July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
ICS: Multiple Rockwell Automation Products Vulnerabilities
November 15, 20244,700 Phony Shopping Websites Used by Fraud Networks to Steal Credit Cards – Active IOCs
November 15, 2024ICS: Multiple Rockwell Automation Products Vulnerabilities
November 15, 20244,700 Phony Shopping Websites Used by Fraud Networks to Steal Credit Cards – Active IOCs
November 15, 2024
Severity
High
Analysis Summary
CVE-2024-38097 CVSS:7.1
Microsoft Azure could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the Monitor Agent component. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2024-38179 CVSS:8.8
Microsoft Azure Stack Hyperconverged Infrastructure (HCI) could allow a local authenticated attacker to gain elevated privileges on the system. An attacker could exploit this vulnerability to gain the privileges of the compromised managed identity.
CVE-2024-43602 CVSS:9.9
Microsoft Azure CycleCloud could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-43613 CVSS:7.2
Microsoft Azure Database for PostgreSQL could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request to an Azure Database for PostgreSQL Flexible Server with specific non-default functionality enabled, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2024-49042 CVSS:7.2
Microsoft Azure Database for PostgreSQL could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request to an Azure Database for PostgreSQL Flexible Server with specific non-default functionality enabled, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2024-43591 CVSS:8.7
Microsoft Azure could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Command Line Integration (CLI) component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
Impact
- Privilege Escalation
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-38097
- CVE-2024-38179
- CVE-2024-43602
- CVE-2024-43613
- CVE-2024-49042
- CVE-2024-43591
Affected Vendors
Microsoft
Affected Products
- Microsoft Azure Service Connector
- Microsoft Azure CycleCloud 8.0.0 - 8.0.0
- Microsoft Azure Monitor - 1.0.0
- Microsoft Azure Stack HCI - 20349.2700
- Microsoft Azure Stack HCI - 10.2408.1.9
- Microsoft Azure CycleCloud - 8.6.3
- Microsoft Azure CycleCloud - 8.6.4
- Microsoft Azure CycleCloud 8.0.1 - 8.0.0
- Microsoft Azure Database for PostgreSQL Flexible Server - 16.4.0
- Microsoft Azure Database for PostgreSQL Flexible Server - 15.8
- Microsoft Azure Database for PostgreSQL Flexible Server - 14.13
- Microsoft Azure Database for PostgreSQL Flexible Server - 13.16
- Microsoft Azure Database for PostgreSQL Flexible Server - 12.20
- Microsoft Azure CLI - 2.0.0
- Microsoft Azure Service Connector - 0.0.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.