Category Archives: Vulnerabilities

ModiPwn flaw in Modicon PLCs bypasses security mechanisms

ModiPwn flaw (CVE-2021-22779) in some of Schneider Electric’s Modicon PLCs can allow attackers to bypass authentication mechanisms and take over the device. Researchers at IoT security firm Armis discovered an authentication bypass vulnerability, tracked as CVE-2021-22779 and dubbed ModiPwn, that affects some of Schneider Electric ’s Modicon PLCs. The flaw can be exploited by an unauthenticated attacker […]

Adobe: Critical Flaws in Reader, Acrobat, Illustrator

Adobe has issued multiple security advisories with patches for critical vulnerabilities in a wide range of software products, including the ever-present Adobe Acrobat and Reader application. The Mountain View, Calif.-based Adobe urged Windows and macOS users to treat the PDF Reader patch with the utmost priority, because the flaws expose machines to remote code execution […]

Windows Print Spooler Remote Code Execution Vulnerability

CVE-2021-34527Security Vulnerability Released: 1 Ιουλ 2021 Last updated: 6 Ιουλ 2021Assigning CNA: Microsoft MITRE CVE-2021-34527CVSS:3.0 8.8 / 8.2 Attack VectorNetworkAttack ComplexityLowPrivileges RequiredLowUser InteractionNoneScopeUnchangedConfidentialityHighIntegrityHighAvailabilityHighExploit Code MaturityFunctionalRemediation LevelTemporary FixReport ConfidenceConfirmed Executive Summary A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could […]

Cross-site scripting in Trend Micro InterScan Web Security Virtual Appliance

Published: 2021-06-15 Risk Medium Patch available YES Number of vulnerabilities 1 CVE ID CVE-2021-31521 CWE ID CWE-79 Exploitation vector Network Public exploit N/A Vulnerable software InterScan Web Security Virtual ApplianceServer applications / Server solutions for antivurus protection Vendor Security Advisory This security advisory describes one medium risk vulnerability. 1) Cross-site scripting Risk: Medium CVSSv3.1: 5.3 […]

Citrix Patches Vulnerability in Workspace App for Windows

Citrix this week announced that it has patched a local privilege escalation vulnerability in the Citrix Workspace app for Windows. Tracked as CVE-2021-22907, the vulnerability could be exploited by local attackers to escalate their privileges to SYSTEM level. All supported versions of Citrix Workspace app for Windows are affected by the security hole. The issue, […]