This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Daily Archives: April 8, 2022
ZDI-22-587: Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-588: Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-589: Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Backdoor.Win32.XLog.21 / Authentication Bypass Race Condition
Posted by malvuln on Apr 07
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/2906b5dc5132dd1319827415e837168f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.XLog.21
Vulnerability: Authentication Bypass Race Condition
Description: The malware listens on TCP port 5553. Third-party attackers
who can reach the system before a password has been set can logon using
default credentials of…
Backdoor.Win32.Xingdoor / Denial of Service
Posted by malvuln on Apr 07
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/89000e259ffbd107b7cc9bac66dcdcf5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Xingdoor
Vulnerability: Denial of Service
Description: The malware “System_XingCheng” listens on TCP port 7016.
Attackers who can send a specially crafted packet, can trigger an int 3
“xcc” breakpoint debug…
Backdoor.Win32.Wisell / Stack Buffer Overflow (SEH)
Posted by malvuln on Apr 07
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/837ec70bfb305b5c862ff9b04e70a318_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Wisell
Vulnerability: Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 5277. Attackers who can reach
the infected system can send a specially crafted packet triggering a stack
buffer overflow overwriting…
Backdoor.Win32.FTP.Lana.01.d / Port Bounce Scan
Posted by malvuln on Apr 07
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/ea9ab5983a6fa71e31907e74d4ddbab6_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.FTP.Lana.01.d
Vulnerability: Port Bounce Scan
Description: The malware listens on TCP port 9003. Third-party intruders
who successfully logon can abuse the backdoor FTP server as a
man-in-the-middle machine allowing PORT Command…
Backdoor.Win32.FTP.Lana.01.d / Weak Hardcoded Credentials
Posted by malvuln on Apr 07
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/ea9ab5983a6fa71e31907e74d4ddbab6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.FTP.Lana.01.d
Vulnerability: Weak Hardcoded Credentials
Family: Lana
Type: PE32
MD5: ea9ab5983a6fa71e31907e74d4ddbab6
Vuln ID: MVID-2022-0539
Dropped files: sersvc32.exe
Disclosure: 04/06/2022
Description: The malware listens in TCP…
Backdoor.Win32.Verify.h / Unauthenticated Remote Command Execution
Posted by malvuln on Apr 07
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/82641dabbb1f73dd775e200466a07ec1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Verify.h
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP ports 1906 and 1907. Third-party
adversaries who can reach an infected host on either port can gain access
and or run any OS…