Month: March 2023
ZDI-23-341: Schneider Electric IGSS openReport Improper Input Validation Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-340: Schneider Electric IGSSdataServer Exposed Dangerous Function Data Deletion Vulnerability
This vulnerability allows remote attackers to delete application-level data on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability.
ZDI-23-339: Schneider Electric IGSS IGSSdataServer Exposed Dangerous Function Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability.
ZDI-23-338: Schneider Electric IGSS getRMSreportFile Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The March 2023 Security Update Review
Happy Pi Day, and welcome to the third patch Tuesday of 2023 and the final patch Tuesday before Pwn2Own Vancouver. Take a break from your regularly scheduled activities and join us as we review the details of the latest security offerings from Microsoft and Adobe. Adobe Patches for March 2023 For March, Adobe released eight patches addressing 105 CVEs in Adobe Photoshop, Experience Manager, Dimension, Commerce, Substance 3D Stager, Cloud Desktop Application, and Illustrator. A total of 77 of these bugs were reported through the ZDI program. This is the largest Adobe update in quite some time. The patch for …
CVE-2022-38108: RCE in SolarWinds Network Performance Monitor
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hong and Lucas Miller of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the SolarWinds Network Performance Monitor. This bug was originally discovered and reported by ZDI Vulnerability Research Piotr Bazydło. The vulnerability results from the lack of proper validation of user-supplied data, which can result in the deserialization of untrusted data. An authenticated attacker can leverage this vulnerability to execute code in the context of SYSTEM. The following is a portion of their write-up covering CVE-2022-38108, with a few minimal …
CVE-2022-38108: RCE in SolarWinds Network Performance MonitorRead More
NVIDIA Canvas 1.4 Available With Panorama Beta This Week ‘In the NVIDIA Studio’
Editor’s note: This post is part of our weekly In the NVIDIA Studio series, which celebrates featured artists, offers creative tips and tricks, and demonstrates how NVIDIA Studio technology improves creative workflows. We’re also deep diving on new GeForce RTX 40 Series GPU features, technologies and resources, and how they dramatically accelerate content creation. An update is now available for NVIDIA Canvas, the free beta app that harnesses the power of AI to help artists quickly turn simple brushstrokes into realistic landscapes. This version 1.4 update includes a new Panorama mode, which 3D artist Dan “Greenskull” Hammill explores this week …
NVIDIA Canvas 1.4 Available With Panorama Beta This Week ‘In the NVIDIA Studio’Read More
Game Like a PC: GeForce NOW Breaks Boundaries Transforming Macs Into Ultimate Gaming PCs
Disney Dreamlight Valley is streaming from Steam and Epic Games Store on GeForce NOW starting today. It’s one of two new games this week that members can stream with beyond-fast performance using a GeForce NOW Ultimate membership. Game as if using a PC on any device — at up to 4K resolution and 120 frames per second — even on a Mac. Game Different I’m a Mac, and I’m now a gaming PC. GeForce NOW gives members the unique ability to play over 1,500 games with the power of a gaming PC, on nearly any device. The new Ultimate membership …
Game Like a PC: GeForce NOW Breaks Boundaries Transforming Macs Into Ultimate Gaming PCsRead More
