Steam Client Creates World-writable Shell Script
While performing a routine world-writable file scan, one of IOActive’s consultants discovered that the Steam Client for Mac OS X creates world-writable shell scripts when installing games.
OleumTech Wireless Sensor Network Vulnerabilites
OleumTech has manufactured industrial wireless solutions for almost 15 years, providing visibility to disparate assets for major Oil & Gas producers for near real-time optimization decisions, resource deployment, and regulatory compliance. OleumTech also manufacturers industrial automation systems that represents the new paradigm of remote monitoring and control for industries, such as Oil & Gas, Refining, Petro-chemical, Utilities, and Water/Wastewater. In June 2013, IOActive Labs reported four critical vulnerabilities in OleumTech’s wireless sensor network to ICS-CERT. To date, IOActive Labs is not aware of any fixes released by OleumTech.
Sielco Sistemi Winlog Multiple Vulnerabilities
This advisory is a follow-up to the alerts titled “ICS-ALERT-12-166-01 Sielco Sistemi Winlog Buffer Overflow” that was published June 14, 2012, and “ICS-ALERT-12-179-01 Sielco Sistemi Winlog Multiple Vulnerabilities” that was published June 27, 2012, on the ICS-CERT web page.
TURCK BL20/BL67 Programmable Gateways undocumented hardcoded accounts
The affected products provide communication between the communications bus and I/O modules. According to TURCK, the BL20 and BL67 are deployed across several sectors. These include agriculture and food, automotive, and critical manufacturing. TURCK estimates that these products are used primarily in the United States and Europe with a small percentage in Asia. This vulnerability allows an attacker to remotely access the device through its embedded FTP server by using the undocumented, hard-coded credentials. The attacker can then install a trojanized firmware to control communications and processes.
Protocol Handling Issues in X.Org X Window System Client Libraries
X.Org believes all prior versions of these libraries contain the vulnerabilities discussed in this document, dating back to their introduction. Versions of the X libraries built on top of the Xlib bridge to the XCB framework are vulnerable to fewer issues than those without. This is due to the added safety and consistency assertions in the XCB calls to read data from the network. However, most of these vulnerabilities are not caught by such checks.
DASDEC Vulnerabilities
The United States Emergency Alert System (EAS) in 1997 replaced the older and better known Emergency Broadcast System (EBS) used to deliver local or national emergency information. The EAS is designed to “enable the President of the United States to speak to the United States within 10 minutes” after a disaster occurs. In the past, these alerts were passed from station to station using the Associated Press (AP) or United Press International (UPI) “wire services”, which connected to television and radio stations around the U.S. Whenever the station received an…
ProSoft Technology RadioLinx ControlScape PRNG Vulnerability
The RadioLinx ControlScape application is used to configure and installradios in a FHSS radio network and to monitor their performance. ProSoft Technology states that default values built into the software work well for initial installation and testing. The software generates a random passphrase and sets the encryption level to 128-bit AES when it creates a new radio network.
SIEMENS Sipass Integrated 2.6 Ethernet Bus Arbitrary Pointer Dereference
This vulnerability exists within AscoServer.exe during the handling of RPC messages over the Ethernet Bus. Insufficient sanity checking allows remote and unauthenticated attackers to corrupt a Heap-Allocated Structure and then dereference an arbitrary pointer. When manipulating an IOCP message, it is possible to alter the behavior of message parsing. This allows another IOCP message to subvert the listener of IOCP messages, which leads to export of a write-n primitive. This flaw allows remote attackers to execute arbitrary code on the target system, under the context of the SYSTEM account, where…
Invensys Wonderware InTouch 10 DLL Hijack
ICS-CERT originally released Advisory ICSA-12-177-01P on the US-CERT Portal on July 05, 2012. The web page’s release was delayed to provide the vendor with enough time to contact customers concerning this information. Independent researcher Carlos Mario Penagos Hollmann has identified an uncontrolled search path element vulnerability, commonly referred to as a DLL hijack, in the Invensys Wonderware InTouch application. Successfully exploiting this vulnerability could lead to arbitrary code execution. ICS-CERT has coordinated the report with Invensys, which has produced an upgrade to address this vulnerability. Mr. Hollmann has validated that…
WellinTech KingView and KingHistorian Multiple Vulnerabilities
Independent researchers Carlos Hollmand and Dillon Beresford identified multiple vulnerabilities in WellinTech’s KingView and a single vulnerability in WellinTech’s KingHistorian applications. These vulnerabilities can be exploited remotely. WellinTech has created a patch, and the researchers have validated that the patch resolves these vulnerabilities in the KingView and KingHistorian applications.