All news with #integer overflow tag

⚠️ Dover Fueling Solutions disclosed critical vulnerabilities in its ProGauge MagLink LX4, LX4 Plus, and LX4 Ultimate tank monitors that may be exploited remotely. Identified issues include an integer overflow (CVE-2025-55068), a hard-coded cryptographic signing key (CVE-2025-54807), and non‑changeable weak default root credentials (CVE-2025-30519), with ratings up to CVSS v4 9.3. Affected firmware must be updated to 4.20.3 for LX4/LX4 Plus or 5.20.3 for LX4 Ultimate; operators are urged to minimize network exposure and place devices behind firewalls.

🔔 Siemens ProductCERT and CISA report multiple integer overflow vulnerabilities (CVE-2021-41990, CVE-2021-41991) affecting a broad set of SIMATIC NET CP, SINEMA and SCALANCE devices. Exploitation can cause denial-of-service by triggering integer wraparound; remote code execution is considered unlikely. Siemens provides firmware fixes and workarounds; operators should apply vendor updates, restrict network exposure and follow Siemens operational security guidance.