The CVE-2024-2658 vulnerability was discovered in 2024 within the FlexNet Publisher component of the Schneider Electric Floating License Manager. This software handles license management across various Schneider Electric products used for comprehensive industrial automation ranging from PLC programming to centralized control room implementation.
This vulnerability is a CWE-427: Uncontrolled Search Path Element issue. It stems from a system application referencing an OpenSSL configuration file at a hardcoded path without proper access controls.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Bluetooth LE devices impacted by SweynTooth vulnerabilities
February 15, 2020
A team of academics from Singapore has published this week a research paper detailing a collection of vulnerabilities named SweynTooth that impact devices running the Bluetooth Low Energy (BLE) protocol. More specifically, the SweynTooth vulnerabilities impact the software development kits (SDKs) responsible for supporting BLE communications. Read more… Source: ZDNet
- An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)
February 13, 2020
The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601, a vulnerability discovered by the United States’ National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of the CryptoAPI system. Dubbed CurveBall or “Chain of Fools,” an attacker exploiting this vulnerability could potentially create ...
- Researchers Use Smart Light Bulbs to Infiltrate Networks
February 6, 2020
Researchers successfully infiltrated networks through a vulnerability in Philips Hue light bulbs. The CVE-2020-6007 vulnerability, which involves the ZigBee communication protocol, can be abused to remotely install malicious firmware in smart light bulbs and spread malware to other internet-of-things (IoT) devices. To make the discovery, Check Point researchers built on earlier studies that showed how to control smart light bulbs. The new finding focused ...
- Only three of the Top 100 international airports pass basic security checks
February 3, 2020
Only three of the world’s Top 100 international airports pass basic security checks, according to a report published last week by cyber-security firm ImmuniWeb. The three are the Amsterdam Schiphol Airport in the Netherlands, the Helsinki Vantaa Airport in Finland, and the Dublin International Airport in Ireland. According to ImmuniWeb, these three “may serve a laudable example not just to the ...
- Matters of Life and Death: Cyber Security and Medical Devices
February 3, 2020
Concerns about the vulnerabilities of medical devices to cyber attacks are spurring a new focus on the need to protect patient safety, data and hospital systems It’s a scenario right out of a Hollywood blockbuster. Without a word of warning, medical devices regulating everything from heartbeat to insulin levels across a hospital system begin behaving erratically ...
- Google, Mozilla Crack Down on Malicious Extensions and Add-ons
January 28, 2020
Browser security takes a hit as Google and Mozilla discontinue a large number of browser extensions and add-ons due to malicious activity. The Google security team has temporarily disallowed the publishing or updating of paid extensions that use the Chrome Web Store payments. This is due to an influx of fraudulent transactions performed via the said extensions. The suspension ...