product information
1. Upgrade to Data Protector A.06.20 or subsequent.
2. Enable encrypted control communication services on cell server and
all clients in cell.
The upgrade is available for download from
http://hp.com/go/dataprotector then under 'Product Information' click on
'Trials and Demos'.
7. *Credits*
sipherr@gmail.com wrote:
> Linksys phone adapter denial of service
>
> Product Information
> Product Name: SPA-2102 Serial Number: FM500G582390
> Software Version: 3.3.6 Hardware Version: 1.2.5(a)
>
> Another device hit with the PoD!
>
> ping -l 65500 192.168.0.1
indicated in the Software Version and Fixes Table, are affected.
To view the version of system software that is currently running on
Cisco Unified Videoconferencing 5100 Series Products, access the
Cisco UVC device via the web GUI interface. On the status screen, the
"Software Version" field below the "Product Information" section
indicates the current system software.
Details for Reported Vulnerabilities
====================================
Linksys phone adapter denial of service
Product Information
Product Name: SPA-2102 Serial Number: FM500G582390
Software Version: 3.3.6 Hardware Version: 1.2.5(a)
Another device hit with the PoD!
ping -l 65500 192.168.0.1
1. Upgrade to Data Protector A.06.20 or subsequent.
2. Enable encrypted control communication services on cell server and
all clients in cell.
The upgrade is available for download from
http://hp.com/go/dataprotector then under 'Product Information' click on
'Trials and Demos'.
7. *Credits*
Discovered by: Giuseppe `Zmax` Fuggiano
Website: http://www.giusef.net
Contact: giuseppe(dot)fuggiano(at)gmail(dot)com
Product Information
-------------------
FlatPress is an open-source standard-compliant multi-lingual
extensible blogging engine written in PHP by Edoardo Vacchi.
Website: http://www.flatpress.org
Data Protector A.06.10,
Data Protector A.06.00 /
HP-UX, Linux, Solaris, Windows / Data Protector A.06.20 or subsequent
The upgrade is available for download from http://hp.com/go/dataprotector then under 'Product Information' click on 'Trial Software'
MANUAL ACTIONS: Yes - Update
PRODUCT SPECIFIC INFORMATION
CVSS v2 Base Score: 5 (Medium) [ AV:N/AC:L/Au:N/C:P/I:N/A:N ]
Class: I think, it's a Design problem on the error messages' handling
Product Information
=======================================
The Cisco ACE XML Gateway is a key component of the Cisco Application Control
Engine (ACE) family of products. It brings application intelligence into the
network and enables efficient deployment of secure, reliable, and accelerated
Web service environments based on XML (Extensible Markup Language) and SOAP
HP has provided the following procedure to resolve these vulnerabilities.
1. Upgrade to Data Protector A.06.20 or subsequent
2. Enable encrypted control communication services on cell server and all clients in cell
The upgrade is available for download from http://hp.com/go/dataprotector then under 'Product Information' click on 'Trials and Demos'.
HISTORY
Version: 1 (rev.1) - 28 June 2011 Initial release
Version: 2 (rev.2) - 28 June 2011 Updated attribution
Version: 3 (rev.3) - 29 June 2011 Corrected CVSS data
Data Protector A.06.11, Data Protector A.06.10, Data Protector A.06.00 /
Data Protector A.06.20 or subsequent
NOTE: The use of encrypted control communication services must be enabled while using HP OpenView DataProtector version A.06.20
The upgrade is available for download from http://hp.com/go/dataprotector then under 'Product Information' click on 'Trial Software'
MANUAL ACTIONS: Yes - NonUpdate
Enable encrypted control communication services
PRODUCT SPECIFIC INFORMATION
There's a difference between being able to get onto a network (via wifi
maybe?) and getting physical access to a device.
> sipherr@gmail.com wrote:
>> Linksys phone adapter denial of service
>>
>> Product Information
>> Product Name: SPA-2102 Serial Number: FM500G582390
>> Software Version: 3.3.6 Hardware Version: 1.2.5(a)
>>
>> Another device hit with the PoD!
>>
environments.
cFolders is integrated to SAP ECC, SAP Product Lifecycle
Management (PLM), SAP Supplier Relationship Management (SRM), SAP Knowledge Management and SAP
NetWeaver cRooms (collaboration rooms). Virtual teams can access, view online, subscribe for changes, and
redline documents and product information. Partners and suppliers can interact with cFolders in predefined
collaborative or competitive scenarios.
Details
Disclaimer:
Although Fortinet has attempted to provide accurate information in these
materials, Fortinet assumes no legal responsibility for the accuracy or
completeness of the information. More specific information is available on
request from Fortinet. Please note that Fortinet's product information
does not constitute or contain any guarantee, warranty or legally binding
representation, unless expressly identified as such in a duly signed
writing.
About Fortinet ( www.fortinet.com ):
environments.
cFolders is integrated to SAP ECC, SAP Product Lifecycle
Management (PLM), SAP Supplier Relationship Management (SRM), SAP Knowledge Management and SAP
NetWeaver™ cRooms (collaboration rooms). Virtual teams can access, view online, subscribe for changes, and
redline documents and product information. Partners and suppliers can interact with cFolders in predefined
collaborative or competitive scenarios.
Details
Background
-----------------
Vendor product information:
PCU400 is the modern product when implementing an effective data acquisition network in SCADA-based systems
PCU400, Process Communication Unit 400 forms the communication interface to the network of remote terminal units (RTUs) together with the RCS Application Software located in the application server of a Network Manager SCADA system.
The PCU400 can be used as a SCADA front-end, communication gateway for Substation Automation systems or as a standalone protocol converter.
Two parts define the Data Acquisition system:
* RCS Application, a software package running in the Application Server
DESCRIPTION
InstallShield Update Agent connects to and communicates with centralized
Acresso (formerly Macrovision) FLEXnet Connect servers for updates and other
product information on a periodic basis. From the vendor's site:
FLEXnet Connect lets you electronically deliver applications, patches,
updates, and messages directly to your users' systems.
When connecting with this service, the client agent reports its product GUID,
Although Fortinet has attempted to provide accurate information in
these materials, Fortinet assumes no legal responsibility for the
accuracy or completeness of the information. More specific information
is available on request from Fortinet. Please note that Fortinet's
product information does not constitute or contain any guarantee,
warranty or legally binding representation, unless expressly
identified as such in a duly signed writing.
Fortinet Security Research
Attack Channels: Some HTTP/HTTPS non-analyzed channels
Impact: Data Theft / Data Leakage / Data Loss
Risk: Medium
2.- PRODUCT INFORMATION
========================================================
Trend Micro Data Loss Prevention (DLP) is a family of solutions that
secure your
private data and intellectual property, while reducing complexity and
costs.
Background
-----------------
Vendor product information, from www.ab.com :
With online editing and a built-in 10/100 Mbps EtherNet/IP port for
peer-to-peer messaging, the MicroLogix 1100 controller adds greater
connectivity and application coverage to the MicroLogix family of
Allen-Bradley controllers. This next generation controller's built-in LCD
screen displays controller status, I/O status, and simple operator messages;
enables bit and integer manipulation; offers digital trim pot functionality,
and a means to make operating mode changes (Prog / Remote / Run).
Disclaimer:
Although Fortinet has attempted to provide accurate information in these
materials, Fortinet assumes no legal responsibility for the accuracy or
completeness of the information. More specific information is available on
request from Fortinet. Please note that Fortinet's product information
does not constitute or contain any guarantee, warranty or legally binding
representation, unless expressly identified as such in a duly signed
writing.
About Fortinet ( www.fortinet.com ):
Background
-----------------
Vendor product information:
CIMPLICITY is a powerful and technically advanced HMI/SCADA product. With
its open system design approach, true client/server architecture, and the
latest web technologies, CIMPLICITY allows you to realize the benefits of
digitization for the collection, monitoring, supervisory control and sharing
of critical process and production data throughout your operations
CIMPLICITY has been used in all industries -- from process to discrete, to
system monitoring. It is extremely well suited for discrete applications,
information they need. Prospects can apply for admissions. Learners can
search and register for classes by term or date, and retrieve financial
aid data. Faculty can easily manage course information, rosters, and
grading, and advise students."
-- Banner Student product information
(http://www.sungardhe.com/Products/Product.aspx?id=1024)
University students interact with 'Banner Student Services' through a web
interface. Tasks are performed by making POST requests to fixed URLs.
A cross-site script attack facilitated by cross-site request forgery was
Disclaimer:
Although Fortinet has attempted to provide accurate information in these
materials, Fortinet assumes no legal responsibility for the accuracy or
completeness of the information. More specific information is available on
request from Fortinet. Please note that Fortinet's product information
does not constitute or contain any guarantee, warranty or legally binding
representation, unless expressly identified as such in a duly signed
writing.
About Fortinet ( www.fortinet.com ):
Disclaimer:
===========
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for
the accuracy or completeness of the information. More specific information is available on request from Fortinet. Please note that
Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless
expressly identified as such in a duly signed writing.
About Fortinet ( www.fortinet.com ):
====================================
Disclaimer:
Although Fortinet has attempted to provide accurate information in these
materials, Fortinet assumes no legal responsibility for the accuracy or
completeness of the information. More specific information is available on
request from Fortinet. Please note that Fortinet's product information
does not constitute or contain any guarantee, warranty or legally binding
representation, unless expressly identified as such in a duly signed
writing.
About Fortinet ( www.fortinet.com ):
Although Fortinet has attempted to provide accurate information in
these materials, Fortinet assumes no legal responsibility for the
accuracy or completeness of the information. More specific information
is available on request from Fortinet. Please note that Fortinet's
product information does not constitute or contain any guarantee,
warranty or legally binding representation, unless expressly
identified as such in a duly signed writing.
Fortinet Security Research
Background
-----------------
Vendor product information, from www.areva-td.com :
AREVA T&D solution for real-time energy management systems; this suite of
software products can be configured to meet your specific needs and
business function. Transmission companies, Generation owners, Independent
System Operators and vertically integrated utilities can all benefit from
the
new features and functionality of e-terraplatform. All configurations of
eterraplatform
Xiaopeng Zhang of Fortinet's FortiGuard Labs
Disclaimer:
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. More specific information is available on request from Fortinet. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing.
About Fortinet ( www.fortinet.com ):
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
~~~~~~~~~~~~~~~~~~~~~~~~~
DD.MM.YYYY
01.06.2009 - Reported
12.06.2009 - "This will be posted to our Symantec Product Security Advisory page
though we are not identifying these issues as vulnerabilities, it's just
the best method to disseminate this type of product information"
< waiting for others to patch >
27.10.2009 - G-SEC releases this advisory
About G-SEC
Background
-----------------
Vendor product information, from www.osisoft.com :
The PI SystemT brings all operational data into a single system that can
deliver it to users at all levels of the company - from the plant floor to
the enterprise level. The PI System keeps business-critical data always
online and available in a specialized time-series database by:
. Gathering event-driven data, in real-time, from multiple sources
across the plant and/or enterprise
|
