Common Weakness Enumeration

CWE-330

Discouraged

Use of Insufficiently Random Values

Abstraction: Class · Status: Stable

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

445 vulnerabilities reference this CWE, most recent first.

GHSA-CH86-PXR9-J9H9

Vulnerability from github – Published: 2026-04-03 21:31 – Updated: 2026-04-07 14:24
VLAI
Summary
Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-9jpj-g8vv-j5mf. This link is maintained to preserve external references.

Original Description

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-07T14:24:10Z",
    "nvd_published_at": "2026-04-03T21:17:11Z",
    "severity": "MODERATE"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-9jpj-g8vv-j5mf. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption.",
  "id": "GHSA-ch86-pxr9-j9h9",
  "modified": "2026-04-07T14:24:10Z",
  "published": "2026-04-03T21:31:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9jpj-g8vv-j5mf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34511"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/a26f4d0f3ef0757db6c6c40277cc06a5de76c52f"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-pkce-verifier-exposure-via-oauth-state-parameter"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter",
  "withdrawn": "2026-04-07T14:24:10Z"
}

GHSA-CHFC-5X2P-7FV7

Vulnerability from github – Published: 2024-06-29 15:31 – Updated: 2024-06-29 15:31
VLAI
Details

iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25943"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-29T13:15:10Z",
    "severity": "HIGH"
  },
  "details": "iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.",
  "id": "GHSA-chfc-5x2p-7fv7",
  "modified": "2024-06-29T15:31:30Z",
  "published": "2024-06-29T15:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25943"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CMR8-5W4C-44V8

Vulnerability from github – Published: 2022-09-20 20:45 – Updated: 2022-09-21 19:22
VLAI
Summary
Fastly Compute@Edge JS Runtime has fixed random number seed during compilation
Details

Impact

Math.random and crypto.getRandomValues methods failed to use sufficiently random values. The initial value to seed the CSPRNG (cryptographically secure pseudorandom number generator) was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for that specific WebAssembly module. An attacker with access to that same WebAssembly module that calls the affected methods could use the fixed seed to predict random numbers generated by these functions. This information could be used to bypass cryptographic security controls, for example to disclose sensitive data encrypted by functions that use these generators.

Patches

The problem has been fixed in version 0.5.3.

Corrected Math.random and crypto.getRandomValues methods to always use sufficiently random values. The previous versions would use a CSPRNG (cryptographically secure pseudorandom number generator) which we would seed with a random value. However, due to our use of Wizer, the initial value to seed the CSPRNG was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for that specific WebAssembly module. The new implementations of both Math.random and crypto.getRandomValues do not use a CSPRNG and instead pull random values from WASI (WebAssembly System Interface) libc’s random_get function, which is always a sufficiently random value.

Workarounds

There are no workarounds, you must upgrade to version 0.5.3 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@fastly/js-compute"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.4.0"
            },
            {
              "fixed": "0.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39218"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-335"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-20T20:45:10Z",
    "nvd_published_at": "2022-09-20T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\n`Math.random` and `crypto.getRandomValues` methods failed to use sufficiently random values. The initial value to seed the CSPRNG (cryptographically secure pseudorandom number generator) was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for that specific WebAssembly module. An attacker with access to that same WebAssembly module that calls the affected methods could use the fixed seed to predict random numbers generated by these functions. This information could be used to bypass cryptographic security controls, for example to disclose sensitive data encrypted by functions that use these generators.\n\n### Patches\n\nThe problem has been fixed in version 0.5.3.\n\nCorrected `Math.random` and `crypto.getRandomValues` methods to always use sufficiently random values. The previous versions would use a CSPRNG (cryptographically secure pseudorandom number generator) which we would seed with a random value. However, due to our use of Wizer, the initial value to seed the CSPRNG was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for that specific WebAssembly module. The new implementations of both Math.random and `crypto.getRandomValues` do not use a CSPRNG and instead pull random values from WASI (WebAssembly System Interface) libc\u2019s random_get function, which is always a sufficiently random value.\n\n### Workarounds\n\nThere are no workarounds, you must upgrade to version 0.5.3 or later.",
  "id": "GHSA-cmr8-5w4c-44v8",
  "modified": "2022-09-21T19:22:40Z",
  "published": "2022-09-20T20:45:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-cmr8-5w4c-44v8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39218"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fastly/js-compute-runtime/commit/65524ffc962644e9fc39f4b368a326b6253912a9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fastly/js-compute-runtime"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Fastly Compute@Edge JS Runtime has fixed random number seed during compilation"
}

GHSA-CP43-CJ42-P4C3

Vulnerability from github – Published: 2022-09-29 00:00 – Updated: 2022-10-01 00:00
VLAI
Details

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30935"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-28T11:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well.",
  "id": "GHSA-cp43-cj42-p4c3",
  "modified": "2022-10-01T00:00:24Z",
  "published": "2022-09-29T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30935"
    },
    {
      "type": "WEB",
      "url": "https://github.com/b2evolution/b2evolution/issues/114"
    },
    {
      "type": "WEB",
      "url": "https://b2evolution.net/downloads/7-2-5-stable"
    },
    {
      "type": "WEB",
      "url": "https://github.com/b2evolution/b2evolution/blob/master/inc/_core/_misc.funcs.php#L5955"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQ4Q-CV5G-R8Q5

Vulnerability from github – Published: 2026-06-15 20:44 – Updated: 2026-06-15 20:44
VLAI
Summary
Netty: QUIC stateless reset token material exposed through header-visible connection IDs
Details

Summary

Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the server's current source connection ID can be derived from bytes that appear as the connection ID in QUIC headers after a source-CID rotation. An on-path attacker observing the headers can use the token to perform a Denial of Service by sending a spoofed Stateless Reset packet.

Details

The sign-based connection ID generator (HmacSignQuicConnectionIdGenerator) and reset token generator (HmacSignQuicResetTokenGenerator) both evaluate HMAC-SHA256 with the same JVM-wide static key (io.netty.handler.codec.quic.Hmac).

During source CID rotation (QuicheQuicChannel.newSourceConnectionIds), the current server source CID C is used as input to produce the next CID N. The stateless reset token for C is defined over HMAC(K, C), specifically the first 16 bytes. The next CID N is the first L bytes of the same digest, where L = |C|.

Whenever L ≥ 16, the first 16 bytes of N are exactly the stateless reset token for C. Because N is carried in QUIC headers as a connection ID, an observer can read the headers and learn the reset token without decrypting the payload.

This directly violates RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#name-calculating-a-stateless-res: The stateless reset token MUST be difficult to guess. Additionally https://datatracker.ietf.org/doc/html/rfc9000#name-stateless-reset-oracle

Impact

Information Disclosure and Denial of Service. An on-path attacker can obtain the stateless reset token from the connection ID header and attempt to abruptly close the client side of the connection by sending a spoofed Stateless Reset datagram.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.2.14.Final"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-codec-classes-quic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2.0.Final"
            },
            {
              "fixed": "4.2.15.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-50009"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-15T20:44:20Z",
    "nvd_published_at": "2026-06-12T16:16:31Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nNetty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the server\u0027s current source connection ID can be derived from bytes that appear as the connection ID in QUIC headers after a source-CID rotation. An on-path attacker observing the headers can use the token to perform a Denial of Service by sending a spoofed Stateless Reset packet.\n\n### Details\nThe sign-based connection ID generator (HmacSignQuicConnectionIdGenerator) and reset token generator (HmacSignQuicResetTokenGenerator) both evaluate HMAC-SHA256 with the same JVM-wide static key (io.netty.handler.codec.quic.Hmac).\n\nDuring source CID rotation (QuicheQuicChannel.newSourceConnectionIds), the current server source CID C is used as input to produce the next CID N. The stateless reset token for C is defined over HMAC(K, C), specifically the first 16 bytes. The next CID N is the first L bytes of the same digest, where L = |C|.\n\nWhenever L \u2265 16, the first 16 bytes of N are exactly the stateless reset token for C. Because N is carried in QUIC headers as a connection ID, an observer can read the headers and learn the reset token without decrypting the payload.\n\nThis directly violates RFC 9000\nhttps://datatracker.ietf.org/doc/html/rfc9000#name-calculating-a-stateless-res: `The stateless reset token MUST be difficult to guess.`\nAdditionally https://datatracker.ietf.org/doc/html/rfc9000#name-stateless-reset-oracle\n\n### Impact\nInformation Disclosure and Denial of Service. An on-path attacker can obtain the stateless reset token from the connection ID header and attempt to abruptly close the client side of the connection by sending a spoofed Stateless Reset datagram.",
  "id": "GHSA-cq4q-cv5g-r8q5",
  "modified": "2026-06-15T20:44:20Z",
  "published": "2026-06-15T20:44:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/security/advisories/GHSA-cq4q-cv5g-r8q5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50009"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/netty/netty"
    },
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Netty: QUIC stateless reset token material exposed through header-visible connection IDs"
}

GHSA-CQ94-QF6Q-MF2H

Vulnerability from github – Published: 2018-07-16 16:50 – Updated: 2024-10-14 15:36
VLAI
Summary
Pysaml2 improperly initializes encryption vector
Details

Python package pysaml2 version 4.5.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pysaml2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-1000246"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:32:20Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Python package pysaml2 version 4.5.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.",
  "id": "GHSA-cq94-qf6q-mf2h",
  "modified": "2024-10-14T15:36:52Z",
  "published": "2018-07-16T16:50:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000246"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rohe/pysaml2/issues/417"
    },
    {
      "type": "WEB",
      "url": "https://github.com/IdentityPython/pysaml2/pull/519/commits/7323f5c20efb59424d853c822e7a26d1aa3e84aa"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pysaml2/PYSEC-2017-26.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rohe/pysaml2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Pysaml2 improperly initializes encryption vector"
}

GHSA-CQJ4-PH2F-7Q79

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38
VLAI
Details

ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-0897"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-22T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "ExpressionEngine version 2.x \u003c 2.11.8 and version 3.x \u003c 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.",
  "id": "GHSA-cqj4-ph2f-7q79",
  "modified": "2022-05-13T01:38:26Z",
  "published": "2022-05-13T01:38:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0897"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/215890"
    },
    {
      "type": "WEB",
      "url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5"
    },
    {
      "type": "WEB",
      "url": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8"
    },
    {
      "type": "WEB",
      "url": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99242"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CRJP-2PP7-RCHG

Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-19 00:01
VLAI
Details

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27577"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-11T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.",
  "id": "GHSA-crjp-2pp7-rchg",
  "modified": "2022-04-19T00:01:13Z",
  "published": "2022-04-12T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27577"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CWXP-H4PJ-WVP5

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:34
VLAI
Details

Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26080"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-16T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415.",
  "id": "GHSA-cwxp-h4pj-wvp5",
  "modified": "2024-04-04T05:34:28Z",
  "published": "2023-07-06T19:24:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26080"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.256117643.1223066510.1678942947-1879524908.1677751217"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F4VP-F6H9-8CX8

Vulnerability from github – Published: 2022-02-17 00:00 – Updated: 2023-06-30 21:30
VLAI
Details

A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-26726"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209",
      "CWE-326",
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-16T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.",
  "id": "GHSA-f4vp-f6h9-8cx8",
  "modified": "2023-06-30T21:30:18Z",
  "published": "2022-02-17T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26726"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726"
    },
    {
      "type": "WEB",
      "url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
  • In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
  • Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Implementation

Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.

Mitigation MIT-2
Architecture and Design Requirements

Strategy: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

CAPEC-112: Brute Force

In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.

CAPEC-485: Signature Spoofing by Key Recreation

An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.