March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
ICS: Multiple Rockwell Automation FactoryTalk View SE Vulnerabilities
June 14, 2024ICS: Multiple Fuji Electric Monitouch V-SFT and Tellus Lite V-Simulator Vulnerabilities
June 15, 2024ICS: Multiple Rockwell Automation FactoryTalk View SE Vulnerabilities
June 14, 2024ICS: Multiple Fuji Electric Monitouch V-SFT and Tellus Lite V-Simulator Vulnerabilities
June 15, 2024
Severity
High
Analysis Summary
CVE-2024-28974 CVSS:7.6
Dell Data Protection Advisor is vulnerable to a denial of service, caused by an inadequate encryption strength vulnerability. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-29170 CVSS:8.1
Dell PowerScale OneFS could allow a local authenticated attacker to obtain sensitive information, caused by the use of hard coded credentials. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain network traffic information or cause a denial of service condition.
CVE-2024-22429 CVSS:8.1
Dell PowerScale OneFS could allow a local authenticated attacker to obtain sensitive information, caused by the use of hard coded credentials. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain network traffic information or cause a denial of service condition.
CVE-2024-28970 CVSS:7.4
Dell Client BIOS could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-32858 CVSS:7.5
Dell CPG BIOS could allow a local authenticated attacker to execute arbitrary code on the system, caused by an improper input validation vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-32859 CVSS:7.5
Dell CPG BIOS could allow a local authenticated attacker to execute arbitrary code on the system, caused by an improper input validation vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Denial of Service
- Information Obtain
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-28974
- CVE-2024-29170
- CVE-2024-22429
- CVE-2024-28970
- CVE-2024-32858
- CVE-2024-32859
Affected Vendors
Dell
Affected Products
- Dell PowerScale OneFS 8.2
- Dell CPG BIOS
- Dell Data Protection Advisor 19.9
- Dell PowerScale OneFS 9.8
Remediation
Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.