Control System
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory:
Cisco Wireless Control System Conversion Utility Adds Default Password
Advisory ID: cisco-sa-20071010-wcs
http://www.cisco.com/warp/public/707/cisco-sa-20071010-wcs.shtml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Secure Access Control System Unauthorized
Password Change Vulnerability
Advisory ID: cisco-sa-20110330-acs
Revision 1.0
affected.
* Cisco TelePresence Video Communication Server (Cisco TelePresence
VCS)
* Cisco Video Surveillance Manager (VSM)
* Cisco Video Surveillance Operations Manager (VSOM)
* Cisco Wireless Control System (WCS)
Products Confirmed Not Vulnerable
+--------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so
Vulnerability
Advisory ID: cisco-sa-20080130-wcs
http://www.cisco.com/warp/public/707/cisco-sa-20080130-wcs.shtml
Product Name: Cisco Wireless Control System
Vendor: http://www.cisco.com
Date: 4 August, 2010
Author: tom@tomneaves.com <tom@tomneaves.com>
Original URL: http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt
Discovered: 8 July, 2010
Disclosed: 4 August, 2010
I. DESCRIPTION
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: SQL Injection Vulnerability in Cisco
Wireless Control System
Advisory ID: cisco-sa-20100811-wcs
Revision 1.0
Debian-specific: no
CVE Id(s) : CVE-2010-2542
Debian bug : 595728 590026
The Debian stable point release 5.0.6 included updated packages of
the Git revision control system in order to fix a security issue.
Unfortunately, the update introduced a regression which could make
it impossible to clone or create git repositories. This upgrade
fixes this regression, which is tracked as Debian bug #595728.
The original security issue allowed an attacker to execute arbitrary
arbitrary commands.
Background
==========
GIT - the stupid content tracker, the revision control system used by
the Linux kernel team.
Affected packages
=================
***
Industry Gold Sponsor: Deutsche Telekom Laboratories
Industry Silver Sponsor: Frauenhofer Heinrich Hertz Institute
Technical co-sponsors:
IEEE Control System Society
International Society of Dynamic Games
In-cooperation with ACM SIGSAC
IEEE Multimedia Communication Technical Committee.
***
***
Industry Gold Sponsor: Deutsche Telekom Laboratories
Industry Silver Sponsor: Frauenhofer Heinrich Hertz Institute
Technical co-sponsors:
IEEE Control System Society
International Society of Dynamic Games
In-cooperation with ACM SIGSAC
***
GameSec 2010, the inaugural Conference on Decision and Game Theory for
***
Industry Gold Sponsor: Deutsche Telekom Laboratories
Industry Silver Sponsor: Frauenhofer Heinrich Hertz Institute
Technical co-sponsors:
IEEE Control System Society
Internatational Society of Dynamic Games
***
GameSec 2010, the inaugural Conference on Decision and Game Theory for
Security
***
Industry Gold Sponsor: Deutsche Telekom Laboratories
Industry Silver Sponsor: Frauenhofer Heinrich Hertz Institute
Technical co-sponsors:
IEEE Control System Society
International Society of Dynamic Games
In-cooperation with ACM SIGSAC
***
GameSec 2010, the inaugural Conference on Decision and Game Theory for
Debian-specific: no
CVE Id(s) : CVE-2008-3546
Debian Bug : 494097
Multiple vulnerabilities have been identified in git-core, the core of
the git distributed revision control system. Improper path length
limitations in git's diff and grep functions, in combination with
maliciously crafted repositories or changes, could enable a stack
buffer overflow and potentially the execution of arbitrary code.
The Common Vulnerabilities and Exposures project identifies this
1. Gain access to confidential operational information
2. Data tampering - permanent data loss or presentation of misleading
decision support data
3. Attempt to find additional vulnerabilities in the server to carry
out the "corporate network to control center" attack vector mentioned in
C4's S4 2008 paper "Control System Attack Vectors and Examples: Field Site
and Corporate Network" (http://www.c4-security.com/index-5.html).
Affected Versions
-------------------------
PI Server - All versions
Impact
----------
An attacker can compromise the server which runs PCU400, which acts as the FEP server of the ABB SCADA system.
This vulnerability is another method to carry out the "field to control center" attack vector mentioned in C4's S4 2008 paper "Control System Attack Vectors and Examples: Field Site and Corporate Network", which will allow the attacker to control other RTUs connected to that FEP.
In addition, an attacker can use his control over the FEP server to insert a generic electric grid malware as specified in our SysScan08 presentation, in order to cause harm to the grid.
Both documents are available at http://www.c4-security.com/index-5.html .
- Aurora Nutritive Analysis Module Multiple XSS
- Description
"Aurora's FoodPro is a total food production, planning and control system that
provides start-to-finish control from raw food through production, service, and
analysis. It provides historical, as well as current and projected data, in
terms of food usage, costs, operating margins, and service."
Aurora's FoodPro has a 'Nutritive Analysis Module' that provides the capability
1. Halt the system's operation (Denial of Service)
2. Gain unauthorized access with high privileges to the system
3. Leverage these vulnerabilities to attempt to find additional
vulnerabilities in the server to carry out the "corporate network to control
center" and "field to control center" attack vectors mentioned in C4's S4
2008 paper "Control System Attack Vectors and Examples: Field Site and
Corporate Network"
<http://www.c4-security.com/SCADA%20Security%20-%20Attack%20Vectors.pdf> .
Affected Versions
-------------------------
Multiple buffer overflow vulnerabilities have been discovered in Git.
Background
==========
Git is a distributed version control system.
Affected packages
=================
-------------------------------------------------------------------
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-3315
Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn
module of subversion, a version control system, is not properly enforcing
access rules which are scope-limited to named repositories. If the
SVNPathAuthz option is set to "short_circuit" set this may enable an
unprivileged attacker to bypass intended access restrictions and disclose
or modify repository content.
Vulnerability : file permission error
Problem type : local
Debian-specific: yes
Debian Bug : 516669
Peter Palfrader discovered that in the Git revision control system,
on some architectures files under /usr/share/git-core/templates/ were
owned by a non-root user. This allows a user with that uid on the local
system to write to these files and possibly escalate their privileges.
This issue only affects the DEC Alpha and MIPS (big and little endian)
***
Industry Gold Sponsor: Deutsche Telekom Laboratories
Industry Silver Sponsor: Frauenhofer Heinrich Hertz Institute
Technical co-sponsors:
IEEE Control System Society
International Society of Dynamic Games
In-cooperation with ACM SIGSAC
***
GameSec 2010, the inaugural Conference on Decision and Game Theory for
An attacker can exploit these vulnerabilities in order to:
. Halt the system's operation (Denial of Service)
. Gain unauthorized access with high privileges to the system
. Leverage these vulnerabilities to attempt to find additional
vulnerabilities in the server to carry out the "field to field" attack
vectors mentioned in C4's S4 2008 paper "Control System Attack Vectors and
Examples: Field Site and Corporate Network"
(http://www.c4-security.com/index-5.html).
Affected Versions
-------------------------
consumption.
Background
==========
git - the stupid content tracker, the revision control system used by
the Linux kernel team.
Affected packages
=================
|
