Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Supervision and Verification in Vulnerability Management

Published: 2023-06-15

Last Updated: 2023-06-15 03:57:00 UTC

by Yee Ching Tok (Version: 1)

Managing vulnerabilities in operating systems and software can be challenging and even contentious. Opinions are divided among industry peers – some argue that security updates would be unnecessary if developers were held accountable for security vulnerabilities. In contrast, others assert that updating systems as soon as possible (where applicable) was a critical best practice for users. Most clients in my consulting job adopt some form of vulnerability management paradigm (quarterly vulnerability assessments and addressing discovered vulnerabilities to automated vulnerability management programs where identified vulnerabilities are addressed as soon as possible). I noticed some peculiarities while providing consultancy services to a discerning customer's automated vulnerability management program. The automated vulnerability management product will not be discussed here as it is neither the main focal point nor a debate on whether the product is trustworthy. Instead, it was serendipitous and stemmed from just a simple drive to appropriately mitigate identified vulnerabilities in all systems. Together with the client's management support, we worked together to address the vulnerability in question while ensuring it was fully mitigated.

It all started when a new low-risk vulnerability was identified – the Adobe Acrobat Reader software installed on the client's assets (a Windows enterprise environment with a heavy majority of Windows 10 Version 22H2 clients) were identified to have JavaScript enabled. Typically, there is no business need for JavaScript to be enabled in Adobe Reader, especially if users only need to view documents and occasionally fill in simple form fields. As such, the vulnerability management tool advised that JavaScript be disabled and even provided steps to do so. In this case, the recommended action was to set the registry key HKLM\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\bDisableJavaScript to the REG_DWORD value of 1. The change management team approved the configuration change, and the system administrator was tasked to implement the hardening configuration.

Read the full entry: https://isc.sans.edu/diary/Supervision+and+Verification+in+Vulnerability+Management/29952/

Malicious Code Can Be Anywhere

Published: 2023-06-20

Last Updated: 2023-06-20 07:42:18 UTC

by Xavier Mertens (Version: 1)

My Python hunting rules reported some interesting/suspicious files. The files are named with a “.ma” extension. Some of them have very low VT scores. For example, the one with a SHA256 dc16115d165a8692e6f3186afd28694ddf2efe7fd3e673bd90690f2ae7d59136 has a score of 15/59.

The “.ma” extension refers to animation projects created by Autodesk Maya, a 3D modeling and animation program[1]. The files are typically ASCI files that describe the 3D scenes. I’ve absolutely, zero-knowledge of 3D software but after some Google searches, it seems that Maya supports Python![2]. Like the documentation says:

“Python scripting can be used for many tasks in Maya, from running simple commands to developing plug-ins, and several different Maya-related libraries are available targeting different tasks.”

What could go wrong? If attackers (ab)use VBA macros in Microsoft Office, why not (ab)use Python in Maya? I found a reference to this type of malware back in 2020 when people discovered some “strange behaviors” in .ma files.

Read the full entry: https://isc.sans.edu/diary/Malicious+Code+Can+Be+Anywhere/29964/

Analyzing a YouTube Sponsorship Phishing Mail and Malware Targeting Content Creators

Published: 2023-06-21

Last Updated: 2023-06-21 00:02:43 UTC

by Yee Ching Tok (Version: 1)

One of our Stormcast listeners, Kevin, wrote in to share that his friend Jon had received a direct spear-phishing e-mail. We requested for more information, and Jon kindly provided us with the corresponding e-mails and data to analyze. The spear-phishing e-mail sent to Jon masqueraded as an individual representing NordVPN (note: NordVPN had published an advisory about scammers posing as NordVPN representatives earlier this year) and enquired about the possibility of a YouTube sponsorship/collaboration with his YouTube channel. I took the liberty to examine the phishing e-mail and its associated artifacts, noting the details I observed from my analysis.

I first examined the e-mail headers, noting the observation of the mail.ru header in the X-Mailer field. (with reference to Figure 1). The e-mail address that the adversary used was collaboration@nordvpn-media[.]com, which had a very close domain name to the original domain name (nordvpnmedia[.]com) that NordVPN had stated to be genuine.

Read the full entry: https://isc.sans.edu/diary/Analyzing+a+YouTube+Sponsorship+Phishing+Mail+and+Malware+Targeting+Content+Creators/29966/

Internet Storm Center Entries


Malware Delivered Through .inf File (2023.06.19)

https://isc.sans.edu/diary/Malware+Delivered+Through+inf+File/29960/

Brute-Force ZIP Password Cracking with zipdump.py (2023.06.18)

https://isc.sans.edu/diary/BruteForce+ZIP+Password+Cracking+with+zipdumppy/29948/

Formbook from Possible ModiLoader (DBatLoader) (2023.06.17)

https://isc.sans.edu/diary/Formbook+from+Possible+ModiLoader+DBatLoader/29958/

Another RAT Delivered Through VBS (2023.06.16)

https://isc.sans.edu/diary/Another+RAT+Delivered+Through+VBS/29956/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.



CVE-2023-27997 - FortiOS and FortiProxy versions 7.2.4 and below, 7.0.11 and below, 6.4.12 and below, 6.0.16 and below may allow remote execution of arbitrary code via crafted requests.

Product: Fortinet FortiOS and FortiProxy

CVSS Score: 9.8

** KEV since 2023-06-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27997

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8534

NVD References: https://fortiguard.com/psirt/FG-IR-23-097




CVE-2017-11882 - Microsoft Office memory corruption vulnerability

Product: Microsoft Office 2016

CVSS Score: 0

** KEV since 2021-11-03 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-11882

ISC Diary: https://isc.sans.edu/diary/29958




CVE-2023-32019 - Windows Kernel Information Disclosure Vulnerability

Product: Microsoft Windows Kernel

CVSS Score: 4.7

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32019

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8540

MSFT References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32019




CVE-2023-35034 - Atos Unify OpenScape 4000 Assistant and Manager allow unauthenticated remote code execution.

Product: Atos Unify Openscape 4000 Assistant

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35034

NVD References: 

- https://networks.unify.com/security/advisories/OBSO-2305-01.pdf

- https://www.news.de/technik/856882353/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/




CVE-2023-35036 - MOVEit Transfer versions before 2023.0.2 are vulnerable to SQL injection attacks.

Product: Progress MOVEit Transfer

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35036

NVD References: 

- https://archive.is/58ty7

- https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-CVE-2023-35036-June-9-2023




CVE-2023-26133 - All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend() in the file utils.js. 

Product: Progressbar.Js Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26133

NVD References: https://security.snyk.io/vuln/SNYK-JS-PROGRESSBARJS-3184152




CVE-2023-34581 - Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2

Product: Service Provider Management System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34581

NVD References: 

- https://github.com/ashikkunjumon/cve-reports/blob/main/README.md

- https://packetstormsecurity.com/files/172559/Service-Provider-Management-System-1.0-SQL-Injection.html

- https://vulners.com/packetstorm/PACKETSTORM:172559

- https://www.exploit-db.com/exploits/51482




CVE-2022-36331 -  The Western Digital My Cloud and SanDisk ibi devices had an impersonation vulnerability that could expose user data.

Product: Western Digital My Cloud

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-36331

NVD References: https://https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update




CVE-2023-1897 - Atlas Copco Power Focus 6000 web server stores login info in an insecure way, enabling attackers with computer access to steal controller credentials.

CVE-2023-1898 - Atlas Copco Power Focus 6000 web server allows attackers to retrieve data from an active user's session using session ID numbers.

CVE-2023-1899 - Atlas Copco Power Focus 6000 web server allows an attacker to gain sensitive information through unsecured network traffic.

Product: Atlas Copco Power Focus 6000

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1897

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1898

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1899

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01




CVE-2023-33625 - D-Link DIR-600 (B5, 2.18) suffers from a command injection flaw through the ST parameter in lxmldbc_system().

Product: D-Link DIR-600

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33625

NVD References:

- https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md

- https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection

- https://hackmd.io/@naihsin/By2datZD2

- https://www.dlink.com/en/security-bulletin/




CVE-2023-33626 - D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary.

Product: D-Link DIR-600

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33626

NVD References: https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md

NVD References: https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow

NVD References: https://www.dlink.com/en/security-bulletin/




CVE-2023-2278 - The WP Directory Kit plugin for WordPress up to version 1.1.9 is vulnerable to Local File Inclusion via 'wdk_public_action', allowing unauthenticated attackers to execute arbitrary PHP code on the server.

Product: WP Directory Kit plugin for WordPress

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2278

NVD References: 

- https://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.1.8/vendor/Winter_MVC/core/mvc_loader.php#L91

- https://plugins.trac.wordpress.org/changeset/2904689/wpdirectorykit/trunk/vendor/Winter_MVC/core/mvc_loader.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/87399a07-d2d8-42cd-81f0-9060f6cfff48?source=cve




CVE-2023-25910 - SIMATIC PCS 7, SIMATIC S7-PM, and SIMATIC STEP 7 V5 versions prior to V5.7 allow remote users to execute code with elevated privileges in the database management system's server.

Product: Siemens SIMATIC PCS 7, SIMATIC S7-PM, SIMATIC STEP 7 V5

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25910

NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-968170.pdf




CVE-2023-26204 - FortiSIEM allows an attacker with access to user DB content to impersonate an admin user via plaintext password storage.

Product: Fortinet Fortisiem

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26204

NVD References: https://fortiguard.com/psirt/FG-IR-21-141




CVE-2023-29129 - Mendix SAML versions 1.16.4 to 1.18.0 and versions 2.2.0 to 2.4.0, and versions 3.1.8 to 3.6.1, have an insufficient verification of SAML assertions vulnerability that allows unauthenticated remote attackers to bypass authentication and access the application.

Product: Mendix SAML

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29129

NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-851884.pdf




CVE-2023-3047 - TMT Lockcell before 15 allows SQL Injection due to improper neutralization of special elements in an SQL command.

CVE-2023-3049 - TMT Lockcell before 15 allows Command Injection due to unrestricted upload of file with dangerous type vulnerability.

CVE-2023-3050 - Lockcell before 15 relies on cookies without validation and integrity checking, allowing for privilege abuse and authentication bypass.

Product: TMT Lockcell

CVSS Score: 9.8 - 10.0

NVD: 

- https://nvd.nist.gov/vuln/detail/CVE-2023-3047

- https://nvd.nist.gov/vuln/detail/CVE-2023-3049

- https://nvd.nist.gov/vuln/detail/CVE-2023-3050

NVD References: 

- https://fordefence.com/cve-2023-3047-tmt-lockcell-sql-injection/

- https://fordefence.com/cve-2023-3049-unrestricted-upload-of-file-with-dangerous-type-vulnerability-allows-command-injection/

- https://fordefence.com/cve-2023-3050-reliance-on-cookies-without-validation-and-integrity-checking-in-a-security-decision-vulnerability-in-tmt-lockcell-allows-privilege-abuse-authentication-bypass/

- https://www.usom.gov.tr/bildirim/tr-23-0345




CVE-2023-35064 - Satos Mobile before 20230607 is vulnerable to SQL Injection through SOAP Parameter Tampering.

Product: Satos Mobile

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35064

NVD References: https://https://www.usom.gov.tr/bildirim/tr-23-0346




CVE-2023-34249 - PyBB is vulnerable to SQL Injection prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, but has since been fixed; a manual update or sanitization of user queries can be used as a workaround.

Product: benjjvi PyBB

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34249

NVD References: 

- https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2

- https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg




CVE-2022-43684 - ServiceNow has an ACL bypass issue that could allow an authenticated user to obtain sensitive information from tables missing authorization controls.

Product: ServiceNow Core functionality

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-43684

NVD References: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489




CVE-2023-29357 - Microsoft SharePoint Server Elevation of Privilege Vulnerability

Product: Microsoft SharePoint Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29357

MSFT References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357




CVE-2023-29363, CVE-2023-32014, CVE-2023-32015 - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerabilities

Product: Microsoft Windows

CVSS Score: 9.8

NVD: 

- https://nvd.nist.gov/vuln/detail/CVE-2023-29363

- https://nvd.nist.gov/vuln/detail/CVE-2023-32014

- https://nvd.nist.gov/vuln/detail/CVE-2023-32015

MSFT References: 

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29363

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32014

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32015




CVE-2023-34750 - bloofox v0.5.2.1 was discovered to contain an SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.

Product: bloofoxCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34750

NVD References: https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability




CVE-2023-34751 - bloofox v0.5.2.1 was discovered to contain an SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.

Product: bloofoxCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34751

NVD References: https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability




CVE-2023-34752 - bloofox v0.5.2.1 was discovered to contain an SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.

Product: bloofoxCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34752

NVD References: 

- http://bloofoxcms.com

- https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability

- https://www.bloofox.com/




CVE-2023-34753 - bloofox v0.5.2.1 was discovered to contain an SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.

Product: bloofoxCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34753

NVD References: https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability




CVE-2023-34754 - bloofox v0.5.2.1 was discovered to contain an SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.

Product: bloofoxCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34754

NVD References: https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability




CVE-2023-34755 - bloofox v0.5.2.1 was discovered to contain an SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.

Product: bloofoxCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34755

NVD References: https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability




CVE-2023-34756 - bloofox v0.5.2.1 was discovered to contain an SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.

Product: bloofoxCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34756

NVD References: https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability




CVE-2023-34095 -  Cpdb-libs is vulnerable to buffer overflows due to improper use of `scanf(3)` which can be remedied through a patch.

Product: CPDB-libs Common Printing Dialog Backends (CPDB)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34095

NVD References: 

- http://www.openwall.com/lists/oss-security/2023/06/14/7

- https://github.com/OpenPrinting/cpdb-libs/blob/85555fba64d34f53a2fce099b0488904cc48ed35/cpdb/cpdb-frontend.c#L372

- https://github.com/OpenPrinting/cpdb-libs/blob/85555fba64d34f53a2fce099b0488904cc48ed35/tools/cpdb-text-frontend.c#L362

- https://github.com/OpenPrinting/cpdb-libs/blob/85555fba64d34f53a2fce099b0488904cc48ed35/tools/cpdb-text-frontend.c#L453

- https://github.com/OpenPrinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7

- https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x




CVE-2023-34251 - Grav is vulnerable to server-side template injection, allowing remote code execution through embedding malicious PHP code on the administrator screen by a user with page editing privileges in versions prior to 1.7.42.

Product: Grav Content Management System

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34251

NVD References: 

- https://github.com/getgrav/grav/blob/develop/system/src/Grav/Common/Twig/Extension/GravExtension.php#L174

- https://github.com/getgrav/grav/commit/9d01140a63c77075ef09b26ef57cf186138151a5

- https://github.com/getgrav/grav/security/advisories/GHSA-f9jf-4cp4-4fq5




CVE-2023-29297 - Adobe Commerce is vulnerable to arbitrary code execution by an authenticated attacker due to Improper Neutralization of Special Elements Used in a Template Engine.

Product: Adobe Commerce

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29297

NVD References: https://helpx.adobe.com/security/products/magento/apsb23-35.html




CVE-2023-2686 - Silicon Labs Gecko SDK v4.2.3 and earlier versions are vulnerable to a buffer overflow in Wi-Fi Commissioning MicriumOS example, allowing a connected device to write a payload onto the stack.

Product: Silicon Labs Gecko SDK

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2686

NVD References: 

- https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1

- https://github.com/SiliconLabs/gecko_sdk/releases




CVE-2023-32752 - L7 Networks' InstantScan IS-8000 & InstantQoS IQ-8000 allows unauthenticated remote attackers to upload and run arbitrary executable files, leading to arbitrary system commands or service disruption, due to a lack of restriction on dangerous file types.

Product: L7 Networks InstantScan IS-8000 and InstantQoS IQ-8000

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32752

NVD References: https://www.twcert.org.tw/en/cp-139-7189-5995e-2.html




CVE-2023-32753 - OMICARD EDM allows an unauthenticated remote attacker to upload and execute arbitrary files, compromising the system and disrupting service.

Product: OMICARD EDM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32753

NVD References: https://www.twcert.org.tw/en/cp-139-7190-d73c1-2.html




CVE-2023-32754 - Thinking Software Efence login function allows unauthorized remote SQL injection.

Product: Thinking Software Efence

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32754

NVD References: https://www.twcert.org.tw/tw/cp-132-7161-3e7c9-1.html




CVE-2023-34157 - Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.

Product: HUAWEI HwWatchHealth

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34157

NVD References: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202306-0000001560777672




CVE-2023-27992 - Zyxel NAS326, NAS540, and NAS542 firmware versions prior to a certain update allow remote attackers to execute OS commands through a crafted HTTP request.

Product: Zyxel NAS326/NAS540/NAS542

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27992

NVD References: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products




CVE-2023-2907 - Marksoft is vulnerable to SQL Injection through Mobile:v.7.1.7, Login:1.4, and API:20230605.

Product: Marksoft Mobile

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2907

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0363




CVE-2023-31410 - SICK EventCam App allows remote attackers to intercept communication and disclose sensitive information due to the absence of TLS, allowing for eavesdropping and potential data manipulation.

CVE-2023-31411 - EventCam App allows remote unprivileged attackers to access and modify configuration settings due to absence of API authentication, potentially compromising its functionality.

Product: SICK EventCam App

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31410

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31411

NVD References: 

- https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.json

- https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf

- https://sick.com/psirt