Archive for category Vulnerabilities

Rewterz Threat Advisory – CVE-2019-0330 – SAP Diagnostic Agent OS Command Injection Vulnerability

Severity

High

Analysis Summary

The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Impact

Privilege access

Affected Vendors

SAP

Affected Products

SAP Diagnostic Agent (LM-Service)version 7.2

Remediation

Apply SAP Note 2808158.


Rewterz Threat Advisory – CVE-2019-6827 – Schneider Electric Interactive Graphical SCADA System

Severity

Medium

Analysis Summary

An out-of-bounds vulnerability exists and could be exploited by the application processing a specially crafted project file. Exploitation could cause a software crash when data in the mdb database is manipulated or allow code execution.

Impact

Arbitrary code execution

Affected Vendors

Schneider Electric

Affected Products

Interactive Graphical SCADA System (IGSS)

Remediation

Schneider Electric recommends upgrading to Version 13.0.0.19140 or 14.0.0.19120.

http://igss.schneider-electric.com/products/igss/download/licensed-versions.aspx


Rewterz Threat Advisory Siemens SIMATIC RF6XXR Multiple Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2011-3389

The SSL protocol encrypts data by using CBC mode with chained initialization vectors, which may allow a man-in-the-middle attack to obtain plaintext HTTP headers.

CVE-2016-6329

Long-duration TLS sessions used with a 64-bit block cipher may allow remote attackers to obtain cleartext data.

CVE-2013-0169

Outdated versions of TLS and DTLS allow statistical analysis of timing data for crafted packets, which may allow remote attackers to conduct distinguishing and plaintext-recovery attacks.

Impact

Improper Input Validation

Affected Vendors

Siemens

Affected Products

  • Siemens RF615R
  • Siemens RF68XR

Remediation

Siemens recommends users upgrade to Version 3.2.1 or newer for both affected products.


Rewterz Threat Advisory – CVE-2019-10915 – Siemens TIA Administrator (TIA Portal) Improper Access Control Vulnerability

Severity

High

Analysis Summary

The integrated configuration web application (TIA Administrator) may allow an attacker to execute certain application commands without proper authentication.

Impact

Improper Access Control

Affected Vendors

Siemens

Affected Products

TIA Administrator (TIA Portal)

Remediation

Siemens recommends users to update to v1.0 or later:

update to v1.0 SP1 Upd1 or later


Rewterz Threat Advisory – CVE-2019-10935 – Siemens SIMATIC WinCC and PCS7 Information Disclosure Vulnerability

Severity

Medium

Analysis Summary

The SIMATIC WinCC DataMonitor web application of the affected products allows an authenticated user with network access to the WinCC DataMonitor application to upload arbitrary ASPX code.
Successful exploitation requires no user interaction and may impact the confidentiality, integrity, and availability of the affected device. The vulnerability is relevant only in situations where an attacker has access via the web interface but not to the directory structure.

Impact

Exposure of sensitive information

Affected Vendors

Siemens

Affected Products

  • SIMATIC WinCC and SIMATIC PCS7
  • SIMATIC PCS 7 v8.0: all versions
  • SIMATIC PCS 7 v8.1: all versions
  • SIMATIC PCS 7 v8.2: all versions prior to v8.2 SP1 with WinCC v7.4 SP1 Upd 11
  • SIMATIC PCS 7 v9.0: all versions prior to v9.0 SP2 with WinCC v7.4 SP1 Upd 11
  • SIMATIC WinCC Professional (TIA Portal v13): all versions
  • SIMATIC WinCC Professional (TIA Portal v14): all versions
  • SIMATIC WinCC Professional (TIA Portal v15): all versions
  • SIMATIC WinCC Runtime Professional v13: all versions
  • SIMATIC WinCC Runtime Professional v14: all versions
  • SIMATIC WinCC Runtime Professional v15: all versions
  • SIMATIC WinCC v7.2 and earlier: all versions
  • SIMATIC WinCC v7.3: all versions
  • SIMATIC WinCC v7.4: all versions prior to v7.4 SP1 Upd 11
  • SIMATIC WinCC v7.5: all versions prior to v7.5 Upd 3

Remediation

Siemens currently has updates for the following products:

SIMATIC PCS 7 v8.2: Update WinCC to v7.4 SP1 Upd 11
SIMATIC PCS 7 v9.0: Update WinCC to v7.4 SP1 Upd 11
SIMATIC WinCC v7.4: Update WinCC to v7.4 SP1 Upd 11
SIMATIC WinCC v7.5: Update WinCC to v7.5 Upd 3


Rewterz Threat Advisory – Delta Industrial Automation CNCSoft ScreenEditor Multiple Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2019-10982

Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap.

CVE-2019-10992

Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files.

Impact

  • Execution of arbitrary code
  • Information disclosure

Affected Vendors

Delta Electronics

Affected Products

CNCSoft ScreenEditor

Remediation

Vendor recommends to update to the latest version:

latest version of ScreenEditor, Version 1.00.94




Copyright © Rewterz. All rights reserved.