Category Archives: Advisories

CyberDanube Security Research 20240703-0 | Authenticated Command Injection in Helmholz Industrial Router REX100

Read Time:14 Second

Posted by Thomas Weber via Fulldisclosure on Jul 03

CyberDanube Security Research 20240703-0
——————————————————————————-
title| Authenticated Command Injection
product| Helmholz Industrial Router REX100
| MBConnectline mbNET.mini
vulnerable version| <= 2.2.11
fixed version| 2.2.13
CVE number| CVE-2024-5672
impact| High
homepage|…

Read More

SEC Consult SA-20240627-0 :: Local Privilege Escalation via MSI installer in SoftMaker Office / FreeOffice

Read Time:15 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jul 03

SEC Consult Vulnerability Lab Security Advisory < 20240627-0 >
=======================================================================
title: Local Privilege Escalation via MSI installer
product: SoftMaker Office / FreeOffice
vulnerable version: SoftMaker Office 2024 / NX before revision 1214
FreeOffice 2021 Revision 1068
FreeOffice 2024 before revision 1215…

Read More

SEC Consult SA-20240626-0 :: Multiple Vulnerabilities in Siemens Power Automation Products

Read Time:20 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jul 03

SEC Consult Vulnerability Lab Security Advisory < 20240626-0 >
=======================================================================
title: Multiple Vulnerabilities in Power Automation Products
product: Siemens CP-8000/CP-8021/CP8-022/CP-8031/CP-8050/SICORE
vulnerable version: CPC80 < V16.41 / CPCI85 < V5.30 / OPUPI0 < V5.30 / SICORE < V1.3.0 /
CPCX26 < V06.02 for CP-2016…

Read More

Novel DoS Vulnerability Affecting WebRTC Media Servers

Read Time:23 Second

Posted by Sandro Gauci via Fulldisclosure on Jul 03

Dear Colleagues,

We have published a new blog post discussing a novel Denial-of-Service (DoS) vulnerability affecting WebRTC media
servers.

## Executive summary (TL;DR)

A critical denial-of-service (DoS) vulnerability has been identified in media servers that process WebRTC’s DTLS-SRTP,
specifically in their handling of ClientHello messages. This vulnerability arises from a race condition between ICE and
DTLS traffic and can be exploited…

Read More