Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to send specially crafted packets to change credentials without any prior authentication.
A vulnerability of authentication bypass has been found in Zebra Technologies ZTC Industrial ZT410 and ZTC Desktop GK420d.
For this vulnerability to be exploitable, the printer's protected mode must be disabled.
CVE-2023-4957 has been assigned to this vulnerability.
A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is.
MITIGATIONS. Zebra printers running Link-OS v6.0 and later have a protected mode that protects the printer from this vulnerability.
Activating this mode disables unauthorized changes and locks the current configuration until an administrator authorizes updates.
By default, the secure mode is disabled as it is necessary to generate a password first.
The service and support discontinuation dates are in September and December, 2025, depending on region.
The service and support discontinuation date is April 30, 2025.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.
Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.
Gov/ics in the technical information paper, ICS-TIP-12-146-01B-Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

This Cyber News was published on www.cisa.gov. Publication date: Tue, 05 Dec 2023 16:10:28 +0000

Cyber News related to Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to send specially crafted packets to change credentials without any prior authentication. A vulnerability of authentication bypass has been found in Zebra ...
1 year ago Cisa.gov CVE-2023-4957

The Virtual Desktop Revolution: Redefining Work an - A virtual desktop, also referred to as a virtual desktop infrastructure, is a virtualized computing environment that enables users to remotely access and control their desktops from any device with an internet connection. A user who logs in is given ...
1 year ago Feeds.dzone.com

Recapping Cisco industrial IoT's journey: A year of security, simplification and innovation - In this blog, we'll take a look back at the key topics and trends that defined the industrial IoT journey in 2023. Empowering our industrial customers to digitize and secure operations at the same time has been prevalent in every conversation this ...
1 year ago Feedpress.me

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2024-54092 - A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 ...
5 months ago

CVE-2024-3125 - A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The ...
1 year ago Tenable.com

Industrial Defender Risk Signal, a Risk-Based Vulnerability Management Solution for OT Security - PRESS RELEASE. FOXBOROUGH, Mass. , Jan. 3, 2024 /PRNewswire/ - Industrial Defender, the leading provider of OT asset data and cybersecurity solutions for industrial organizations, is excited to announce the launch of the Industrial Defender Risk ...
1 year ago Darkreading.com

Hackers Attacking Industrial Automation Systems With 11,600+ Malware Families - Industrial automation systems worldwide are facing an unprecedented scale of cyber threats, with security researchers detecting a staggering 11,679 distinct malware families targeting critical infrastructure in the first quarter of 2025. Securelist ...
3 months ago Cybersecuritynews.com

Ransomware, Data Breaches Inundate OT & Industrial Sector - Three-quarters of industrial firms suffered a ransomware attack in the past year, with far more compromises affecting operational technology than ever before - representing a surge in attacks driven by both the industrial sector's vulnerability and ...
1 year ago Darkreading.com LockBit

Windows Remote Desktop Vulnerability Let Attackers Execute Malicious Code Over Network - These Remote Desktop vulnerabilities were among 72 flaws addressed in Microsoft’s May Patch Tuesday, which also fixed five actively exploited zero-day vulnerabilities, including issues in Windows DWM Core Library, Windows Common Log File System ...
3 months ago Cybersecuritynews.com CVE-2025-29966

Google Threat Intelligence Launches Actionable Technique To Hunt for Malicious .Desktop Files - xfce_desktop_window” (behavior_processes:” ; or (behavior_processes:”http” behavior_processes:”.pdf”))Expands detection by combining XFCE environment detection with behaviors involving Google Drive or other ...
3 months ago Cybersecuritynews.com

Cisco wins Manufacturing Solution of the Year award for integrating industrial security with networking - Industrial security can be a complex undertaking, and yet OT security is quintessential for modern Industrial IoT operations. IIoT systems generally contain a variety of interconnected systems and technologies, each with its own security needs. Some ...
1 year ago Feedpress.me Patchwork

CVE-2017-3180 - Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an ...
5 years ago

E80 Group secures its AGVs with Cisco industrial solutions and Italtel system integration - These are the conditions for which E80 Group, an Italian multinational, based in Viano, Italy, builds its autonomous and laser guided vehicles that can move around a facility, transport materials, and interact with other machines and systems in ...
1 year ago Feedpress.me

Digitizing the Physical World: Insights from Cisco Live Melbourne and the Industrial IoT Industry Summit - A few weeks ago, I attended Cisco Live Melbourne, and it was truly a pleasure to meet and connect with leaders, gain knowledge from customers, and hear speakers from various sectors. I had the wonderful opportunity to speak in an Innovation Talk ...
1 year ago Feedpress.me

ICS Advisory (ICSA-25-238-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-238-03, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
1 week ago Cisa.gov CVE-2023-34362 CVE-2023-34363

Industrial Defender Risk Signal integrates threat intelligence and business context - Industrial Defender introduced Industrial Defender Risk Signal, its new risk-based vulnerability management solution. Building upon the company's robust vulnerability assessment capabilities, Industrial Defender Risk Signal intelligently prioritizes ...
1 year ago Helpnetsecurity.com

GitHub Reports Code-Signing Certificate Theft in Security Breach - Although attackers exfiltrated a set of encrypted code-signing certificates, these were password-protected, so there is no possibility of malicious use. GitHub revealed that on December 7th, 2022, hackers had gained unauthorized access to several of ...
2 years ago Hackread.com

Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
1 year ago Cybersecuritynews.com CVE-2023-43583 CVE-2023-43585 CVE-2023-43586 CVE-2023-36540 CVE-2023-36541 CVE-2023-36534 CVE-2023-39216 CVE-2023-39213

CVE-2021-21381 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an ...
1 year ago

CVE-2019-10960 - Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be ...
4 years ago

From security to AI: factors that are driving industrial networking investment - Cisco Blogs - Making this point, the paper mentions, “Customers need to connect and protect their industrial assets with solutions that enable the convergence of networking and security, simplify and standardize network management, and leverage software ...
11 months ago Feedpress.me Patchwork

CVE-2023-4957 - A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by ...
1 year ago

Overcoming Technical Barriers in Desktop and Application Virtualization - As organizations increasingly embrace remote and hybrid work, desktop and application virtualization have become essential strategies for ensuring flexibility, scalability, and security. TruGrid SecureRDP provides a secure, scalable, and ...
2 months ago Bleepingcomputer.com

GE Historian Software Vulnerabilities Can be Exploited by Hackers - Hackers now have the capability to exploit vulnerabilities in General Electric’s (GE) Historian software. Such vulnerabilities could potentially be utilized for industrial espionage, disruption, or other malicious activities. The GE Historian ...
2 years ago Securityweek.com

CVE-2024-2637 - An authenticated local attacker who successfully exploited this vulnerability could insert and run arbitrary code using legitimate B&R software's. An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R ...
1 year ago Tenable.com