Posted by Web Editor in Rewterz News, Threats on June 28th, 2019
Severity
Medium
Analysis Summary
A malware sample from the recent compromise of a North American hospitality merchant and identified the malware as a variant of the Alina Point-of-Sale (POS) malware family. Alina dates back to at least 2013, and is one of many malware strains that possesses a Random Access Memory (RAM) scraper, which is specifically designed to steal payment account information from the memory, or RAM, of the targeted system.
Impact
Exposure of sensitive information
Indicators of Compromise
Malware Hash (MD5/SHA1/SH256)
Remediation
Block all threat indicators at your respective controls.
Posted by Web Editor in Rewterz News, Threats on June 28th, 2019
Severity
Medium
Analysis Summary
Several phishing campaigns leading to Trickbot where the attackers are base64 encoding the maldocs and delivering them as html attachments.
Impact
Exposure of sensitive information
Indicators of Compromise
Malware Hash (MD5/SHA1/SH256)
Remediation
Posted by Web Editor in Rewterz News, Vulnerabilities on June 28th, 2019
Severity
High
Analysis Summary
CVE-2019-10995 , CVE-2019-7225
The ABB CP651 HMI component implements hidden administrative accounts that are used during the provisioning phase of the HMI interface.
Impact
Unauthorized system access
Affected Vendors
ABB
Affected Products
CP651 HMI
Remediation
Vendor recommends to apply the update
Posted by Web Editor in Rewterz News, Vulnerabilities on June 28th, 2019
Severity
High
Analysis Summary
The affected firmware versions contain a hard-coded customer account password.
Impact
Affected Vendors
SICK
Affected Products
MSC800
Remediation
Vendor recommends affected users upgrade to the latest firmware version (v4.0).
Posted by Web Editor in Rewterz News, Vulnerabilities on June 28th, 2019
Severity
High
Analysis Summary
CVE-2019-7225
The ABB CP635 HMI component implements hidden administrative accounts used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool “Panel Builder 600” to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials.
CVE-2019-7226
The IDAL HTTP server CGI interface contains a URL, which allows an unauthenticated attacker to bypass authentication and gain access to privileged functions.
CVE-2019-7227
The IDAL FTP server fails to ensure directory change requests do not change to locations outside of the root FTP directory. An authenticated attacker can simply traverse outside the server root directory by changing the directory.
CVE-2019-7228
The IDAL HTTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server.
CVE-2019-7230
The IDAL FTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server.
CVE-2019-7232
The IDAL HTTP server is vulnerable to a stack-based buffer overflow when a large host header is sent in a HTTP request. The host header value overflows a buffer and can overwrite the Structured Exception Handler (SEH) address with a large chunk of data.
CVE-2019-7231
The IDAL FTP server is vulnerable to a buffer overflow when a large string is sent by an authenticated attacker. This overflow is handled, but terminates the process.
Impact
Affected Vendors
ABB
Affected Products
PB610 Panel Builder 600
Update to version
Posted by Web Editor in Rewterz News, Vulnerabilities on June 28th, 2019
Severity
High
Analysis Summary
CVE-2019-10985
A path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.
CVE-2019-10991
Multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE-2019-10989
Multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE-2019-10983
An out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information.
CVE-2019-10987
Multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE-2019-10987
Multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE-2019-10993
Multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.
Impact
Affected Vendors
Advantech
Affected Products
WebAccess/SCADA
Remediation
Advantech has released Version 8.4.1 of WebAccess/SCADA to address the reported vulnerabilities.
https://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download
Copyright © Rewterz. All rights reserved.
