nsaprojects.blogg.se

The affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources.ĬVE-2021-43933 has been assigned to this vulnerability. 3.2.5 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 A CVSS v3 base score of 6.1 has been calculated the CVSS vector string is ( AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H).

The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call.ĬVE-2021-43990 has been assigned to this vulnerability. 3.2.4 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights.ĬVE-2021-43988 has been assigned to this vulnerability. 3.2.3 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE 22 A CVSS v3 base score of 6.0 has been calculated the CVSS vector string is ( AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H). The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation.ĬVE-2021-43986 has been assigned to this vulnerability.

The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation.ĬVE-2021-38483 has been assigned to this vulnerability. 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 It is included because it is used in Industrial Control Systems (ICS). Note: This offline simulation software program does not provide any control or management of physical devices or processes. The following versions of ROBOGUIDE, a simulation platform software suite for FANUC Robots, are affected: Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow for remote code execution, or provide unauthorized privilege escalation. Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Improper Access Control, Path Traversal, Improper Restriction of XML External Entity Reference, Uncontrolled Resource Consumption.