Archive for category Vulnerabilities

Rewterz Threat Advisory – CVE-2019-16028 – Cisco Firepower Management Center

Severity

High

Analysis Summary

The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.

Impact

Authentication Bypass

Affected Vendors

Cisco

Affected Products

Cisco FMC Software

Remediation

Please refer to vendor’s advisory for the list of affected products and patches.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth


Rewterz Threat Advisory – CVE-2020-3119 – Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution

Severity

High

Analysis Summary

The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device.

Impact

Privilege Escalation

Affected Vendors

Cisco

Affected Products

  • Cisco Nexus 3000 Series Switches
  • Cisco Nexus 5500 Platform Switches
  • Cisco Nexus 5600 Platform Switches
  • Cisco Nexus 6000 Series Switches
  • Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode
  • Cisco Nexus 9000 Series Switches in standalone NX-OS mode

Remediation

Please refer to vendor’s advisory for the list of upgraded patches.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce


Rewterz Threat Advisory – ICS: Siemens SIMATIC CP 1543-1

Severity

High

Analysis Summary

CVE-2019-12815

An arbitrary file copy vulnerability in mod_copy of the embedded FTP server allows for remote code execution and information disclosure without authentication.

CVE-2019-18217

Incorrect handling of overly long commands in the embedded FTP server allow an attacker to cause a denial-of-service condition by entering an infinite loop.

Impact

  • Remote code execution
  • Information disclosure without authentication
  • Denial of service.

Affected Vendors

Siemens

Affected Products

SIMATIC CP 1543-1 all versions starting at 2.0 and prior to 2.2

Remediation

Update to latest Version 2.2


Rewterz Threat Advisory – ICS: Synergy Systems & Solutions HUSKY RTU

Severity

High

Analysis Summary

CVE-2019-20045

Specially crafted malicious packets could cause disconnection of active authentic connections or reboot of device.

CVE-2019-20046 

The affected product does not require adequate authentication, which may allow an attacker to read sensitive information or execute arbitrary code.

Impact

  • Read sensitive information
  • Execute arbitrary code
  • Denial-of-service

Affected Vendors

Synergy Systems & Solutions (SSS)

Affected Products

HUSKY RTU 6049-E70
with firmware Versions 5.0 and prior

Remediation

Upgrade to firmware Version 5.1.2 or higher.


Rewterz Threat Advisory – Adobe Releases Security Updates Fixing over 40 Vulnerabilities in Different Products

Severity

High

Analysis Summary

Analysis Summary

This update fixes twenty-one vulnerabilities in Adobe Framemaker.

Vulnerability CategorySeverityCVE Numbers
Buffer Error    CriticalCVE-2020-3734    
Heap Overflow    CriticalCVE-2020-3731CVE-2020-3735
Memory Corruption    CriticalCVE-2020-3739CVE-2020-3740    
Out-of-Bounds Write    CriticalCVE-2020-3720CVE-2020-3721CVE-2020-3722CVE-2020-3723CVE-2020-3724CVE-2020-3725CVE-2020-3726CVE-2020-3727CVE-2020-3728CVE-2020-3729CVE-2020-3730CVE-2020-3732CVE-2020-3733CVE-2020-3736CVE-2020-3737CVE-2020-3738    

 This update resolved seventeen vulnerabilities in Adobe Acrobat and Reader.

Vulnerability CategorySeverityCVE Number
Out-of-Bounds ReadImportantCVE-2020-3744CVE-2020-3747CVE-2020-3755    
Heap OverflowCriticalCVE-2020-3742
Buffer ErrorCriticalCVE-2020-3752CVE-2020-3754    
Use After FreeCriticalCVE-2020-3743CVE-2020-3745CVE-2020-3746CVE-2020-3748CVE-2020-3749CVE-2020-3750CVE-2020-3751    
Stack exhaustion    Moderate    CVE-2020-3753  CVE-2020-3756  
Privilege EscalationCriticalCVE-2020-3762CVE-2020-3763

A new update for Adobe Flash Player is available that fixes a Critical arbitrary code execution vulnerability.

Vulnerability CategorySeverityCVE Number
Type ConfusionCriticalCVE-2020-3757

Two vulnerabilities in Adobe Digital Editions have been fixed that could lead to information disclosure and arbitrary code execution.

Vulnerability CategorySeverityCVE Numbers
Buffer ErrorsImportantCVE-2020-3759 
Command Injection CriticalCVE-2020-3760

Adobe fixes a denial of service vulnerability in Adobe Experience Manager.

Vulnerability Category
 
Severity
 
CVE Number 
 
Uncontrolled Resource ConsumptionImportantCVE-2020-3741

Impact

  • Denial of Service
  • Information Disclosure
  • Arbitrary code execution
  • Memory Leak

Affected Vendors

Adobe

Affected Products

  • Adobe Framemaker 2019.0.4 and below
  • Acrobat DC & Acrobat Reader DC 2019.021.20061 and earlier versions for Windows & macOS
  • Adobe Flash Player Desktop Runtime 32.0.0.321 and earlier for Windows and macOS
  • Adobe Flash Player Desktop Runtime 32.0.0.314 and earlier for Linux
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 32.0.0.255 and earlier for Windows 10 and 8.1
  • Adobe Digital Editions 4.5.10 and below for Windows
  • Adobe Experience Manager 6.5 and 6.4 for all platforms
  • Acrobat & Acrobat Reader 2015.006.30508 and earlier versions for Windows & macOS
  • Acrobat for Windows 2017 & Acrobat Reader for MacOS 2017 2017.011.30156 and earlier versions
  • Adobe Flash Player for Google Chrome 32.0.0.321 and earlier for Windows macOS Linux and Chrome OS

Remediation

Apply following updates:

  • Adobe Framemaker 2019.0.5
  • The latest version of Adobe Acrobat and Reader.
  • Adobe Flash Player 32.0.0.330
  • Adobe Digital Editions 4.5.11
  • Latest version of Adobe Experience Manager


Rewterz Threat Advisory – ICS: CVE-2019-10923 – Siemens Industrial Real-Time (IRT) Devices Improper Input Validation Vulnerability

Severity

High

Analysis Summary

Updates have been released for a vulnerability in Siemens Industrial Real-time Devices. The vulnerability is exploitable remotely with a low skill level required to exploit it. It’s an improper input validation vulnerability. An attacker sending a specially crafted packet could break the real-time synchronization of the affected installation, which may cause a denial-of-service condition.
CVE-2019-10923 has been assigned to this vulnerability.

Impact

Denial-of-service

Affected Vendors

Siemens

Affected Products

  • CP1604/CP1616: All versions prior to 2.8
  • Development/Evaluation Kits for PROFINET IO
  • DK Standard Ethernet Controller: All versions prior to 4.1.1 Patch 05
  • EK-ERTEC 200: All versions prior to 4.5.0 Patch 01
  • EK-ERTEC 200P: All versions prior to 4.5.0
  • SCALANCE X-200IRT: All versions prior to 5.2.1
  • SIMATIC ET 200M: All versions
  • SIMATIC ET 200S: All versions
  • SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0): All versions
  • SIMATIC ET 200pro: All versions
  • SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0: All versions
  • SIMATIC S7-300 CPU family (incl. F): All versions
  • SIMATIC S7-400 (incl. F) v6 and below: All versions
  • SIMATIC S7-400 PN/DP v7 (incl. F): All versions
  • SIMATIC WinAC RTX (F) 2010: All versions prior to SP3
  • SIMOTION: All versions
  • SINAMICS DCM: All versions prior to 1.5 HF1
  • SINAMICS DCP: All versions prior to 1.3
  • SINAMICS G110M v4.7 (Control Unit): All versions prior to 4.7 SP10 HF5
  • SINAMICS G120 v4.7 (Control Unit): All versions prior to 4.7 SP10 HF5
  • SINAMICS G130 v4.7 (Control Unit): All versions prior to 4.7 HF29
  • SINAMICS G150 (Control Unit): All versions prior to 4.8
  • SINAMICS GH150 v4.7 (Control Unit): All versions
  • SINAMICS GL150 v4.7 (Control Unit): All versions
  • SINAMICS GM150 v4.7 (Control Unit): All versions
  • SINAMICS S110 (Control Unit): All versions
  • SINAMICS S120 v4.7 (Control Unit and CBE20): All versions prior to 4.7 HF34
  • SINAMICS S150 (Control Unit): All versions prior to 4.8
  • SCALANCE X-200IRT switch family (incl. SIPLUS NET variants): All versions prior to 5.2.1
  • SIMATIC ET 200M (incl. SIPLUS variants): All versions
  • SIMATIC ET 200S (incl. SIPLUS variants): All versions
  • SIMATIC ET 200pro (incl. SIPLUS variants): All versions
  • SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants): All versions
  • SIMATIC S7-400 (incl. F) v6 and below CPU family (incl. SIPLUS variants): All versions
  • SIMATIC S7-400 PN/DP v7 CPU family (incl. SIPLUS variants): All versions
  • SIMOTION (incl. SIPLUS variants): All versions
  • SINAMICS G120 v4.7 Control Unit (incl. SIPLUS variants): All versions prior to 4.7 SP10 HF5
  • SINAMICS S120 v4.7 Control Unit and CBE20 (incl. SIPLUS variants): All versions prior to 4.7 HF34
  • SINAMICS SL150 v4.7 (Control Unit): All versions prior to 4.7 HF33
  • SINAMICS SL150 v4.7 (Control Unit): All versions
  • SINAMICS SM120 v4.7 (Control Unit): All versions
  • SINUMERIK 828D: All versions prior to 4.8 SP5
  • SINUMERIK 840D sl: All versions

Remediation

Following updates are available.

  • CP1604/CP1616: Update to v2.8
  • Development/Evaluation Kits for PROFINET IO:
  • DK Standard Ethernet Controller: Update to v4.1.1 Patch 05
  • EK-ERTEC 200: Update to v4.5.0 Patch 01
  • EK-ERTEC 200: Update to v4.5.0 Patch 01
  • EK-ERTEC 200P: Update to v4.5.0
  • SCALANCE X-200IRT: Update to v5.4.2
  • SIMATIC WinAC RTX (F) 2010: Update to SP3, apply BIOS and Microsoft Windows updates
  • SINAMICS DCM: Update to v1.5 HF1
  • SINAMICS G110M v4.7 (Control Unit): Update to v4.7 SP10 HF5
  • SINAMICS G120 v4.7 (Control Unit): Update to v4.7 SP10 HF5
  • SINAMICS G130 v4.7 (Control Unit): Update to v4.7 HF29 or upgrade to v5.2 HF2
  • SINAMICS S120 v4.7 (Control Unit and CBE20): Update to v4.7 HF34 or upgrade to v5.2 HF2
  • SINAMICS DCP: Upgrade to v1.3

The following updates can be obtained from a Siemens representative or via Siemens customer service.

  • SINAMICS GH150 v4.7 (Control Unit): Upgrade to v4.8 SP2 HF9
  • SINAMICS GL150 v4.7 (Control Unit): Upgrade to v4.8 SP2 HF9
  • SINAMICS GM150 v4.7 (Control Unit): Upgrade to v4.8 SP2 HF9
  • SINUMERIK 828D: Update to v4.8 SP5
  • SINAMICS SL150 v4.7 (Control Unit): Update to v4.7 HF33

Additionally,

  • Restrict network access to Port 161/TCP of the affected product.
  • Disable SNMP in Versions 1 and 2c, if supported by the product.
  • Enable SNMP v3 if required and supported by the product to restrict the vulnerability to authenticated users.
  • Enable access protection and change default credentials for SNMP service, if possible.

Copyright © Rewterz. All rights reserved.