Archive for category Vulnerabilities

Rewterz Threat Advisory – CVE-2019-13945 – ICS: Undocumented access feature in Siemens SIMATIC PLCs Code Execution Vulnerability

Severity

Medium

Analysis Summary

There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. Using this functionality requires physical access to the UART interface during boot process.

Impact

Execution arbitrary code

Affected Vendors

Siemens

Affected Products

SIMATIC S7-1200 All versions

Remediation

Apply in depth defense:

https://assets.new.siemens.com/siemens/assets/api/uuid:411e91564a2d259ecd4b6c79b51f89c044b3de81/operational-guidelines-industrial-security-en.pdf


Rewterz Threat Advisory -CVE-2019-13945 – ICS: Siemens S7-1200 CPU

Severity

Medium

Analysis Summary

An attacker with physical access to the UART interface could access additional diagnostic functionality. Successful exploitation could compromise confidentiality, integrity, and availability of the affected system.

Impact

Exposed Dangerous Method or Function

Affected Vendors

Siemens

Affected Products

S7-1200: all versions

Remediation

Siemens recommends following workarounds and mitigations that users of the S7-122 CPU can apply to reduce the risk:

Ensure physical access protection.
Apply Defense-in-Depth.


Rewterz Threat Advisory – CVE-2019-13939 – ICS: Siemens Mentor Nucleus Networking Module

Severity

Medium

Analysis Summary

By sending specially crafted DHCP packets to a device, an attacker may be able to affect availability and integrity of the device. Attackers require adjacent network access to exploit this vulnerability, but do not require authentication or user interaction.

Impact

Improper Input Validation

Affected Vendors

Siemens

Affected Products

Mentor Nucleus Networking Module

Remediation

For the list of affected products, please see vendor’s advisory.

https://www.us-cert.gov/ics/advisories/icsa-19-318-01


Rewterz Threat Advisory – CVE-2019-11135 – Intel CPUs Vulnerable to Variant 2 of #ZombieLoad Attack

Severity

Medium

Analysis Summary

CVE-2019-11135 – TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

The flaw affecting the Processor Diagnostic Tool is tracked as ZombieLoad Variant 2, tracked as CVE-2019-11135, is related to Intel’s Transactional Synchronization Extensions (TSX), which is designed to improve performance for multi-threaded software. ZombieLoad Variant 2, which Intel has described as a Transactional Asynchronous Abort (TAA) vulnerability, affects all CPUs that support TSX and have the TAA_NO bit set to 0. ZombieLoad Variant 2 also works against Intel Xeon Gold server processors with Cascade Lake microarchitecture and Core i9 processors with Coffee Lake microarchitecture. An attacker who has access to a system running the tool can exploit the vulnerability to escalate privileges, obtain information, or cause a denial-of-service (DoS) condition.

Impact

  • Information Disclosure
  • Privilege Escalation
  • Denial of Service

Affected Vendors

Intel

Affected Products

  • 8th Generation Intel® Core™ Processors
  • 10th Generation Intel® Core™ Processor Family
  • Intel® Pentium® Gold Processor Series
  • Intel® Celeron® Processor 5000 Series
  • Intel® Xeon® Processor E Family
  • 9th Generation Intel® Core™ Processor Family
  • Intel® Xeon® W Processor Family
  • 2nd Generation Intel® Xeon® Scalable Processors

Remediation

  • Intel recommends that users of the affected Intel® Processors listed above, update to the latest firmware version provided by the system manufacturer that addresses these issues.
  • Intel recommends that users of Intel® Processor Diagnostic Tool update to version 4.1.3.35 or later.
  • https://downloadcenter.intel.com/download/19792/Intel-Processor-Diagnostic-Tool

Rewterz Threat Advisory – Update fixes IE 0-day RCE vulnerability and 74 other flaws in Microsoft Products

Severity

High

Analysis Summary

Microsoft has released November updates to fix 75 security flaws in multiple products.

CVE-2019-1429 – Scripting Engine Memory Corruption Vulnerability could allow an attacker to conduct a web-based attack via specially crafted web pages that exploits the vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Microsoft also fixed a publicly disclosed vulnerability in Microsoft Office for Mac titled “CVE-2019-1457 | Microsoft Office Excel Security Feature Bypass” that allows attackers to bypass security restrictions. If the Microsoft Excel for Mac option “Disable all macros without notification” is enabled, XLM macros in SYLK files are executed without prompting the user. “If Office for the Mac has been configured to use the “Disable all macros without notification” feature, XLM macros in SYLK files are executed without prompting the user. This behavior is consistent even with fully-patched Office 2016 and Office 2019 for Mac systems, says Will Dormann of the CERT/CC.

Below are other vulnerabilities that are fixed in this November update:

CVE-2019-1234Azure Stack Spoofing Vulnerability
ADV190024Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)
CVE-2019-1456OpenType Font Parsing Remote Code Execution Vulnerability
CVE-2019-1413Microsoft Edge Security Feature Bypass Vulnerability
CVE-2019-1373Microsoft Exchange Remote Code Execution Vulnerability
CVE-2019-1441Win32k Graphics Remote Code Execution Vulnerability
CVE-2019-1408Win32k Elevation of Privilege Vulnerability
CVE-2019-1439Windows GDI Information Disclosure Vulnerability
CVE-2019-1438Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2019-1407Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2019-1394Win32k Elevation of Privilege Vulnerability
CVE-2019-1393Win32k Elevation of Privilege Vulnerability
CVE-2019-1396Win32k Elevation of Privilege Vulnerability
CVE-2019-1395Win32k Elevation of Privilege Vulnerability
CVE-2019-1437Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2019-1432DirectWrite Information Disclosure Vulnerability
CVE-2019-1411DirectWrite Information Disclosure Vulnerability
CVE-2019-1440Win32k Information Disclosure Vulnerability
CVE-2019-1419OpenType Font Parsing Remote Code Execution Vulnerability
CVE-2019-1433Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2019-1436Win32k Information Disclosure Vulnerability
CVE-2019-1412OpenType Font Driver Information Disclosure Vulnerability
CVE-2019-1434Win32k Elevation of Privilege Vulnerability
CVE-2019-1435Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2019-1406Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-1445Microsoft Office Online Spoofing Vulnerability
CVE-2019-1449Microsoft Office ClickToRun Security Feature Bypass Vulnerability
CVE-2019-1446Microsoft Excel Information Disclosure Vulnerability
CVE-2019-1447Microsoft Office Online Spoofing Vulnerability
CVE-2019-1402Microsoft Office Information Disclosure Vulnerability
CVE-2019-1448Microsoft Excel Remote Code Execution Vulnerability
CVE-2019-1457Microsoft Office Excel Security Feature Bypass
CVE-2019-1443Microsoft SharePoint Information Disclosure Vulnerability
CVE-2019-1442Microsoft Office Security Feature Bypass Vulnerability
CVE-2019-1409Windows Remote Procedure Call Information Disclosure Vulnerability
CVE-2019-1426Scripting Engine Memory Corruption Vulnerability
CVE-2019-1429Scripting Engine Memory Corruption Vulnerability
CVE-2019-1427Scripting Engine Memory Corruption Vulnerability
CVE-2019-1428Scripting Engine Memory Corruption Vulnerability
CVE-2019-1390VBScript Remote Code Execution Vulnerability
CVE-2019-1383Windows Data Sharing Service Elevation of Privilege Vulnerability
CVE-2019-1418Windows Modules Installer Service Information Disclosure Vulnerability
CVE-2018-12207Windows Denial of Service Vulnerability
CVE-2019-1420Windows Elevation of Privilege Vulnerability
CVE-2019-1417Windows Data Sharing Service Elevation of Privilege Vulnerability
CVE-2019-1415Windows Installer Elevation of Privilege Vulnerability
CVE-2019-1374Windows Error Reporting Information Disclosure Vulnerability
CVE-2019-1422Windows Elevation of Privilege Vulnerability
CVE-2019-1423Windows Elevation of Privilege Vulnerability
CVE-2019-1424NetLogon Security Feature Bypass Vulnerability
CVE-2019-1382Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability
CVE-2019-1385Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVE-2019-1380Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2019-1388Windows Certificate Dialog Elevation of Privilege Vulnerability
CVE-2019-1391Windows Denial of Service Vulnerability
CVE-2019-1384Microsoft Windows Security Feature Bypass Vulnerability
CVE-2019-1405Windows UPnP Service Elevation of Privilege Vulnerability
CVE-2019-1381Microsoft Windows Information Disclosure Vulnerability
CVE-2019-1379Windows Data Sharing Service Elevation of Privilege Vulnerability
CVE-2019-1324Windows TCP/IP Information Disclosure Vulnerability
CVE-2019-1370Open Enclave SDK Information Disclosure Vulnerability
ADV990001Latest Servicing Stack Updates
CVE-2019-1425Visual Studio Elevation of Privilege Vulnerability
CVE-2019-1398Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-1310Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0719Hyper-V Remote Code Execution Vulnerability
CVE-2019-1399Windows Hyper-V Denial of Service Vulnerability
CVE-2019-1397Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-0712Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0721Hyper-V Remote Code Execution Vulnerability
CVE-2019-1389Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-1309Windows Hyper-V Denial of Service Vulnerability
CVE-2019-1392Windows Kernel Elevation of Privilege Vulnerability
CVE-2019-11135Windows Kernel Information Disclosure Vulnerability
CVE-2019-1430Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2019-1416Windows Subsystem for Linux Elevation of Privilege Vulnerability

Impact

  • Memory Corruption
  • Remote Code Execution
  • System Takeover
  • Security Bypass
  • Privilege Escalation
  • Information Disclosure
  • Denial of Service
  • Impersonation

Affected Vendors

Microsoft

Affected Products

  • Microsoft Edge
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft JET Database Engine
  • Microsoft Office
  • Microsoft Office SharePoint
  • Microsoft RPC
  • Microsoft Windows
  • Visual Studio
  • Windows Hyper-V
  • Windows Kernel
  • Windows Media Player
  • Windows Subsystem for Linux

Remediation

Install updates as soon as possible.

https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/Nov-2019.html


Rewterz Threat Advisory – CVE-2019-3648 – McAfee Patches Privilege Escalation Flaw in Antivirus Software

Severity

Medium

Analysis Summary

A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.

The LPE flaw now tracked as CVE-2019-3648 requires attackers to have Administrator privileges for exploitation. Threat actors regularly exploit DLL search-order hijacking flaws such as this as part of later stages of attacks after a machine was already infiltrated, when needing to elevate permissions to establish persistence and further compromise the targeted machine. Updates are available.

Impact

  • Privilege Escalation
  • Code Execution

Affected Vendors

McAfee

Affected Products

  • McAfee Total Protection (MTP)
  • McAfee Anti-Virus Plus (AVP)
  • McAfee Internet Security (MIS)

Remediation

Install or update to MTP version 16.0.R22 Refresh 1.

McAfee’s software will automatically update to the latest version. If McAfee’s software has not updated yet and you want to download the latest version, go to the Product Downloads site and download the latest update for your product. 


Copyright © Rewterz. All rights reserved.