CVE-2024-2013
published 2024-06-11CVE-2024-2013: An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to…
PriorityP271critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.68%
47.8th percentile
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /
API Gateway component that if exploited allows attackers without
any access to interact with the services and the post-authentication
attack surface.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | unem | — | — |
| hitachienergy | unem | — | — |
| hitachienergy | unem | — | — |
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cisa8.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: wifi: rtlwifi: remove unused check_buddy_priv
vendor_redhat·2025-03-06·CVSS 7.8
CVE-2024-58072 [HIGH] CWE-416 kernel: wifi: rtlwifi: remove unused check_buddy_priv
kernel: wifi: rtlwifi: remove unused check_buddy_priv
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtlwifi: remove unused check_buddy_priv
Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global
list of private data structures.
Later on, commit 26634c4b1868 ("rtlwifi Modify existing bits to match
vendor version 2013.02.07") started adding the private data to that list at
probe time and added a hook, check_buddy_priv to find the private data from
a similar device.
However, that function was never used.
Besides, though there is a lock for that list, it is never used. And when
the probe fails, the private data is never removed from the list. This
would cause a second probe to access freed memory.
Remove the unused hook, structures and members, whi
CISA ICS
Hitachi Energy UNEM
cisa_ics·2025-01-30·CVSS 8.6
[HIGH] Hitachi Energy UNEM
ICS Advisory
##
Hitachi Energy UNEM
Release DateJanuary 30, 2025
Alert CodeICSA-25-030-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: UNEM
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Argument Injection, Heap-based Buffer Overflow, Improper Certificate Validation, Use of Hard-coded Password, Improper Restriction of Excessive Authentication Attempts, Cleartext Storage of Sensitive Information, Incorrect User Management
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial of service,
CISA ICS
Hitachi Energy FOXMAN-UN
cisa_ics·2025-01-14·CVSS 8.6
[HIGH] Hitachi Energy FOXMAN-UN
ICS Advisory
##
Hitachi Energy FOXMAN-UN
Release DateJanuary 14, 2025
Alert CodeICSA-25-014-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: FOXMAN-UN
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'), Heap-based Buffer Overflow, Incorrect User Management, Improper Certificate Validation, Improper Restriction of Excessive Authentication Attempts, Use of Hard-coded Password, Cleartext Storage of Sensitive Information
## 2. RISK EVALUATION
Successful exploitation of t
CISA
Adobe Flash Player Code Execution Vulnerability
cisa·2024-09-17·CVSS 8.8
CVE-2013-0648 [HIGH] Adobe Flash Player Code Execution Vulnerability
Vulnerability: Adobe Flash Player Code Execution Vulnerability
Affected: Adobe Flash Player
Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.
Required Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notes: https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2013-0648
Remediation Due Date: 2024-10-08
CISA
Adobe Flash Player Incorrect Default Permissions Vulnerability
cisa·2024-09-17·CVSS 8.8
CVE-2013-0643 [HIGH] CWE-264 Adobe Flash Player Incorrect Default Permissions Vulnerability
Vulnerability: Adobe Flash Player Incorrect Default Permissions Vulnerability
Affected: Adobe Flash Player
Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
Required Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notes: https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2013-0643
Remediation Due Date: 2024-10-08
GHSA
GHSA-fc83-86ww-f7qw: An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /
API Gateway component that if exploited allows attackers without
any acce
ghsa_unreviewed·2024-06-11
CVE-2024-2013 [CRITICAL] CWE-288 GHSA-fc83-86ww-f7qw: An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /
API Gateway component that if exploited allows attackers without
any acce
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /
API Gateway component that if exploited allows attackers without
any access to interact with the services and the post-authentication
attack surface.
Suricata
ET EXPLOIT D-Link Related Command Injection Attempt Inbound (CVE-2013-7471)
suricata·2022-11-23·CVSS 9.8
CVE-2013-7471 [CRITICAL] ET EXPLOIT D-Link Related Command Injection Attempt Inbound (CVE-2013-7471)
ET EXPLOIT D-Link Related Command Injection Attempt Inbound (CVE-2013-7471)
Rule: alert http any any -> $HOME_NET any (msg:"ET EXPLOIT D-Link Related Command Injection Attempt Inbound (CVE-2013-7471)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:28; content:"/soap.cgi?service=WANIPConn1"; fast_pattern; http.request_body; content:"|60|"; content:"|60|"; distance:0; reference:cve,2013-7471; reference:url,nvd.nist.gov/vuln/detail/cve-2013-7471; classtype:attempted-admin; sid:2039833; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2022_11_23, cve CVE_2013_7471, deployment Perimeter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_27, r
Suricata
ET EXPLOIT Possible Linksys WRT100/110 RCE Attempt (CVE-2013-3568)
suricata·2019-03-19·CVSS 8.8
CVE-2013-3568 [HIGH] ET EXPLOIT Possible Linksys WRT100/110 RCE Attempt (CVE-2013-3568)
ET EXPLOIT Possible Linksys WRT100/110 RCE Attempt (CVE-2013-3568)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Linksys WRT100/110 RCE Attempt (CVE-2013-3568)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/ping.cgi"; startswith; endswith; http.request_body; content:"pingstr="; startswith; fast_pattern; content:"|3b|"; within:25; reference:cve,2013-3568; reference:url,www.exploit-db.com/exploits/28484; classtype:attempted-user; sid:2027097; rev:6; metadata:attack_target IoT, created_at 2019_03_19, cve CVE_2013_3568, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, updated_at 2024_04_13;)
Suricata
ET MALWARE W32/Citadel.Arx Variant CnC Beacon 1
suricata·2013-11-07
CVE-2013-3906 ET MALWARE W32/Citadel.Arx Variant CnC Beacon 1
ET MALWARE W32/Citadel.Arx Variant CnC Beacon 1
Rule: alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Citadel.Arx Variant CnC Beacon 1"; flow:established,to_server; http.uri; content:"/rssfeed.php?a="; fast_pattern; pcre:"/^[^&]+?&\d+$/R"; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; reference:url,botnetlegalnotice.com/citadel/files/Patel_Decl_Ex20.pdf; reference:url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/the-dual-use-exploit-cve-2013-3906-used-in-both-targeted-attacks-and-crimeware-campaigns.html; classtype:command-and-control; sid:2017690; rev:4; metadata:attack_target Client_Endpoint, created_at 2013_11_07, deployment Perimeter, signature_severity Major, tag c2, updated_at 2024_04_20, mitre_tactic_id TA0010, mitre_tactic_name Exfi
Suricata
ET WEB_SPECIFIC_APPS Oracle JSF2 Path Traversal Attempt
suricata·2013-10-17
CVE-2013-3827 ET WEB_SPECIFIC_APPS Oracle JSF2 Path Traversal Attempt
ET WEB_SPECIFIC_APPS Oracle JSF2 Path Traversal Attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Oracle JSF2 Path Traversal Attempt"; flow:established,to_server; http.uri; content:"/WEB-INF/web.xml"; nocase; fast_pattern; http.uri.raw; content:"|2e 2e 2f|"; reference:url,www.synopsys.com/blogs/software-security/path-traversal-defects-oracles-jsf2-implementation.html; reference:cve,2013-3827; classtype:web-application-attack; sid:2017611; rev:5; metadata:created_at 2013_10_17, cve CVE_2013_3827, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name F
Suricata
ET MALWARE EvilGrab/Vidgrab Checkin
suricata·2013-09-04
CVE-2012-0158 ET MALWARE EvilGrab/Vidgrab Checkin
ET MALWARE EvilGrab/Vidgrab Checkin
Rule: alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE EvilGrab/Vidgrab Checkin"; flow:established,to_server; content:"|7c 28|"; pcre:"/^\d{1,3}\x2e\d{1,3}\x2e\d{1,3}\x2e\d{1,3}/R"; content:"|29 7c|"; within:2; pcre:"/^\d{1,5}/R"; content:"|7c|Win"; within:4; reference:url,contagiodump.blogspot.com.br/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html; classtype:command-and-control; sid:2017413; rev:4; metadata:created_at 2013_09_04, signature_severity Major, updated_at 2024_03_06;)
Suricata
ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload
suricata·2013-06-28
CVE-2012-6081 ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload
ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"?action=twikidraw"; fast_pattern; content:"&target="; distance:0; content:"../moin.wsgi"; endswith; reference:bugtraq,57082; reference:cve,2012-6081; reference:url,packetstormsecurity.com/files/122079/moinmoin_twikidraw.rb.txt; reference:url,exploit-db.com/exploits/25304/; classtype:web-application-attack; sid:2017074; rev:6; metadata:created_at 2013_06_28, cve CVE_2012_6081, signature_severity Major, updated_at 2024_03_06, reviewed_at 2024_02_06;)
Suricata
ET EXPLOIT_KIT Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request
suricata·2013-01-15
CVE-2010-0188 ET EXPLOIT_KIT Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request
ET EXPLOIT_KIT Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request
Rule: alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request"; flow:established,to_server; urilen:8; http.uri; pcre:"/\x2F[0-9]{3}\.pdf$/"; http.request_line; content:".pdf HTTP/1."; fast_pattern; reference:url,blogs.mcafee.com/mcafee-labs/red-kit-an-emerging-exploit-pack; reference:cve,2010-0188; classtype:exploit-kit; sid:2016210; rev:4; metadata:created_at 2013_01_15, cve CVE_2010_0188, performance_impact Moderate, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_07;)
No public exploits indexed.
2024-06-11
Published