CVE-2023-25718
https://notcve.org/view.php?id=CVE-2023-25718
In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations. NOTE: this may overlap CVE-2023-25719. NOTE: the vendor's position is that this purported vulnerability represents a "fundamental lack of understanding of Authenticode code signing behavior." • https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc https://www.connectwise.com https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2023-25719
https://notcve.org/view.php?id=CVE-2023-25719
ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. NOTE: this CVE Record is only about the parameters, such as the h parameter (this CVE Record is not about the separate issue of signed executable files that are supposed to have unique configurations across customers' installations). • https://cybir.com/2022/cve/hijacking-connectwise-control-and-ddos https://www.connectwise.com https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-36763
https://notcve.org/view.php?id=CVE-2021-36763
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. En CODESYS V3 web server versiones anteriores a 3.5.17.10, los archivos o directorios son accesibles para las partes externas • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16803&token=0b8edf9276dc39ee52f43026c415c5b38085d90a&download= • CWE-552: Files or Directories Accessible to External Parties •
CVE-2021-33485
https://notcve.org/view.php?id=CVE-2021-33485
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. CODESYS Control Runtime system versiones anteriores a 3.5.17.10, presenta un Desbordamiento de Buffer en la región Heap de la memoria • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14805&token=f0b86f99bb302ddd4aadec483aed5f5d3fddbf1a&download= • CWE-787: Out-of-bounds Write •
CVE-2019-16515
https://notcve.org/view.php?id=CVE-2019-16515
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used. Se detectó un problema en ConnectWise Control (anteriormente se conoce como ScreenConnect) versión 19.3.25270.7185. Determinados encabezados de seguridad HTTP no son usados. • https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34 https://know.bishopfox.com/advisories https://know.bishopfox.com/advisories/connectwise-control https://wpvulndb.com/vulnerabilities/10013 https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox •