Home / Advisories

Advisories

KLCERT-19-030: Hasplm cookie without HTTPOnly attribute

05 June 2019

Hasplm cookie does not have a HTTPOnly attribute. This allows malicious javascript to steal these cookie.
KLCERT-19-029: Gemalto Admin Control Center uses cleartext communication with www3.safenet-inc.com

05 June 2019

Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs.
KLCERT-19-027: Remote Code Execution Vulnerability in Siemens SIMATIC WinCC and SIMATIC PCS 7

16 May 2019

An attacker with network access to affected installations, which are configured without “Encrypted Communication”, can execute arbitrary code. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device.
KLCERT-19-026: Siemens WinCC local denial of service

16 May 2019

An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system.
KLCERT-19-025: Siemens SIMATIC WinCC and SIMATIC PCS 7 remote code execution using specially crafted project files

16 May 2019

An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system.
KLCERT-19-024: UltraVNC Improper Initialization

01 March 2019

UltraVNC revision 1211 contains multiple memory leaks (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
KLCERT-19-023: UltraVNC Stack-based Buffer Overflow

01 March 2019

UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can results Denial of System (DoS). This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
KLCERT-19-022: UltraVNC Improper Null Termination

01 March 2019

UltraVNC revision 1211 has a multiple improper null termination vulnerabilities in VNC server code, which result out-of-bound data being access by remote user. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
KLCERT-19-021: UltraVNC Heap-based Buffer Overflow

01 March 2019

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
KLCERT-19-020: UltraVNC Heap-based Buffer Overflow

01 March 2019

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.