Rewterz Threat Alert – Fake Security Advisory used in cPanel Phishing Attack
August 11, 2020Rewterz Threat Advisory – CVE-2020-8597 – ICS: Siemens SCALANCE, RUGGEDCOM
August 12, 2020Rewterz Threat Alert – Fake Security Advisory used in cPanel Phishing Attack
August 11, 2020Rewterz Threat Advisory – CVE-2020-8597 – ICS: Siemens SCALANCE, RUGGEDCOM
August 12, 2020Severity
High
Analysis Summary
CVE-2020-7521
A vulnerability exists when accessing a vulnerable method of `FileUploadServlet` that may lead to uploading executable files to non-specified directories.
CVE-2020-7522
A vulnerability exists when accessing a vulnerable method of `SoundUploadServlet` that may lead to uploading executable files to non-specified directories.
Impact
Remote code execution
Affected Vendors
Schneider Electric
Affected Products
SFAPV9601 v2.0 and earlier
Remediation
Schneider Electric recommends users of versions below v2.1 to update to the latest version