Advisories

KLCERT-20-012: Missing Authentication in Emerson OpenEnterprise SCADA before 3.3.4

20 May 2020

Missing Authentication in Emerson OpenEnterprise SCADA versions before 3.3.4 might lead to arbitrary code execution. The affected components may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
KLCERT-20-011: Inadequate Encryption Strength in Emerson OpenEnterprise SCADA before 3.3.4

20 May 2020

Inadequate Encryption Strength in Emerson OpenEnterprise SCADA versions before 3.3.4. Inadequate encryption may allow the passwords for OpenEnterprise user accounts to be obtained.
KLCERT-20-010: Improper Ownership Management in Emerson OpenEnterprise SCADA before 3.3.4

20 May 2020

Improper Ownership Management in Emerson OpenEnterprise SCADA versions before 3.3.4. Inadequate folder security permissions may allow modification of important configuration files which could cause the system to fail or behave in an unpredictable manner.
KLCERT-20-009: Remote Code Execution on LibVNC version prior to 0.9.12

23 March 2020

LibVNC client code contains heap buffer overflow vulnerability in commit prior to 6073771eed1caf72f196e410182471e0dfd32149. This could possible result into remote code execution. This attack appear to be exploitable via network connectivity. The issue has been fixed in commit 54220248886b5001fbbb9fa73c4e1a2cb9413fed.
KLCERT-20-008: Remote Code Execution on TigerVNC version prior to 1.10.1

23 March 2020

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
KLCERT-20-007: Remote Code Execution on TigerVNC version prior to 1.10.1

23 March 2020

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
KLCERT-20-006: Remote Code Execution on TigerVNC version prior to 1.10.1

23 March 2020

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
KLCERT-20-005: Remote Code Execution on TigerVNC version prior to 1.10.1

23 March 2020

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
KLCERT-20-004: Remote Code Execution on TigerVNC version prior to 1.10.1

23 March 2020

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
KLCERT-20-003: Remote Code Execution on Emerson OpenEnterprise SCADA Server version 2.83 and all versions of OpenEnterprise 3.1 through 3.3.3

23 March 2020

A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server version 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.