A security researcher discovered that the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules.
Multiple vulnerabilities have been identified in PHOENIX CONTACT AXC F 2152 with firmware versions 1.x
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre- authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
See details on Microsoft's advisories:
CVE-2019-0708 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708)
CVE-2019-1181 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181)
CVE-2019-1182 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182)
Update A, 07.10.2019
Miele XGW 3000 is a ZigBee-TCP/IP gateway. The gateway connects Miele ZigBee-Appliances (called Miele@home) with local customer TCP/IP-Network and allows visualizing the appliance state on the web interface of the gateway, Miele SuperVision capable appliance, smartphone/tablet app or home automatization device.
An external security researcher reported two vulnerabilities in XGW 3000 gateway and provided a Proof-of-Concept. The combined exploitation of both vulnerabilities allow the circumvention of the authentication mechanisms of the XGW3000.
The Miele PSIRT managed to reproduce the findings and successfully exploited the gateway. Therefore, the existence of all vulnerabilities has been confirmed.
A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack.
After login the source IP is used as the session identifier, so that users sharing the same source IP are able to gain full authenticated access to the WEB-UI.
The access attempt will only be successful if the former authorized session has not been terminated by the authorized user or by session timeout.
Multiple security issues and vulnerabilities within the WPA2 standard have been identified and publicized by Mr. Mathy Vanhoef of KU Leuven. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point (AP). In consequence, an attacker could establish a man-in-the-middle position between AP and client facilitating packet decryption and injection.
The Field Xpert SFX370 and SFX350 handhelds are manufactured by Pepperl+Fuchs/ecom instruments for Endress+Hauser.
The Advisory for Pepperl+Fuchs/ecom instruments can be found here: VDE-2017-005
A collection of Bluetooth attack vectors were discovered and related vulnerabilities known as "BlueBorne" were disclosed. These vulnerabilities collectively endanger amongst others Windows, Linux and mobile operating systems like Android or IOS. An unauthenticated attacker may take control of devices and perform commands or access sensitive data.