The CVE-2024-2658 vulnerability was discovered in 2024 within the FlexNet Publisher component of the Schneider Electric Floating License Manager. This software handles license management across various Schneider Electric products used for comprehensive industrial automation ranging from PLC programming to centralized control room implementation.
This vulnerability is a CWE-427: Uncontrolled Search Path Element issue. It stems from a system application referencing an OpenSSL configuration file at a hardcoded path without proper access controls.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack
September 11, 2019
Researchers have identified a new side-channel attack impacting all modern Intel server processors made since 2012. The vulnerability could allow bad actors to sniff out encrypted passwords as they are being typed into a secure shell session (SSH); but, luckily, such an attack would be difficult to launch. The attack, disclosed on Tuesday and dubbed NetCAT (short for Network Cache ...
- Microsoft patches two zero-days in massive September 2019 Patch Tuesday
September 10, 2019
Microsoft has published today 80 security fixes across 15 products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday. Of the 80 vulnerabilities patched today, two are so-called zero-days — security flaws that had been exploited in the wild before Microsoft released fixes. The two zero-days are CVE-2019-1214 and CVE-2019-1215. Both are ...
- Uncovering IoT Threats in the Cybercrime Underground
September 10, 2019
Amid the growth of the internet of things (IoT), manufacturers and integrators are testing the limits of how the technology can be applied, as seen in how new forms of connected devices are hitting the market. Some applications play critical roles in industries while others provide more convenience for consumers. The wide spectrum of IoT ...
- Critical Exim Flaw Opens Millions of Servers to Takeover
September 9, 2019
Researchers are urging users to upgrade their Exim servers immediately after millions of servers were found to be vulnerable to a critical flaw that could allow a remote, unauthenticated attacker to take full control of them. Exim, which is free software used on Unix-like operating systems (including Linux or Mac OSX) serves as a mail transfer ...
- ‘USBAnywhere’ Bugs Open Supermicro Servers to Remote Attackers
September 3, 2019
Trivial-to-exploit authentication flaws can give an unsophisticated remote attacker ‘omnipotent’ control over a server and its contents. Authentication vulnerabilities in the baseboard management controllers (BMCs) of Supermicro X9-X11 servers have been discovered that allow a remote attacker to easily connect to a server and mount any virtual USB device of their choosing. The bugs, collectively dubbed USBAnywhere, ...
- Android Zero-Days Now Worth More Than iPhone Exploits
September 3, 2019
Exploit broker Zerodium has implemented a $2.5 million price tag for a zero-click 0-day in Android. An Android zero-day exploit is now worth more than one for the iPhone on the global cyberweapons market. Exploit acquisition vendor Zerodium said Tuesday that it is willing to pay a whopping $2.5 million for a zero-click Android zero-day with persistence. ...