Rewterz Threat Alert – Lokibot Malware – Active IOCs
July 14, 2021Rewterz Threat Alert – Nanocore Rat – Active IOCs
July 14, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
July 14, 2021Rewterz Threat Alert – Nanocore Rat – Active IOCs
July 14, 2021Severity
High
Analysis Summary
CVE-2021-31892
Due to an error in a third-party dependency, the SSL flags used for setting up a TLS connection to a server are overwritten with the wrong settings. This results in a missing validation of the server certificate and thus results in a possible TLS MITM scenario.
CVE-2021-31893
The affected software contains a buffer overflow vulnerability while handling certain files that may allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution.
CVE-2021-31894
An attacker could change the content of certain metafiles and subsequently manipulate parameters or the behavior of devices that would be later configured by the affected software.
CVE-2015-8011
A remote attacker can send specially crafted packets, which may cause a denial-of-service condition and arbitrary code execution.
CVE-2020-27827
A remote attacker sending specially crafted LLDP packets can cause memory to be lost when allocating data, which may cause a denial-of-service condition.
Impact
- Improper Certificate Validation
- Buffer Overflow
- Incorrect Permission Assignment
- Resource Consumption
Affected Vendors
Siemens
Affected Products
- SINAMICS STARTER (containing STEP 7 OEM version): All versions prior to v5.4 HF2
- SIMATIC PCS 7 V9.X: All versions
- SIMATIC NET CP 1545-1: All versions
- SIMATIC HMI Unified Comfort Panels: All versions prior to v17
- TIM 1531 IRC (incl. SIPLUS NET variants): All versions prior to v2.2
- SINUMERIK Analyze MyCondition: All versions
- SINUMERIK Analyze MyPerformance: All versions
- SINUMERIK Integrate for Production 5.1: Version 5.1
- SINUMERIK Manage My Tools: All versions
- SINUMERIK Optimize MyProgramming / NX-Cam Editor: All versions
Remediation
Refer to the vendor website for more information on affected products, patches, and upgrades https://us-cert.cisa.gov/ics/advisories