel, package, and bundle updates are supplied as RPM (RPM Package Manager) files while FEP updates are supplied as S-rec files. In all cases, firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks. -- Jul 27, 2022
CVE-2022-30271 The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default. -- Jul 27, 2022
CVE-2022-30270 The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that are part of engineering software functionality. Access to this interface is controlled by 5 preconfigured accounts (root, abuilder, acelogin, cappl, ace), all of which come with default credentials. Although the ACE1000 documentation mentions the root, abuilder and acelogin accounts and instructs users to change the default credentials, the cappl and ace accounts remain undocumented and thus are unlikely to have their credentials changed. -- Jul 27, 2022
CVE-2022-30269 Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images (as PLX/DAT/APP/CRC files) are uploaded via the Web UI. In case of the C toolkit, they are transferred and installed using SFTP/SSH. In each case, application images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks. -- Jul 27, 2022
CVE-2022-30083 EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote). -- Jul 30, 2022
CVE-2022-29965 The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350. -- Jul 27, 2022
CVE-2022-29964 The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. -- Jul 27, 2022
CVE-2022-29963 The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. -- Jul 27, 2022
CVE-2022-29962 The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. -- Jul 27, 2022
CVE-2022-29960 Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities. -- Jul 27, 2022
CVE-2022-29958 JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory address and a blob of machine code. The logic that is downloaded to the PLC is not cryptographically authenticated, allowing an attacker to execute arbitrary machine code on the PLC\'s CPU module in the context of the runtime. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, a processor without MPU or MMU is used and this no memory protection or privilege-separation capabilities are available, giving an attacker full control over the CPU. -- Jul 27, 2022
CVE-2022-29957 The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. -- Jul 27, 2022
CVE-2022-29953 The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality. -- Jul 27, 2022
CVE-2022-29952 Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. -- Jul 27, 2022
CVE-2022-29951 JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality. -- Jul 27, 2022
CVE-2022-29709 CommuniLink Internet Limited CLink Office v2.0 was discovered to contain multiple SQL injection vulnerabilities via the username and password parameters. -- Jul 25, 2022
CVE-2022-29558 Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface. -- Jul 29, 2022
CVE-2022-29360 The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message. -- Jul 29, 2022
CVE-2022-27873 An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information. -- Jul 29, 2022
CVE-2022-27866 A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. -- Jul 29, 2022
CVE-2022-27865 A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code. -- Jul 29, 2022
CVE-2022-27864 A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. -- Jul 29, 2022
CVE-2022-27615 Improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors. -- Jul 28, 2022
CVE-2022-27614 Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors. -- Jul 28, 2022
CVE-2022-27613 Improper neutralization of special elements used in an SQL command (\'SQL Injection\') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors. -- Jul 28, 2022
CVE-2022-27612 Buffer copy without checking size of input (\'Classic Buffer Overflow\') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors. -- Jul 28, 2022
CVE-2022-27611 Improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors. -- Jul 28, 2022
CVE-2022-27610 Improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors. -- Jul 27, 2022
CVE-2022-27509 Unauthenticated redirection to a malicious website -- Jul 28, 2022
CVE-2022-27105 InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users. -- Jul 27, 2022
CVE-2022-26307 LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3. -- Jul 25, 2022
CVE-2022-26306 LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user\'s configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1. -- Jul 25, 2022
CVE-2022-26305 An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1. -- Jul 25, 2022
CVE-2022-24992 A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal. -- Jul 25, 2022
CVE-2022-24912 The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events. -- Jul 29, 2022
CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. -- Jul 29, 2022
CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. -- Jul 29, 2022
CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference -- Jul 29, 2022
CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. -- Jul 29, 2022
CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously -- Jul 29, 2022
CVE-2022-24805 A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. -- Jul 29, 2022
CVE-2022-24406 OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls. -- Jul 27, 2022
CVE-2022-24405 OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. -- Jul 27, 2022
CVE-2022-24083 Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks. -- Jul 25, 2022
CVE-2022-23101 OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. -- Jul 27, 2022
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online