Skip to main content

Industrial HiVision 08.1.01 was released - News / Software Products - Hirschmann Support Center

APR 3 2020

Industrial HiVision 08.1.01 was released

Security Vulnerability Corrected in version 08.1.01

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

VulnerabilityDescription
Java CVE-2020-2583Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported                 versions that are affected are Java SE and Java SE Embedded. Difficult to exploit vulnerability allows                 unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.                 Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service                 (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2020-2590Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported                 versions that are affected are Java SE and Java SE Embedded. Difficult to exploit vulnerability allows                 unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful                 attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE,                 Java SE Embedded accessible data.
Java CVE-2020-2593Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported                 versions that are affected are Java SE and Java SE Embedded. Difficult to exploit vulnerability allows                 unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.                 Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of                 Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE                 Embedded accessible data.
Java CVE-2020-2601Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported                 versions that are affected are Java SE and Java SE Embedded. Difficult to exploit vulnerability allows                 unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While                 the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products.                 Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access                 to all Java SE, Java SE Embedded accessible data.
Java CVE-2020-2604Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported                 versions that are affected are Java SE and Java SE Embedded. Difficult to exploit vulnerability allows                 unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.                 Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.
Java CVE-2020-2654Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported                 versions that are affected is Java SE. Difficult to exploit    vulnerability allows unauthenticated attacker with                 network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result                 in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.
Java CVE-2020-2659Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported                 versions that are affected are Java SE and Java SE Embedded. Difficult to exploit vulnerability    allows                 unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.                 Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service                 (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2020-8840FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated                 by org.apache.xbean.propertyeditor.JndiConverter.
Java CVE-2020-9546FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and                 typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
Java CVE-2020-9547FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and                 typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
Java CVE-2020-9548FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and                 typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
Java CVE-2019-20330FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

    

 

New features in version 08.1.01

                     

  • Port Generation, When you create a new PSM, you can now use port mapping to control how the ports are  displayed in Industrial HiVision.                

       

Issues fixed in version 08.1.01

   

  • You can find the problems, workarounds and fixes related to this release in the issue list