Here’s an updated look at Yahoo Sports’ first-round projections for the 2024 NBA Draft.
February 2024
Mock Draft 5.0: International players dominate early picks
With no consensus No. 1 pick playing in college, half of the lottery projects to be made up of prospects who are playing overseas or for the G League.
The 5 best non-Shohei Ohtani moves of the MLB offseason — and 4 that should happen before Opening Day
Spring training games begin this week, but several top free agents still need a team.
The 5 best moves of the MLB offseason (excluding Ohtani)
New national MLB insider Russell Dorsey looks at five offseason moves that we’ll be talking about when the games begin, plus four looming moves.
Are You Richer Than You Think? A Surprising Number Of People Consider Themselves ‘Poor’ But They’re Actually In The Top 10% Of Earners
People Are Sharing Their Wildest Stories About *That One Coworker*, And They Range From Horrifying To Completely Unhinged
Ethercat Zeek Plugin
1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: CISA
- Equipment: Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Plugin for Zeek
- Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow remote code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following GitHub commits (versions) of ICSNPP – Ethercat Plugin, a plugin for Zeek, are affected:
- Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin: versions d78dda6 and prior
3.2 Vulnerability Overview
3.2.1 OUT-OF-BOUNDS WRITE CWE-787
Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code execution.
CVE-2023-7244 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.2.2 OUT-OF-BOUNDS WRITE CWE-787
Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an attacker to cause arbitrary code execution.
CVE-2023-7243 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.2.3 OUT-OF-BOUNDS READ CWE-125
Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds read during the process of analyzing a specific Ethercat packet. This could allow an attacker to crash the Zeek process and leak some information in memory.
CVE-2023-7242 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Multiple
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: United States
3.4 RESEARCHER
Cameron Whitehead of HACK@UCF reported these vulnerabilities to CISA.
4. MITIGATIONS
CISA recommends that users update Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin to commit 3bca34c or later.
To help reduce successful exploitation, users are encouraged to keep critical software updates and patches up to date in their system networks.
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
- Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
- Locate control system networks and remote devices behind firewalls and isolating them from business networks.
- When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
5. UPDATE HISTORY
- February 20, 2024: Initial Publication
Mitsubishi Electric Electrical Discharge Machines
1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Mitsubishi Electric Corporation
- Equipment: Electrical discharge machines
- Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service condition on the products.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Mitsubishi Electric reports that the following electrical discharge machines are affected by this vulnerability in Microsoft Message Queuing service:
- Wire-cut EDM MV Series MV1200S D-CUBES Series Standard system BRD-B60W000-**: all versions
- Wire-cut EDM MV Series MV2400S D-CUBES Series Standard system BRD-B60W000-**: all versions
- Wire-cut EDM MV Series MV4800S D-CUBES Series Standard system BRD-B60W000-**: all versions
- Wire-cut EDM MV Series MV1200R D-CUBES Series Standard system BRD-B60W000-**: all versions
- Wire-cut EDM MV Series MV2400R D-CUBES Series Standard system BRD-B60W000-**: all versions
- Wire-cut EDM MV Series MV4800R D-CUBES Series Standard system BRD-B60W000-**: all versions
- Wire-cut EDM MV Series MV1200S D-CUBES Series Special system BRD-B63W+++-**: all versions
- Wire-cut EDM MV Series MV2400S D-CUBES Series Special system BRD-B63W+++-**: all versions
- Wire-cut EDM MV Series MV4800S D-CUBES Series Special system BRD-B63W+++-**: all versions
- Wire-cut EDM MV Series MV1200R D-CUBES Series Special system BRD-B63W+++-**: all versions
- Wire-cut EDM MV Series MV2400R D-CUBES Series Special system BRD-B63W+++-**: all versions
- Wire-cut EDM MV Series MV4800R D-CUBES Series Special system BRD-B63W+++-**: all versions
- Wire-cut EDM MP Series MP1200 D-CUBES Series Standard system BRD-B60W000-**: all versions
- Wire-cut EDM MP Series MP2400 D-CUBES Series Standard system BRD-B60W000-**: all versions
- Wire-cut EDM MP Series MP4800 D-CUBES Series Standard system BRD-B60W000-**: all versions
- Wire-cut EDM MP Series MP1200 D-CUBES Series Special system BRD-B63W+++-**: all versions
- Wire-cut EDM MP Series MP2400 D-CUBES Series Special system BRD-B63W+++-**: all versions
- Wire-cut EDM MP Series MP4800 D-CUBES Series Special system BRD-B63W+++-**: all versions
- Wire-cut EDM MX Series MX900 D-CUBES Series Standard system BRD-B60W000-**: all versions
- Wire-cut EDM MX Series MX2400 D-CUBES Series Standard system BRD-B60W000-**: all versions
- Wire-cut EDM MX Series MX900 D-CUBES Series Special system BRD-B63W+++-**: all versions
- Wire-cut EDM MX Series MX2400 D-CUBES Series Special system BRD-B63W+++-**: all versions
- Sinker EDM SV-P Series SV8P D-CUBES Series Standard system BRD-M60W000-**: all versions
- Sinker EDM SV-P Series SV12 D-CUBES Series Standard system BRD-M60W000-**: all versions
- Sinker EDM SV-P Series SV8P D-CUBES Series Special system BRD-M63W+++-**: all versions
- Sinker EDM SV-P Series SV12 D-CUBES Series Special system BRD-M63W+++-**: all versions
- Sinker EDM SG Series SG8 D-CUBES Series Standard system BRD-M60W000-**: all versions
- Sinker EDM SG Series SG12 D-CUBES Series Standard system BRD-M60W000-**: all versions
- Sinker EDM SG Series SG28 D-CUBES Series Standard system BRD-M60W000-**: all versions
- Sinker EDM SG Series SG8 D-CUBES Series Special system BRD-M63W+++-**: all versions
- Sinker EDM SG Series SG12 D-CUBES Series Special system BRD-M63W+++-**: all versions
- Sinker EDM SG Series SG28 D-CUBES Series Special system BRD-M63W+++-**: all versions
3.2 Vulnerability Overview
3.2.1 Improper Input Validation CWE-20
Remote code execution vulnerability due to Microsoft Message Queuing service on Microsoft Windows exists in electrical discharge machines.
CVE-2023-21554 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Japan
3.4 RESEARCHER
Mitsubishi Electric reported this vulnerability to CISA.
4. MITIGATIONS
Mitsubishi Electric recommends that users install the latest update. For information about how to install the update program, please contact your local service center.
Mitsubishi Electric recommends taking the mitigations listed below to minimize the risk of exploitation of this vulnerability.
- Use a firewall, virtual private network (VPN) etc., to prevent unauthorized access when Internet access is required.
- Use within a LAN and block access from untrusted networks and hosts through firewalls.
- Restrict physical access to the affected products and to personal computers and network devices that can communicate with them.
- Install anti-virus software on personal computers that can communicate with the affected products.
For specific update instructions and additional details refer to Mitsubishi Electric advisory 2023-022.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability) has been reported to CISA at this time.
5. UPDATE HISTORY
- February 20, 2024: Initial Publication
Commend WS203VICM
1. EXECUTIVE SUMMARY
- CVSS v3 9.4
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Commend
- Equipment: WS203VICM
- Vulnerabilities: Argument Injection, Improper Access Control, Weak Encoding for Password
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information or force the system to restart.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Commend reports that the following versions of WS203VICM video door station are affected:
- WS203VICM: version 1.7 and prior
3.2 Vulnerability Overview
3.2.1 ARGUMENT INJECTION CWE-88
A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service.
CVE-2024-22182 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H).
3.2.2 IMPROPER ACCESS CONTROL CWE-284
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.
CVE-2024-21767 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H).
3.2.3 WEAK ENCODING FOR PASSWORD CWE-261
A weak encoding is used to transmit credentials for WS203VICM.
CVE-2024-23492 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities Sector
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Austria
3.4 RESEARCHER
Aarón Flecha Menéndez of S21sec reported these vulnerabilities to CISA.
4. MITIGATIONS
Although this is an end-of-life product, Commend has created new firmware version WS-CM 2.0 to address the first two issues. The new firmware can be loaded via the program “IP Station Config”. To install the firmware, follow the instructions below:
- Log in to the Commend web-portal.
- Download and extract the “Terminals Software Package”.
- In “IP Station Config”, select the stations to be updated in the table.
- Go to: Menu Station > Firmware Download
- Select the file “WS-CM 2.0.geh” from the folder “WS-CM” and click on the button Open.
For additional information, please visit CSA-2024-42 on Commend’s cybersecurity website.
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
- Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
- Locate control system networks and remote devices behind firewalls and isolating them from business networks.
- When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
CISA also recommends users take the following measures to protect themselves from social engineering attacks:
- Do not click web links or open attachments in unsolicited email messages.
- Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
- Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
5. UPDATE HISTORY
- February 20, 2024: Initial Publication