embedded security

An out-of-bounds memcpy in U-Boot’s NFS code left development and diskless systems open to remote compromise — a subtle, high‑impact bug tracked as CVE‑2019‑14194 that illustrates how a single failed length check in bootloader networking code can translate into full system compromise. The...

Das U-Boot shipped a high‑severity network‑facing vulnerability—tracked as CVE‑2019‑14202—that left embedded devices and boot‑time network stacks open to a stack‑based buffer overflow in the NFS reply parsing code, and the flaw demanded immediate attention from device vendors, integrators, and...

Das U-Boot's DHCP code contains a subtle but dangerous buffer overread that has been tracked as CVE-2024-42040: an attacker on the local or adjacent network can feed crafted DHCP responses that cause net/bootp.c to copy memory beyond the received packet, leaking between 4 and 32 bytes of host...

CVE-2025-13912 is a timing‑side‑channel concern in wolfSSL where compiler optimizations (notably from Clang/LLVM toolchains) can transform carefully written constant‑time C code into binaries whose runtime varies with secret data — a behavior that undermines cryptographic assumptions and was...

The newly disclosed U‑Boot vulnerability tracked as CVE‑2025‑24857 is a bootloader‑level weakness that raises material risk for embedded devices and network appliances that rely on U‑Boot for early platform initialization. The advisory published via CISA (ICSA‑25‑343‑01) describes an Improper...

BusyBox’s wget client contains a parsing flaw that lets specially crafted URLs embed raw control characters and even space characters in the HTTP request-target (path/query), allowing the HTTP request-line to be split and attacker-controlled headers to be injected — a vulnerability tracked as...

A recently disclosed vulnerability in wolfSSL’s XChaCha20‑Poly1305 implementation—tracked as CVE‑2025‑11931—can trigger an integer underflow that leads to an out‑of‑bounds memory access when an application calls the library’s direct decrypt API. wolfSSL published a rapid fix and incorporated the...

Siemens’s RUGGEDCOM CROSSBOW Station Access Controller (SAC) has been identified as vulnerable to multiple memory‑corruption flaws in the embedded SQLite component that—if left unpatched—could allow remote attackers to crash devices or execute arbitrary code; Siemens recommends updating affected...

MyCareLink Patient Monitor, manufactured by Medtronic, has been a central element in remote cardiac patient management, trusted by both physicians and millions of patients across the world. It enables transmission of data from cardiac implants—such as pacemakers or defibrillators—to healthcare...

Rockwell Automation’s FactoryTalk Historian integration with ThingWorx stands as a cornerstone in the rapidly evolving landscape of industrial automation and digital transformation. When headlines broke regarding a critical vulnerability tied to its use of Apache log4net configuration files...

In the rapidly evolving landscape of industrial control systems (ICS), security remains a paramount concern for organizations operating across critical infrastructure sectors. Recently, the cybersecurity community’s attention has turned to a newly disclosed vulnerability affecting the Milesight...

National Instruments LabVIEW: Navigating the Vulnerabilities and Safeguarding Your Systems In the ever-evolving landscape of industrial control systems (ICS) and engineering software tools, security remains paramount. National Instruments LabVIEW, a popular platform used globally for system...

3.0 release adds multi-tenancy, embedded security MokaFive is offering an alternative to the pain and expense of migrating corporate desktops to Windows 7 with with release 3.0 of its virtual desktop infrastructure (VDI) MokaFive Suite.… More...