The CVE-2024-2658 vulnerability was discovered in 2024 within the FlexNet Publisher component of the Schneider Electric Floating License Manager. This software handles license management across various Schneider Electric products used for comprehensive industrial automation ranging from PLC programming to centralized control room implementation.
This vulnerability is a CWE-427: Uncontrolled Search Path Element issue. It stems from a system application referencing an OpenSSL configuration file at a hardcoded path without proper access controls.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ripple20 vulnerabilities will haunt the IoT landscape for years to come
June 16, 2020
Cyber-security experts have revealed today 19 vulnerabilities in a small library designed in the 90s that has been widely used and integrated into countless of enterprise and consumer-grade products over the last 20+ years. The number if impacted products is estimated at “hundreds of millions” and includes products such as smart home devices, power grid equipment, ...
- Black Kingdom ransomware hacks networks with Pulse VPN flaws
June 13, 2020
Operators of Black Kingdom ransomware are targeting enterprises with unpatched Pulse Secure VPN software or initial access on the network, security researchers have found. The malware got caught in a honeypot, allowing researchers to analyze and document the tactics used by the threat actors. They’re exploiting CVE-2019-11510, a critical vulnerability affecting earlier versions of Pulse Secure VPN ...
- 6 New Vulnerabilities Found on D-Link Home Routers
June 12, 2020
On February 28, 2020, Palo Alto Networks’ Unit 42 researchers discovered six new vulnerabilities in D-Link wireless cloud routers running their latest firmware. The vulnerabilities were found in the DIR-865L model of D-Link routers, which is meant for home network use. The current trend towards working from home increases the likelihood of malicious attacks against home ...
- Cisco’s warning: Critical flaw in IOS routers allows ‘complete system compromise’
June 4, 2020
Cisco has disclosed four critical security flaws affecting router equipment that uses its IOS XE and IOS software. The four critical flaws are part of Cisco’s June 3 semi-annual advisory bundle for IOS XE and IOS networking software, which includes 23 advisories describing 25 vulnerabilities. The 9.8 out of 10 severity bug, CVE-2020-3227, concerns the authorization controls for the ...
- Severe Cisco DoS Flaw Can Cripple Nexus Switches
June 2, 2020
Cisco has patched a high-severity flaw in its NX-OS software, the network operating system used by Cisco’s Nexus-series Ethernet switches. If exploited, the vulnerability could allow an unauthenticated, remote attacker to bypass the input access control lists (ACLs) configured on affected Nexus switches – and launch a denial of service (DoS) attacks on the devices. “A successful ...
- New cold boot attack affects seven years of LG Android smartphones
June 2, 2020
South Korean phone manufacturer LG has released a security update last month to fix a vulnerability that impacts its Android smartphones sold over the past seven years. The vulnerability, tracked under the identifier of CVE-2020-12753, impacts the bootloader component that ships with LG smartphones. Separate from the Android OS, the bootloader is a piece of firmware specific ...