CyberSecurityBoard
Sponsor Register Login

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to send specially crafted packets to change credentials without any prior authentication.
A vulnerability of authentication bypass has been found in Zebra Technologies ZTC Industrial ZT410 and ZTC Desktop GK420d.
For this vulnerability to be exploitable, the printer's protected mode must be disabled.
CVE-2023-4957 has been assigned to this vulnerability.
A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is.
MITIGATIONS. Zebra printers running Link-OS v6.0 and later have a protected mode that protects the printer from this vulnerability.
Activating this mode disables unauthorized changes and locks the current configuration until an administrator authorizes updates.
By default, the secure mode is disabled as it is necessary to generate a password first.
The service and support discontinuation dates are in September and December, 2025, depending on region.
The service and support discontinuation date is April 30, 2025.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.
Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.
Gov/ics in the technical information paper, ICS-TIP-12-146-01B-Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.


This Cyber News was published on www.cisa.gov. Publication date: Tue, 05 Dec 2023 16:10:28 +0000


Cyber News related to Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to send specially crafted packets to change credentials without any prior authentication. A vulnerability of authentication bypass has been found in Zebra ...
1 year ago Cisa.gov
The Virtual Desktop Revolution: Redefining Work an - A virtual desktop, also referred to as a virtual desktop infrastructure, is a virtualized computing environment that enables users to remotely access and control their desktops from any device with an internet connection. A user who logs in is given ...
1 year ago Feeds.dzone.com
Recapping Cisco industrial IoT's journey: A year of security, simplification and innovation - In this blog, we'll take a look back at the key topics and trends that defined the industrial IoT journey in 2023. Empowering our industrial customers to digitize and secure operations at the same time has been prevalent in every conversation this ...
11 months ago Feedpress.me
CVE-2024-3125 - A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The ...
8 months ago Tenable.com
Industrial Defender Risk Signal, a Risk-Based Vulnerability Management Solution for OT Security - PRESS RELEASE. FOXBOROUGH, Mass. , Jan. 3, 2024 /PRNewswire/ - Industrial Defender, the leading provider of OT asset data and cybersecurity solutions for industrial organizations, is excited to announce the launch of the Industrial Defender Risk ...
11 months ago Darkreading.com
Ransomware, Data Breaches Inundate OT & Industrial Sector - Three-quarters of industrial firms suffered a ransomware attack in the past year, with far more compromises affecting operational technology than ever before - representing a surge in attacks driven by both the industrial sector's vulnerability and ...
1 year ago Darkreading.com
Cisco wins Manufacturing Solution of the Year award for integrating industrial security with networking - Industrial security can be a complex undertaking, and yet OT security is quintessential for modern Industrial IoT operations. IIoT systems generally contain a variety of interconnected systems and technologies, each with its own security needs. Some ...
11 months ago Feedpress.me
CVE-2017-3180 - Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an ...
5 years ago
E80 Group secures its AGVs with Cisco industrial solutions and Italtel system integration - These are the conditions for which E80 Group, an Italian multinational, based in Viano, Italy, builds its autonomous and laser guided vehicles that can move around a facility, transport materials, and interact with other machines and systems in ...
6 months ago Feedpress.me
Digitizing the Physical World: Insights from Cisco Live Melbourne and the Industrial IoT Industry Summit - A few weeks ago, I attended Cisco Live Melbourne, and it was truly a pleasure to meet and connect with leaders, gain knowledge from customers, and hear speakers from various sectors. I had the wonderful opportunity to speak in an Innovation Talk ...
11 months ago Feedpress.me
Industrial Defender Risk Signal integrates threat intelligence and business context - Industrial Defender introduced Industrial Defender Risk Signal, its new risk-based vulnerability management solution. Building upon the company's robust vulnerability assessment capabilities, Industrial Defender Risk Signal intelligently prioritizes ...
11 months ago Helpnetsecurity.com
GitHub Reports Code-Signing Certificate Theft in Security Breach - Although attackers exfiltrated a set of encrypted code-signing certificates, these were password-protected, so there is no possibility of malicious use. GitHub revealed that on December 7th, 2022, hackers had gained unauthorized access to several of ...
1 year ago Hackread.com
CVE-2019-10960 - Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be ...
4 years ago
Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
1 year ago Cybersecuritynews.com
CVE-2021-21381 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an ...
11 months ago
CVE-2023-4957 - A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by ...
1 year ago
From security to AI: factors that are driving industrial networking investment - Cisco Blogs - Making this point, the paper mentions, “Customers need to connect and protect their industrial assets with solutions that enable the convergence of networking and security, simplify and standardize network management, and leverage software ...
2 months ago Feedpress.me
GE Historian Software Vulnerabilities Can be Exploited by Hackers - Hackers now have the capability to exploit vulnerabilities in General Electric’s (GE) Historian software. Such vulnerabilities could potentially be utilized for industrial espionage, disruption, or other malicious activities. The GE Historian ...
1 year ago Securityweek.com
GitHub says hackers cloned code-signing certificates in breached repository - GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place a cryptographic stamp on code to ...
1 year ago Packetstormsecurity.com
CVE-2018-2834 - Vulnerability in the Oracle Data Visualization Desktop component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 12.2.4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with logon ...
5 years ago
CVE-2024-2637 - An authenticated local attacker who successfully exploited this vulnerability could insert and run arbitrary code using legitimate B&R software's. An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R ...
7 months ago Tenable.com
CVE-2020-3588 - A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop ...
4 years ago
Darktrace and Garland Technology Collaborate to Help Businesses Secure Operational Technology Environments - PRESS RELEASE. CAMBRIDGE, England, Jan. 24, 2024 /PRNewswire/ - Darktrace, a global leader in cyber security AI, and Garland Technology, a leading manufacturer of network TAP, aggregator, packet broker, data diode and inline bypass solutions, today ...
10 months ago Darkreading.com
Fortinet enhances its OT security solutions and services - Fortinet announced the latest release of new, integrated operational technology security solutions and services. These additions further distance Fortinet's industry-leading OT Security Platform from the rest of the market. The number of industrial ...
1 year ago Helpnetsecurity.com
Review: Engineering-grade OT security: A manager's guide - Rew Ginter is a widely-read author on industrial security and a trusted advisor for industrial enterprises. He holds a BSc. in Applied Mathematics and an MSc. in Computer Science from the University of Calgary. He developed control system software ...
11 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)