The CVE-2024-2658 vulnerability was discovered in 2024 within the FlexNet Publisher component of the Schneider Electric Floating License Manager. This software handles license management across various Schneider Electric products used for comprehensive industrial automation ranging from PLC programming to centralized control room implementation.
This vulnerability is a CWE-427: Uncontrolled Search Path Element issue. It stems from a system application referencing an OpenSSL configuration file at a hardcoded path without proper access controls.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 0-Days Found in iPhone X, Samsung Galaxy S9, Xiaomi Mi6 Phones
November 15, 2018
At Pwn2Own 2018 mobile hacking competition held in Tokyo on November 13-14, white hat hackers once again demonstrated that even the fully patched smartphones running the latest version of software from popular smartphone manufacturers can be hacked. Three major flagship smartphones—iPhone X, Samsung Galaxy S9, and Xiaomi Mi6—were among the devices that successfully got hacked at ...
- Siemens Patches Firewall Flaw That Put Operations at Risk
November 14, 2018
The industrial company on Tuesday released mitigations for eight vulnerabilities overall. Siemens AG on Tuesday issued a slew of fixes addressing eight vulnerabilities spanning its industrial product lines. The most serious of the patched flaws include a cross-site scripting vulnerability in Siemens’ SCALANCE firewall product. The flaw could allow an attacker to gain unauthorized access to ...
- Microsoft patches Windows zero-day used by multiple cyber-espionage groups
November 13, 2018
Microsoft released today its monthly roll-up of security patches known as Patch Tuesday. This month, the Redmond-based company has fixed 62 security flaws. Among the 62 fixes, there is also a fix for a zero-day vulnerability that was under active exploitation before today’s patches were made available. The zero-day, tracked as CVE-2018-8589, impacts the Windows Win32k component. Microsoft ...
- Cisco Accidentally Released Dirty Cow Exploit Code in Software
November 8, 2018
Cisco revealed that it had “inadvertently” shipped an in-house exploit code that was used in test scripts as part of its TelePresence Video Communication Server and Expressway Series software. Cisco Systems revealed in a security bulletin Wednesday that it “inadvertently” shipped in-house exploit code that was used in security tests of scripts as part of its ...
- IoT security: Why it will get worse before it gets better
November 7, 2018
There are billions of connected devices in use around the world, in our homes, our offices, even inside our bodies as medical devices are connected to an ever-growing internet of things (IoT). Vendors rush to add to the range of devices available, with many looking to gain a hold in the market as quickly as possible, delivering ...
- Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw
November 7, 2018
A sophisticated proxy code has infected hundreds of thousands of devices already. A fresh botnet is spreading across the landscape, targeting router equipment. So far, hundreds of thousands of bot endpoints have already been identified, and they’re apparently being marshaled to send out massive amounts of spam. The botnet first emerged in September, according to 360Netlab telemetry, ...