Industrial Cyber’s Post

Microsoft researchers discovered two vulnerabilities in Rockwell Automation’s PanelView Plus that could be remotely exploited by attackers to allow remote code execution (RCE) and denial of service (DoS). PanelView Plus devices are graphic terminals, also known as human machine interface (HMI), used in the industrial sector. Both vulnerabilities are related to custom classes in PanelView Plus. The RCE vulnerability involves two custom classes that could be used to upload and load a malicious DLL into the device. The DoS vulnerability takes advantage of the same custom class to send a crafted buffer that the device is unable to handle properly, thus leading to a DoS. Microsoft reported these findings to Rockwell Automation in May and July 2023, and Rockwell Automation published security patches to address the vulnerabilities in September and October 2023. We’re sharing our research to help developers, vendors, and the industry in general to avoid or detect similar issues in their systems. Read our latest blog to get our analysis of the vulnerabilities, as well as mitigation and protection guidance for defenders: https://msft.it/6046l8Ufn

Despite being designed to be a safe programming language for in memory runtime protection, as anything else, it's not bullet proof. "Critical Rust Vulnerability Let Hackers Inject Commands On Windows Systems" ➡ This means that your attack surface must always be considered independently from the claims of a product or provider ➡ Designing proper security architecture is a critical task, allowing you to implement overlapping security controls, and reduce the likelihood of an incident. 💡 As we support our customer when they deploy your solutions, we always support them in their security and privacy consideration. May this be a good organization security culture, or a mandatory task due to regulations, a proper security architecture planning is always an asset. The goal is always security and privacy by design and by default. #cybesecurity #technology #securitybydesign #privacybydesign https://lnkd.in/e-gXgaU8

Aruba Networking has released patches for ArubaOS to fix 4 critical flaws allowing remote code execution, giving attackers full control.    https://lnkd.in/g8a-FwTH    Vulnerability affects mobility controllers, WLAN gateways, and more. Update software immediately to stay protected. #cybersecurity #hacking #security #technology #hacker #infosec #ethicalhacking #cybercrime #tech #linux #cyber #hackers #informationsecurity #cyberattack #programming #malware #kalilinux #privacy #cybersecurityawareness #coding #datasecurity #dataprotection #python #ethicalhacker #hack #it #computerscience #pentesting #informationtechnology #business

Are you secure? 1. Read blog post bellow 2. Check your Rockwell PanelView: CVE-2023-2071 (9.8) CVE-2023-29464 (8.2)

Mastering Scapy: A Comprehensive Guide to Network Analysis 1) Introduction to Scapy 2) Creating and Sending Packets 3) Packet Capturing and Analysis 4) Protocols and Layers 5) Packet Manipulation 6) ARP Spoofing 7) DNS Queries and Spoofing 8) Network Scanning Techniques 9) DoS and DDoS Attacks 10) TCP/IP Attacks, 12) Wireless Network Analysis 13) Working with IPv6 14) Advanced Usage and Example Scenarios and more https://lnkd.in/dCiZgKsC with Buy Me a Coffee #python #cybersecurity #technology #network #cyber 

If you have installed a Sierra Wireless AirLink device for access, connection, or communication to critical assets, consider reviewing the current firmware versions and updating. CVE-2023-40458 - 40464 identify the vulnerabilities in previous AirLink ALEOS firmware. Many times cellular devices are used to connect and allow access to process environments, operations, and control systems. This should be done only in the most rare situations and scenarios, as exposed environments to external networks has proven problematic in recent weeks and significantly increases risk of compromise. If these external connections are necessary to operations, then ensuring adequate safeguards, secure by design architecture, use of firewalls (beyond the integrated cellular device firewall feature), restricted port, account, and access control, etc., become vital. The recommended approach is to NOT have the process environment connected to an external network. But to have intermediate infrastructure as a 'landing zone' to provide proper identification, authentication, and access control permissions to the process environment. The process environment and systems would NOT have the ability to communicate beyond internal boundaries, reducing risk of exposure to public and hostile networks such as the Internet. #informationsecurity #cybersecurity #criticalinfrastructure #sierrawireless #technology #data #security #riskmanagement

🚨RCE Threat Discovered🚨 Nozomi Networks Labs has discovered nine vulnerabilities affecting Schweitzer Engineering Laboratories (SEL) software applications, SEL-5030 acSELeratorQuickSet and SEL-5037 GridConfigurator. 💻 These applications are used for configuring and monitoring SEL devices and are at risk of remote code execution (RCE) due to the most severe of the 9 vulnerabilities identified. Attackers could potentially manipulate logic in SEL devices, posing a significant threat to infrastructure security. These vulnerabilities impact various aspects, including the improper handling of Unicode encoding and missing authentication for critical functions. One notable vulnerability discovered, CVE-2023-31171, exists in QuickSet's import of a device configuration from an external DMX file, enabling RCE on the engineering workstation. If both QuickSet and Grid Configurator are installed, this vulnerability could be combined with CVE-2023-31175 to achieve administrative privileges on the target workstation. Attack vectors include phishing emails with malicious DMX file attachments or tampering with DMX files in storage servers, and in the event the workstation is compromised, attackers can exfiltrate data, manipulate device logic, and move laterally. 💽 Another significant vulnerability identified, CVE-2023-34392, arises from an unauthenticated web service exposed by Grid Configurator on localhost. This allows a crafted client-side script to send commands to target devices, possibly through a malicious webpage. If attackers compromise a frequently visited website, a stored Cross-Site Scripting (XSS) vulnerability could further exploit this flaw. and attackers can execute supported commands on target devices, potentially covering their tracks by clearing the terminal history. Nozomi Networks Labs recommends updating both QuickSet and Grid Configurator applications to the latest versions. SEL initially disclosed these vulnerabilities to customers through product instruction manual appendices in June 2023. Nozomi Networks previously identified vulnerabilities in SEL's web interface and disclosed them last November. 📣 We encourage our Opswright community to read through the full article below which details all of the vulnerabilities identified as well as their potential security threats if not addressed. Staying informed and up to date on the latest cyber security tactics is our best defense against attack. Once you've read the article, comment below with your thoughts on this recent announcement, and share your strategy for implementing regular system updates.

🚨 Security Alert: 16 high-severity security flaws found in CODESYS V3 SDK! These could lead to remote code execution & disruption in operational technology environments. Know more: https://lnkd.in/dVQpDY-Y #cybersecurity #hacking #infosecurity

Exploiting embedded mitel phones for unauthenticated remote code execution: https://lnkd.in/dtd_-pz6 #exploitation #exploit #rce #infosec #informationsecurity #cybersecurity

>> #Hackers #exploit #ZeroDay #vulnerability (CVE-2024-3400) in #PaloAlto Networks' PAN-OS software since March 26, 2024 >> Attackers gain root privilege, install Python-based backdoor (UPSTYLE) on firewalls >> Campaign named #MidnightEclipse targets specific PAN-OS configurations, including versions 10.2, 11.0, and 11.1 >> Vulnerable configurations have #GlobalProtect gateway and device telemetry enabled >> Threat actor group, #UTA0218, likely aims for data extraction >> Palo Alto Networks releases hotfixes, advises admins to apply patches promptly. https://lnkd.in/gU3P4BN9