The CVE-2024-2658 vulnerability was discovered in 2024 within the FlexNet Publisher component of the Schneider Electric Floating License Manager. This software handles license management across various Schneider Electric products used for comprehensive industrial automation ranging from PLC programming to centralized control room implementation.
This vulnerability is a CWE-427: Uncontrolled Search Path Element issue. It stems from a system application referencing an OpenSSL configuration file at a hardcoded path without proper access controls.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hack the Air Force 2.0 uncovers over 100 vulnerabilities
February 15, 2018
The second Hack the Air Force bug bounty challenge, Hack the Air Force 2.0, has resulted in 106 vulnerabilities being reported and fixed. On Thursday, bug bounty platform HackerOne revealed that the 20-day competition to find vulnerabilities in federal systems resulted in $103,883 in payouts, bringing the total amount of financial rewards to over $233,000 to date. Hackers from ...
- A Single-Character Message Can Crash Any Apple iPhone, iPad Or Mac
February 15, 2018
Only a single character can crash your iPhone and block access to the Messaging app in iOS as well as popular apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail. First spotted by Italian Blog Mobile World, a potentially new severe bug affects not only iPhones but also a wide range of Apple devices, including iPads, Macs ...
- Reported Critical Vulnerabilities In Microsoft Software On the Rise
February 15, 2018
The number of reported vulnerabilities in Microsoft software has mounted from 325 in 2013 to 685 last year, a rise of 111 percent, according to new research. Moreover, there has also been a 54 percent increase in critical Microsoft vulnerabilities since 2016, researchers at Avecto said in their report, which is based on data from Microsoft’s Security ...
- Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit
January 31, 2018
2017 was the year of high profile data breaches and ransomware attacks, but from the beginning of this year, we are noticing a faster-paced shift in the cyber threat landscape, as cryptocurrency-related malware is becoming a popular and profitable choice of cyber criminals. Several cybersecurity firms are reporting of new cryptocurrency mining viruses that are being ...
- Cisco Patches Critical VPN Vulnerability
January 30, 2018
Cisco Systems released a patch Monday to fix a critical security vulnerability in its Secure Sockets Layer VPN solution called Adaptive Security Appliance. The vulnerability, according to a Cisco Security Advisory, could allow an unauthenticated and remote attacker to execute remote code on affected devices. The vulnerability impacts nearly a dozen Cisco products ranging from 3000 Series ...
- Ploutus.D Malware Variant Used in U.S.-based ATM Jackpotting Attacks
January 29, 2018
The United States Secret Service issued a warning on Friday to financial institutions citing “credible information” about “planned” attacks against U.S. cash machines using malware that can quickly drain ATM machines dry of cash. The warning came a day after ATM maker Diebold Nixdorf also warned its customers of “potential” ATM Jackpotting attacks moving from Mexico to the U.S. But journalist Brian ...