The CVE-2024-2658 vulnerability was discovered in 2024 within the FlexNet Publisher component of the Schneider Electric Floating License Manager. This software handles license management across various Schneider Electric products used for comprehensive industrial automation ranging from PLC programming to centralized control room implementation.
This vulnerability is a CWE-427: Uncontrolled Search Path Element issue. It stems from a system application referencing an OpenSSL configuration file at a hardcoded path without proper access controls.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Wormable, Unpatched Microsoft Bug Threatens Corporate LANs
March 11, 2020
Microsoft is warning on a wormable, unpatched remote code-execution vulnerability in the Microsoft Server Message Block protocol – the same protocol that was targeted by the infamous WannaCry ransomware in 2017. The critical bug (CVE-2020-0796) affects Windows 10 and Windows Server 2019, and was not included in Microsoft’s Patch Tuesday release this week. The bug can be found in ...
- Modern RAM used for computers, smartphones still vulnerable to Rowhammer attacks
March 11, 2020
According to new research published today, modern RAM cards are still vulnerable to Rowhammer attacks despite extensive mitigations that have been deployed by manufacturers over the past six years. These mitigations, collectively referred to as Target Row Refresh (TRR), are a combination of software and hardware fixes that have been slowly added to the design of ...
- Avast disables JavaScript engine in its antivirus following major bug
March 11, 2020
Czech antivirus maker Avast has taken the extreme step of disabling a major component of its antivirus product after a security researcher found a dangerous vulnerability that put all of the company’s users at risk. The security flaw was found in Avast’s JavaScript engine, an internal component of the Avast antivirus that analyzes JavaScript code for ...
- Critical Bugs in Rockwell, Johnson Controls ICS Gear
March 10, 2020
Security vulnerabilities that require very little skill to exploit have been discovered in industrial control systems (ICS) gear from Rockwell Automation and Johnson Controls, which anchor a flurry of bug disclosures impacting critical infrastructure. First, a set of critical vulnerabilities in Rockwell Automation gear affect MicroLogix 1400 Controllers, MicroLogix 1100 Controllers and RSLogix 500 Software. The ...
- Zoho zero-day published on Twitter
March 6, 2020
A security researcher published yesterday details on Twitter about a zero-day vulnerability in a Zoho enterprise product. Cyber-security experts who have reviewed the vulnerability have told ZDNet that the zero-day could spell trouble for companies around the world, as it could be an entry point for ransomware gangs to infect corporate networks and ransom their data. The vulnerability impacts ...
- BlueKeep Flaw Plagues Outdated Connected Medical Devices
February 19, 2020
While Microsoft issued patches for the infamous BlueKeep vulnerability almost a year ago, researchers warn that almost half of connected medical devices in hospitals run on outdated Windows versions that are still vulnerable to the remote desktop protocol (RDP) flaw. Researchers said they found that 22 percent of a typical hospital’s Windows devices were vulnerable to BlueKeep. Even ...