Home / Advisories / KLCERT advisories

KLCERT advisories

KLCERT-20-014: Session token exposed in Honeywell ControlEdge PLC and RTU

23 June 2020

Exposed session token in Honeywell ControlEdge PLC and RTU.
KLCERT-20-013: Unencypted password transmission in Honeywell ControlEdge PLC and RTU

23 June 2020

Unencrypted password transmission on the network in Honeywell ControlEdge PLC and RTU.
KLCERT-20-012: Missing Authentication in Emerson OpenEnterprise SCADA before 3.3.4

20 May 2020

Missing Authentication in Emerson OpenEnterprise SCADA versions before 3.3.4 might lead to arbitrary code execution. The affected components may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
KLCERT-20-011: Inadequate Encryption Strength in Emerson OpenEnterprise SCADA before 3.3.4

20 May 2020

Inadequate Encryption Strength in Emerson OpenEnterprise SCADA versions before 3.3.4. Inadequate encryption may allow the passwords for OpenEnterprise user accounts to be obtained.
KLCERT-20-010: Improper Ownership Management in Emerson OpenEnterprise SCADA before 3.3.4

20 May 2020

Improper Ownership Management in Emerson OpenEnterprise SCADA versions before 3.3.4. Inadequate folder security permissions may allow modification of important configuration files which could cause the system to fail or behave in an unpredictable manner.
KLCERT-20-009: Remote Code Execution on LibVNC version prior to 0.9.12

23 March 2020

LibVNC client code contains heap buffer overflow vulnerability in commit prior to 6073771eed1caf72f196e410182471e0dfd32149. This could possible result into remote code execution. This attack appear to be exploitable via network connectivity. The issue has been fixed in commit 54220248886b5001fbbb9fa73c4e1a2cb9413fed.
KLCERT-20-008: Remote Code Execution on TigerVNC version prior to 1.10.1

23 March 2020

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
KLCERT-20-007: Remote Code Execution on TigerVNC version prior to 1.10.1

23 March 2020

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
KLCERT-20-006: Remote Code Execution on TigerVNC version prior to 1.10.1

23 March 2020

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
KLCERT-20-005: Remote Code Execution on TigerVNC version prior to 1.10.1

23 March 2020

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.