ZDI-24-192: Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-0865.

USN-7022-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

September 18, 2024

chromium-129.0.6668.58-1.fc39

FEDORA-2024-3d29b1647b Packages in this update: chromium-129.0.6668.58-1.fc39 Update description: update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium...

September 18, 2024

chromium-129.0.6668.58-1.el9

FEDORA-EPEL-2024-034e4b1091 Packages in this update: chromium-129.0.6668.58-1.el9 Update description: update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium...

September 18, 2024

chromium-129.0.6668.58-1.fc40

FEDORA-2024-d273b23c67 Packages in this update: chromium-129.0.6668.58-1.fc40 Update description: update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium...

September 18, 2024

USN-7021-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

September 18, 2024

USN-7020-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

September 18, 2024

Smashing Security podcast #385: TFL security derailed, and is Trump the king of crypto?

Critical Infrastructure at Risk From Email Security Breaches

Google Street View Images Used For Extortion Scams

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Europol Taskforce Disrupts Global Criminal Network Through Supply Chain Attack

Introducing LevelBlue’s 24/7 Managed Threat Detection and Response Service for Government

AT&T Agrees $13m FCC Settlement Over Cloud Data Breach

CISA Issues Advice to Help Eliminate XSS Bugs

The AI Fix #16: GPT-4o1, AI time travelers, and where’s my driverless car?

ZDI-24-192: Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability

USN-7022-1: Linux kernel vulnerabilities

chromium-129.0.6668.58-1.fc39

chromium-129.0.6668.58-1.el9

chromium-129.0.6668.58-1.fc40

USN-7021-1: Linux kernel vulnerabilities

USN-7020-1: Linux kernel vulnerabilities